Credit Industry Strains to Stem Tide of Identity Theft

Identity theft has become the fastest growing type of fraud, and one of the more difficult to combat.

Those who have been impersonated - often by people armed with personal information like Social Security numbers, credit card accounts, and credit histories - have learned too well how difficult such a scam is to fight.

Consumer lenders and credit bureaus, facing the costs of identity fraud and concerned about their industry's image, have been able to mount only a tentative response.

"This problem has increased so much that, frankly, it is putting a strain on all of our systems to keep up with it," said Dennis Rice, director of compliance and fraud control services for Experian Inc., the credit information company formerly known as TRW.

The big three credit bureaus - Experian, Trans Union Corp., and Equifax Inc. - and most lenders do not track credit-identity fraud as a separate category.

MasterCard International Inc., one of the few companies that does, said losses from such activities amounted to $1.85 million for the first eight months this year, more than quadruple the $394,072 recorded in the comparable period of 1995.

However, Joel Lisker, MasterCard's senior vice president of security and risk management said, "I wouldn't suggest for a minute that this fraud isn't larger" than those statistics suggest.

Public consciousness of identity fraud spread in August and September after reports on television programs like "60 Minutes" and numerous articles in print media. The problem was also probed last April in congressional hearings.

More recently, Congress displayed its concern about personal privacy by asking the Federal Reserve Board and the Federal Trade Commission to investigate the use and collection of consumer information.

The FTC held a brainstorming session with business representatives, consumers, and consumer advocates in August, and plans another before the end of the year.

Also in August, U.S. Public Interest Research Group, a consumer advocacy organization, published a 40-page report on the subject, calling for stronger legislation covering credit bureaus. It was highly critical of lenders that extend credit without properly verifying the applicant's identity.

Some credit industry executives say all the attention is exaggerating the prevalence of identity fraud.

"Because it is so traumatic for so many people, it does contain all the magic ingredients of a good TV story," said Mr. Lisker.

Still, credit-identity fraud accounts for a tiny fraction of overall fraud losses. In MasterCard's case, the $1.85 million of identified losses is 0.4% of the $440 million MasterCard expects its members worldwide to lose through fraud in 1996. That projected total is $10 million less than was lost last year.

Industry executives believe the public outcry is driven, in part, by the fact the victims tend to be well-educated professionals with exemplary credit histories - above-average or upscale in many ways.

The fear seems to be that "if it could happen to them, it could happen to other people who are less sophisticated," said Mr. Lisker.

"The key to this whole thing is the credit report. It tells you my spending pattern and my limits, so (a thief) will choose a doctor over a janitor," said Alan Trosclair, vice president of fraud control at Visa U.S.A.

The attention to identity fraud has the credit industry on a hot seat, besieged by questions and accusations from legislators and angry consumers. Discussions of defensive strategies have taken on more urgency over the past two years as incidents have mushroomed.

Associated Credit Bureaus Inc., a Washington-based trade association, is looking at ways to limit access to credit reports, which are often cited as a rich source of information for scam artists.

The problem is that in some cases such individuals have legitimate or easy access to credit files. For instance, they may be employed by a company that purchases credit bureau data.

Some of the ideas credit bureaus are considering include frequently changing passwords for calling up individual reports; dedicating computer terminals to particular employees; and implementing biometric technology that would authorize the release of credit files when it determines through fingerprint or iris checks that the proper person is requesting the information.

Norman Magneson, a spokesman for the trade association, said the problem is that some of these ideas are "long-term solutions for a problem that is more immediate." According to the National Fraud Investigation Center, Ambler, Pa., identity fraud is growing at 40% a year.

Lenders are quick to blame credit bureaus, yet problems can arise from their own business practices.

"We realize that credit bureaus have to make changes that cost money. (But) it is fairly well known that these crooks have legitimate access to credit reports," said Mr. Lisker.

Both Visa and MasterCard said they are talking with the credit bureaus to fight this type of fraud. The associations said they have been addressing the problem with existing fraud prevention technology.

Diane Terry, Trans Union's director of fraud victim assistance, said the biggest increase in fraud is in so-called multiple victim cases: those involving criminals who work for a company that requests credit bureau data and pull information on hundreds of consumers.

"Criminals are not just picking one or two people," said Ms. Terry.

Executives from the bureaus said they want to begin specifically tracking credit-identity fraud, but it will take them perhaps six months to be ready.

Mr. Rice of Experian said he does not believe credit bureaus deserve most of the blame.

"We recognize that our data is one source of the problem, but it is extremely easy to get account information and Social Security numbers from other sources," said Mr. Rice.

So-called information brokers sell personal information to investigators, insurers, employers, and anyone else willing to pay the price, according to the report by the U.S. Public Interest Research Group.

Preapproved credit card offers present another opportunity to perpetrate identity fraud. When such a piece of mail is stolen, crooks call the credit card issuer to change the mailing address, and if the issuer does not carefully question the caller, a credit card is mailed to the new address.

Old-fashioned burglary is another means to obtain credit cards and other personal information. When Robert C. Houvener was a victim nearly two years ago, it sparked his entrepreneurial spirit. He formed Image Data in Nashua, N.H., with the sole purpose of developing a product to attack credit identity fraud.

Mr. Houvener was an engineer at Lockheed Martin Corp. when someone broke into his car and stole his briefcase. All his credit cards were inside, and one of them was being used within 15 minutes of the theft. "I thought it was ridiculous that they could steal something that easily," Mr. Houvener said. So he talked to a number of retailers about an idea he had to prevent thieves from making purchases using someone else's identity.

It involves a system whereby a merchant could verify a customer's identity by calling up a photograph on a computer screen when a check or credit card is presented at the point of sale. The photographs would rely, in part, on a data base from state departments of motor vehicles. Mr. Houvener was vague about the details of his system, as it has not yet reached the market. He plans to begin a pilot with a large retailer early next year.

"Imagine a system where (a thief) has fraudulent information and tries to use it but the wrong person's picture comes up," said Mr. Houvener.

Such a system would undoubtedly help reduce identity fraud. But perhaps more important is stopping thieves from obtaining the information in the first place - and protecting the victim's credit if the scam is successful.

Trans Union said it receives 1,400 calls a day from people claiming to be fraud victims. Experian doubled its fraud staff in the last two years to 19.

The number of calls to Equifax's fraud desk has increased from 450 a day a year ago to about 900 a day today.

The credit bureaus have different procedures for handling fraud victims, but they all provide a fraud alert statement which serves as a warning to lenders that the consumer has been a victim of fraud.

When a lender sees such a statement, which can stay in a file for seven years, it is supposed to call the consumer before issuing new credit in that person's name to verify that the credit was requested by the consumer and not someone else.

Consumer activists are advising people to request such statements as a precautionary measure regardless of whether they have actually been a victim. This is causing some consternation for credit bureaus.

"If a lot of people have that message, then some might be ignored. It could dilute the (power) of the message," said Mr. Rice.

Moreover, he said, if lenders were forced to contact every consumer with a fraud statement it would take a lot of time and manual intervention, and ultimately work against consumers who are accustomed to getting instant credit.

As the credit industry grapples with credit identity fraud, its deliberate approach does not mirror the panic portrayed in many of the media reports.

"Account takeover is increasing because it is a new type of fraud," said Mr. Trosclair. "We have to build a system to break that down."'

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER