Call Ralph Nader: Companies Don't Care About Identity Theft Because It's Cheaper To Just Clean Up The Mess If It Happens

from the class-action,-the-movie dept

Mon, Apr 12th 2010 6:57am — Dennis Yang

Willton writes "Daniel Solove highlights a paper written by Chris Hoofnagle about how one of the reasons identity theft happens is because companies have made the economic decision to let it happen.

In the post, Solove compares the identity theft situation to the famous case involving an accident due to a defect in a Ford Pinto, in which it came to light that Ford knew about the design defect in the car but ignored it because it calculated that paying damages in lawsuits would be less than fixing the design flaw."

Of course, in the case of the Pinto, the scandalous cost-benefit analysis in question led to 27 deaths, whereas identity theft, at least, hasn't resulted in anyone's death (hopefully). However, there is a significant cost to the victim in time, mental anguish, and inconvenience, none of which ever really hits the bottom line of the company involved. That said, since the Identity Theft Enforcement and Restitution Act was passed in 2007, it is now possible to sue scammers for the time and effort spent to repair one's life after identity theft. If there is gross negligence on the part of a company that contributes to identity theft, perhaps a future class action lawsuit over this issue is not too far off.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: identity theft

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 12 Apr 2010 @ 7:06am

This shouldn't be clasified under "Rumors..." more likely it should be listed under "I thought everyone knew this..."
[ link to this | view in chronology ]
Anonymous Coward, 12 Apr 2010 @ 7:12am

so companies can make the cost benefit judgement on identity theft but they cannot make it on willful copyright or patent infringement? more stories from the techdirt lala land.
[ link to this | view in chronology ]
- Anonymous Coward, 12 Apr 2010 @ 7:28am
  
  Re:
  Being bad at cost/benefit analysis does not mean you are incapable of trying. Also, different methods are used to calculate costs and benefits with real objects (like Ford Pintos) and ideas (Method to do something obvious).
  [ link to this | view in chronology ]
- ChurchHatesTucker (profile), 12 Apr 2010 @ 7:47am
  
  Re:
  "so companies can make the cost benefit judgement on identity theft but they cannot make it on willful copyright or patent infringment?"
  
  Yes, in both cases large companies with lawyers on staff find it cheaper to litigate than innovate. What's confusing you?
  [ link to this | view in chronology ]
  - Anonymous Coward, 12 Apr 2010 @ 9:25am
    
    Re: Re:
    masnick dismissed the other one as "one of the most ridiculous analyses of the current patent situation". he cant have it both ways but he tries to.
    [ link to this | view in chronology ]
    - nasch (profile), 12 Apr 2010 @ 12:40pm
      
      Re: Re: Re:
      You're not making sense. In the patent case, Mike disagrees with the claim that most patent infringement is a matter of a company knowingly infringing after determining the benefit is worth the potential cost. In this story, he reports that many companies decide not to do anything about identity theft because it's cheaper not to.
      
      Just because they both involve a cost-benefit analysis doesn't mean they have anything to do with one another.
      [ link to this | view in chronology ]
      - Anonymous Coward, 12 Apr 2010 @ 7:27pm
        
        Re: Re: Re: Re:
        basically all companies are smart enough to cost benefit identity theft issues but not smart enough to cost benefit intentional infringement? so companies can only be smart the agreed techdirt way?
        [ link to this | view in chronology ]
        
        Anonymous Coward, 13 Apr 2010 @ 6:19am
        
        Re: Re: Re: Re: Re:
        I think your little crusade here is turning into some kind of psychopathic compulsive obsession with Mike contradicting himself. Is your bedroom covered in wallpaper clippings of Mike?
        [ link to this | view in chronology ]
Bradley Stewart, 12 Apr 2010 @ 7:29am

Sue Their Pants Off
No company can think of or prevent the ingenuity of every thief on the Internet. My feeling is if they don't take every reasonable precaution to prevent these actions by these people it should without question cost them a lot more not only in fines but restitution to the consumer. It should cost them enough so that it hurts a lot. It's the only way these people will get the message. "No More Mister Nice Guy."
[ link to this | view in chronology ]
- Dark Helmet (profile), 12 Apr 2010 @ 7:33am
  
  Re: Sue Their Pants Off
  You MUST be a lawyer. If the answer is ever "we need more lawsuits", then the question sucks....
  [ link to this | view in chronology ]
  - Bradley Stewart, 12 Apr 2010 @ 8:34am
    
    Re: Re: Sue Their Pants Off
    Dark Helmet I may be just a bit biased as anything that I have ever gotten in my life of any financial value I have had to sue for. I admit that it is a pain in the neck but it usually works. My motto for decades has been "That's not the figure I'm thinking of".
    [ link to this | view in chronology ]
    - Dark Helmet (profile), 12 Apr 2010 @ 8:38am
      
      Re: Re: Re: Sue Their Pants Off
      Really? Everything you've ever gotten of financial value in your LIFE you've had to sue for? I'm not even trying to be an ass here, I'm just seriously surprised that such a statement could ever be uttered.
      
      Your life would likely be an awesome basis for a novel....
      [ link to this | view in chronology ]
      - ChurchHatesTucker (profile), 13 Apr 2010 @ 8:05am
        
        Re: Re: Re: Re: Sue Their Pants Off
        "Your life would likely be an awesome basis for a novel...."
        
        A Boy Named Sue
        [ link to this | view in chronology ]
    - The Groove Tiger (profile), 12 Apr 2010 @ 10:21am
      
      Re: Re: Re: Sue Their Pants Off
      Have you tried contributing something to society instead? Like, getting a job maybe. Then you'll buy a car or a house, you know, get something of financial value without having to sue somebody.
      [ link to this | view in chronology ]
    - Anonymous Coward, 12 Apr 2010 @ 1:53pm
      
      Re: Re: Re: Sue Their Pants Off
      Dark Helmet I may be just a bit biased as anything that I have ever gotten in my life of any financial value I have had to sue for.
      
      That's the future of America: living by lawsuits. The only kind of school worth going to in America any more is law school.
      [ link to this | view in chronology ]
Steven (profile), 12 Apr 2010 @ 7:37am

Simple solution
I've always wondered why we don't just make the company accepting payment responsible for the loss. If somebody walks into my bank, claims to be me, and walks out with all my money, the bank should be responsible for that loss.

If retailers had that responsibility put on them they would push the credit card companies to find solutions.

Basically if I claim a charge/withdrawal/... to be fraudulent the burden of proof should be on the entity that accepted payment. If they can't prove (I'm thinking civil levels of proof) I authorized the funds they must restore them.
[ link to this | view in chronology ]
- Anonymous Coward, 12 Apr 2010 @ 7:47am
  
  Re: Simple solution
  Corporations are exempted from being responsible for anything other than profits.
  [ link to this | view in chronology ]
- Anonymous Coward, 12 Apr 2010 @ 11:27am
  
  Re: Simple solution
  Retailers ARE responsible for credit card fraud, a form of identify theft. The retailers have little leverage against the card companies such as Visa. Visa could care less if a single small merchant stopped taking Visa whereas a small retailer might end up out of business if they stopped taking credit cards.
  
  Leverage is only available when there are alternate solutions that can be used.
  [ link to this | view in chronology ]
Steve R. (profile), 12 Apr 2010 @ 7:56am

Credit Card Security
Why is it that credit card companies will sell you "protection", but don't seem to actually implement security features?

It also presents an apparent conflict of interest. You don't get protection unless you pay, but the credit card companies at the same time claim to protect you!!!! Doesn't make sense from the security point of view, but does point to dishonest marketing to make extra $$$.

Anyway, I have noticed some recent simple security measures that could have been implement years ago. The gas pumps now ask for your zip code. Also when a large $$$ purchase was made, we did receive a call from the credit card company verifying our purchase. But overall, I would have to agree based on anecdotal experience that private companies really do NOT care about security.
[ link to this | view in chronology ]
Anonymous Coward, 12 Apr 2010 @ 8:30am

Why don't we pass a law making every person a corporation.
Then maybe, we(real citizens for whom the Constitution was intended to protect) would at last have equal rights with these corporate inventions.
Of course, only temporarily, until they pool their resources(ie. money and lobbyists) to buy off our politicians and change the laws back in their favor.
[ link to this | view in chronology ]
TheOldFart, 12 Apr 2010 @ 8:49am

Yesterday's news, isn't it?
Want easy proof? Try to find a link/e-mail address anywhere to report online fraud.

You know, try to report blatant stuff like sites with faked "trust" logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity.

There isn't any that I've ever found, and I've looked many times.

Back in the mid to late 1990's I found a scam website in Florida (where they all seem to live/be hosted) The guy was pretending to sell cell phone contracts, but his database was stored in .csv format and accessible to anyone with a web browser. Names, addresses, home phone numbers, work phone nummbers, credit card issuer name and credit card numbers and e-mail addresses.

The number of people who cared? One and that was me. The number of people who didn't care. Florida attorney general. FTC. Visa. Mastercard. Discover. American Express. Citibank.

The site operated for nearly a year and a half. I periodically downloaded the .csv file and I bcc'ed e-mails to all the new addresses that showed up (about 50 per month or so) explaining to them that they had been scammed and that their personal information is exposed to the entire world.

What'd that get me? 100% of the people who responded accused me of being the one to steal their personal information. Apparently a lot of rocket scientists needed cell phones that year.

Within a month after my mom died, Visa both mailed and phoned us to let us know that if we'd like to continue making payments on the $1,200 balance on her credit card (i.e. her unsecured, personal loan) that we could contact them at these addresses and phone numbers. I think that was the first time I used the "c" word on a female cold caller and to this day I'm glad I did.

So, 2010 comes along and the credit card companies are still dishonest, greedy, unethical organizations and don't care about identity theft. What has changed? The US government is now deeply in cahoots with them because, as the US government puts it, "it's convenient"

http://www.irs.ustreas.gov/efile/article/0,,id=101316,00.html

Do you notice anything there? Do you notice any of those "concerned government entity" type disclaimers that say "Here are the pros AND CONS of paying by credit card"? No warnings?

Notice it's not until several pages down that you find out that in addition to your taxes you'll pay a "Credit or Debit Card Convenience Fee"?

So the US government plays along with their marketing approach "look how convenient it is" while downplaying the costs...

Any idea how much money the credit card issuers make if 0.5% of US income taxes get paid by credit card?

That's right, as the economy crashes, the government continues to receive in the tax money even when the people don't have any money to give *and* the credit card companies get to show a big profit even though the economy is in the shitter.

Sound like any present day scenarios?
[ link to this | view in chronology ]
- PaulT (profile), 12 Apr 2010 @ 10:09am
  
  Re: Yesterday's news, isn't it?
  "You know, try to report blatant stuff like sites with faked "trust" logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity."
  
  Erm, you mean phishing sites?
  
  http://www.us-cert.gov/nav/report_phishing.html
  
  http://www.google.com/safebrowsing/repo rt_phish/
  
  http://www.irs.gov/privacy/article/0,,id=179820,00.html
  
  http://www.onguardonline.gov /file-complaint.aspx
  
  "There isn't any that I've ever found, and I've looked many times."
  
  Try harder next time. Those were just the first few results that looked trustworthy from a Google search, and I'm sure that most major banks & retailers have phishing report links on their sites.
  
