Tuesday, May 10, 2005

Have You Heard of ID Theft?

You have? Could you tell NBC for me?

Consider these quotes from today's (May 10, 2005) NBC Nightly News piece called "ID theft epidemic:"
  • "the massive problem of ID theft"
  • "a national crisis"
  • "a situation that's clearly out of control"
  • "yet another brazen scam"
  • "financial information swirling around in cyberspace"
  • "the exploding underworld of ID theft"
Why do they use such hyperbole?
Yes, I'm worried about criminals impersonating me. I know people who have had money stolen from their bank accounts. I've been amused and terrified by the CitiBank commercials. In fact, I don't know anyone who hasn't heard of ID theft. That's probably due in large part to the media.

Hyperbole is a most effectively used to persuade. Why does NBC think it needs to persuade me? Does it think that I need to call my senator or representative? But Congress is already responding. As Bill Nelson, Democratic Representative from Florida exclaimed in the NBC piece, "If we don't do something about this, Mr. Chairman, None of us is going to have any identify left!"

No identity left?
Sometimes I just appreciate print journalists. For example, in today's Boston Globe, David Abel wrote a story called "ATM cards pirated for plenty, police say." It contained information about who had been arrested and for what. It contained a graphic showing how the guy stole PINs and ATM card information (oh, and by the way NBC, PIN stands for Personal Information Number. Its just a PIN, not a PIN Number).
The story contained practical advice on how to prevent such ATM skimming with such low-tech methods as using your hand to hide the keypad as you punch in your PIN. There was no massive, exploding, brazen swirl in the story. Just the facts, Ma'am.

ID Cloning
I think so-called ID theft is more like ID cloning. After all, even if someone is pretending to be me, I'm still me, aren't I? I agree with Bruce Schneier in his essay, "Mitigating identity theft" in which he writes that identity theft is not theft at all, since an identity is not property to steal. It is impersonation using private information leading to fraud.

Schneier's bigger point is that that those who are trying to fix the problem concentrate too much on making personal data harder to steal when they should be working on how easy it is to commit fraud with personal data. He suggests that when financial institutions are liable for fraud losses, they will find solutions.

Not Valid with Signature
I agree with Schneier. Recently I used a credit card at Sears. I swiped my card and waited. The little card reader then told me to hand my card to the cashier. As I did, the cashier looked at me blankly and said, "What? I don't need that." Yes you do, Sears. You could be at the very least validating my signature on my card with the one on the screen.

But Congress is feeling the heat from the media as much as it is fanning the flames itself. Stung by such hard-hitting questions from TV journalists as "The question is, why hasn't more been done?" and the fear that there won't be any identities to vote for them, Congress will likely pass some kind of knee-jerk law that will require me to sign a pledge that I won't ever reveal my PIN to anyone, even criminals, and go merrily about their ways. Or worse, they'll come up with legislation that costs money but doesn't have any incentives to stop the fraud, and make it more expensive for me to go to the bank or use my credit card. It's been done before...

So, NBC, tone it down, OK? We get it. Give us a few more facts and a lot less hype.

No comments: