Government, Industry Taking Sharper Aim at ID Theft


If you can't beat 'em, join 'em -- if only to keep an eye on 'em.


That's the idea behind one interesting feature of Affinion Security Center's Identity Secure theft prevention service. The service monitors hacker marketplaces to see if a specific identity is being bought or sold. The piece says that IdentitySecure, which includes a number of other features, is available to organizations for use by their clients or customers but isn't sold directly to consumers.


There is something compelling about the creativity of Affinion -- a company that has been in the credit protection game for decades -- in that it proactively seeks to make sure identities aren't being misused.


Another bit of good news is that identity theft is becoming a more serious crime. Last week, it was reported at IT Business Edge and elsewhere that the Senate and House had passed the Identity Theft Enforcement and Restitution Bill and sent it to Present Bush. The bill lets ID theft victims seek restitution in court, eliminates the $5,000 minimum amount required for criminal charges, makes it a felony to install malware or spyware on more than 10 computers, and lets the feds track ID theft cases even if they don't cross state lines.


Whatever good news there is should be enjoyed, because there isn't much. In addition to the fact that identities keep disappearing, the TowerGroup found that less than one-third of U.S. banks are likely to fully comply with "Red Flags Rules" that take effect on Nov. 1. This piece says that the rules -- officially called the Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Transactions Act of 2003 (no wonder they cam up with a nickname) -- focus on implementation of technology and procedural frameworks to reduce fraud. More than $200 million will be spent by financial institutions on the rules, the firm says.


Microsoft has come out strongly for a plan that it says can help cut identity theft. InformationWeek reports that the company has authored a white paper backing an approach under development by the Information Card Foundation (ICF). The consortium's members also include Equifax, Google, Deutsche Telecom, Intel, Novell, Oracle and PayPal. The group's Information Cards are part of a digital identification system that relies on third-party identification providers. The story says that the card offers authentication without transmission of the owner's name and password and uses the minimum amount of sensitive information.


An interesting take on the identity theft issue was offered this week at a Government Technology Magazine event in Albany N.Y. The keynote speaker was Frank Abagnale, the subject of Catch Me If You Can, a 2002 movie that was directed by Steven Spielberg and starred Leonardo DiCaprio. Abagnale, who used fake identities to steal millions of dollars and who spent time in jails in the U.S., France and Sweden, gave tips on protecting identities. People should shred sensitive documents, monitor but don't freeze credit, and use credit cards instead of checks or debit cards.


Identity theft will be part of the landscape for the foreseeable future. Great efforts -- on the part of corporations, the government and users -- can reduce the frequency with which it happens and to some extent cushion the blow when it does.