  You will also probably find that things have vastly improved in the decade since your unfortunate experience in the late 90s, as have most things regarding the internet and security.
  [ link to this | view in chronology ]
  - TheOldFart, 12 Apr 2010 @ 2:03pm
    
    Re: Re: Yesterday's news, isn't it?
    Those sites aren't created by or supported by the credit card companies and for the most part do nothing about reports unless they receive many reports on the same issue. Google simply updates their spam filters with the address of the phishing sites reported there. The IRS website deals only with federal incoming tax related phishing scams, it has nothing to do with credit cards. Show me the link on onguardonline.gov where you can report a phishing attempt to a proactive site operated by a credit card issuer.
    
    You can't because there isn't one.
    
    Or are you suggesting that banks should operate like credit card issuers and wait until enough people have reported a bank robbery to a government site before the government decides it has passed a threshold and reports it to bank so that they can then call the police to investigate the robbery?
    
    That's pretty much how it works. Bank gets robbed, it costs them money that they can't recoup, therefore they are proactive and hire guards and install security systems. A bank can't just send letters to all the people it has loaned money to and say "Sorry, we had some guys walk into our open vault when no one was around and they walked out with a bunch of money so we have to raise your student loan interest rates by 3%".
    
    Credit cards get phished and the credit card issuers don't give a shit about what it costs their customers in terms of time, money or inconvenience. They don't have to give a shit about any of it because the next month they simply issue a new addition or amendment to their card holder's agreement telling every single one of them that they now have to pay an extra 3% in order to pay for phishing losses last quarter.
    [ link to this | view in chronology ]
Rob.Etler (profile), 12 Apr 2010 @ 9:10am

Hmmm, wonder if Nader's Raiders could see a comeback. Probably not, but a guy can dream.
[ link to this | view in chronology ]
Terri, 12 Apr 2010 @ 11:04am

Real protection?
Todd Davis wonders why he's been scammed so many times even though he's the CEO of Lifelock. After reading this he's just plain stupid!

http://blogs.myspace.com/index.cfm?fuseaction=blog.view&friendId=388730644&blogId =532659819
[ link to this | view in chronology ]
Anonymous Coward, 12 Apr 2010 @ 11:18am

Sure, you can report fraud, but does anything ever happen? Does it produce results? I doubt it. So what is the point of reporting it?
[ link to this | view in chronology ]
alina orozco, 13 Apr 2010 @ 11:20am

hacker for hire
i hired a hacker to find out if my husband is cheating me. he hacked the email and gave me evidence that my husband is a real pain in my ***. i can recommend to you his email. his email is hacker4hire@hackermail.com
[ link to this | view in chronology ]
Overcast (profile), 20 Apr 2010 @ 1:52pm

Perhaps - but I recall many of the companies who have lost data over the years.... I wouldn't even CONSIDER using their services.
[ link to this | view in chronology ]
Jennifer Rademacher, 8 Jun 2010 @ 3:14pm

ID Theft
With all the corporate greed going on nowadays, it’s not surprising that companies don’t care at all about the consumer. But what about identity theft protection services? Does it work?
[ link to this | view in chronology ]
Mary Hillerby, 11 Sep 2011 @ 9:46pm

Identity theft
Yes corporations can become cynical with regard to the cost versus the benefit of identity fraud, but are they smart enough to figure the consequences therefore the level of risk?
Seems a stupid attitude to me, especially when you realise that if they take action it will help the cause. But private individuals shouldn't be too casual about it either - there are a number of examples out there where people have had trouble with the IRS because of identity fraud and as someone mentioned above it is stressful. So at least go find a cross-cut shredding machine etc. and deal with your own security
[ link to this | view in chronology ]
Katherine Waters, 28 Mar 2013 @ 10:55am

Identity Theft
Companies have security holes big enough to drive a truck through. It's not wonder that so many people get their identities stolen in the huge data breeches. Seems like it happens every day and not just to companies. Colleges are really bad at it, too.
[ link to this | view in chronology ]