Chris Hoofnagle of the University of California, Berkeley, has published a paper measuring identity theft at banks in the US. The paper ranks the top institutions in the US based on their relative incident of identity theft (as reported by consumers to the FTC). Special attention is paid to financial institutions.

Currently, banks do not publicly disclose incidents of identity theft, though they are now mandated to publicly disclose a data breach. However, since not all data breaches lead to identity theft, the picture is incomplete for consumers wishing to make informed decisions about their banking.

As part of a multiple strategy approach to obtaining more actionable data on identity theft, the Freedom of Information Act was used to obtain complaint data submitted by victims in 2006 to the Federal Trade Commission. This complaint data identifies the institution where impostors established fraudulent accounts or affected existing accounts in the name of the victim. The data show that some institutions have a far greater incidence of identity theft than others.

Facts from the paper:

  • 88,560 complaints affecting 46,262 institutions were obtained from the FTC for the analysis (banking & otherwise)
  • Institutions with highest frequency of complaints: Bank of America, AT&T, Spring/Nextel
  • The top 25 institutions out of the 46,262 account for 49.9% of identity theft complaints
  • Estimated events divided by total deposits at financial institutions shows that HSBC, Bank of America and Washington Mutual have he highest incidence of fraud
  • ING has the lowest incidence of identity theft, with only a single event

Of course, information is limited and thus the methodology of the paper is not flawless. However, it does shed light on some interesting figures and, perhaps more importantly, on the pressing need for more publicly disclosed information related to identity theft. Why do all this? Chris Hoofngale says:

Consumers, regulators, and businesses lack objective tools to compare incidence of identity theft across financial and other institutions targeted by fraudsters. Without such tools, consumers cannot “vote with their feet” and choose safer institutions, regulators cannot allocate oversight and enforcement resources to high-risk institutions and practices, and businesses themselves cannot assess how well they perform relative to competitors in fighting this crime. While competition is a powerful force for consumer protection, the lack of information about identity theft makes the market less effective in
creating a race to the top among institutions to shield consumers from fraud.

Download the paper here [PDF]

Via emergent chaos Tags: , , , , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati