Call Ralph Nader: Companies Don't Care About Identity Theft Because It's Cheaper To Just Clean Up The Mess If It Happens
from the class-action,-the-movie dept
Willton writes "Daniel Solove highlights a paper written by Chris Hoofnagle about how one of the reasons identity theft happens is because companies have made the economic decision to let it happen.In the post, Solove compares the identity theft situation to the famous case involving an accident due to a defect in a Ford Pinto, in which it came to light that Ford knew about the design defect in the car but ignored it because it calculated that paying damages in lawsuits would be less than fixing the design flaw."
Of course, in the case of the Pinto, the scandalous cost-benefit analysis in question led to 27 deaths, whereas identity theft, at least, hasn't resulted in anyone's death (hopefully). However, there is a significant cost to the victim in time, mental anguish, and inconvenience, none of which ever really hits the bottom line of the company involved. That said, since the Identity Theft Enforcement and Restitution Act was passed in 2007, it is now possible to sue scammers for the time and effort spent to repair one's life after identity theft. If there is gross negligence on the part of a company that contributes to identity theft, perhaps a future class action lawsuit over this issue is not too far off.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: identity theft
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Yes, in both cases large companies with lawyers on staff find it cheaper to litigate than innovate. What's confusing you?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Just because they both involve a cost-benefit analysis doesn't mean they have anything to do with one another.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Sue Their Pants Off
[ link to this | view in chronology ]
Re: Sue Their Pants Off
[ link to this | view in chronology ]
Re: Re: Sue Their Pants Off
[ link to this | view in chronology ]
Re: Re: Re: Sue Their Pants Off
Your life would likely be an awesome basis for a novel....
[ link to this | view in chronology ]
Re: Re: Re: Re: Sue Their Pants Off
A Boy Named Sue
[ link to this | view in chronology ]
Re: Re: Re: Sue Their Pants Off
[ link to this | view in chronology ]
Re: Re: Re: Sue Their Pants Off
That's the future of America: living by lawsuits. The only kind of school worth going to in America any more is law school.
[ link to this | view in chronology ]
Simple solution
If retailers had that responsibility put on them they would push the credit card companies to find solutions.
Basically if I claim a charge/withdrawal/... to be fraudulent the burden of proof should be on the entity that accepted payment. If they can't prove (I'm thinking civil levels of proof) I authorized the funds they must restore them.
[ link to this | view in chronology ]
Re: Simple solution
[ link to this | view in chronology ]
Re: Simple solution
Leverage is only available when there are alternate solutions that can be used.
[ link to this | view in chronology ]
Credit Card Security
It also presents an apparent conflict of interest. You don't get protection unless you pay, but the credit card companies at the same time claim to protect you!!!! Doesn't make sense from the security point of view, but does point to dishonest marketing to make extra $$$.
Anyway, I have noticed some recent simple security measures that could have been implement years ago. The gas pumps now ask for your zip code. Also when a large $$$ purchase was made, we did receive a call from the credit card company verifying our purchase. But overall, I would have to agree based on anecdotal experience that private companies really do NOT care about security.
[ link to this | view in chronology ]
Then maybe, we(real citizens for whom the Constitution was intended to protect) would at last have equal rights with these corporate inventions.
Of course, only temporarily, until they pool their resources(ie. money and lobbyists) to buy off our politicians and change the laws back in their favor.
[ link to this | view in chronology ]
Yesterday's news, isn't it?
You know, try to report blatant stuff like sites with faked "trust" logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity.
There isn't any that I've ever found, and I've looked many times.
Back in the mid to late 1990's I found a scam website in Florida (where they all seem to live/be hosted) The guy was pretending to sell cell phone contracts, but his database was stored in .csv format and accessible to anyone with a web browser. Names, addresses, home phone numbers, work phone nummbers, credit card issuer name and credit card numbers and e-mail addresses.
The number of people who cared? One and that was me. The number of people who didn't care. Florida attorney general. FTC. Visa. Mastercard. Discover. American Express. Citibank.
The site operated for nearly a year and a half. I periodically downloaded the .csv file and I bcc'ed e-mails to all the new addresses that showed up (about 50 per month or so) explaining to them that they had been scammed and that their personal information is exposed to the entire world.
What'd that get me? 100% of the people who responded accused me of being the one to steal their personal information. Apparently a lot of rocket scientists needed cell phones that year.
Within a month after my mom died, Visa both mailed and phoned us to let us know that if we'd like to continue making payments on the $1,200 balance on her credit card (i.e. her unsecured, personal loan) that we could contact them at these addresses and phone numbers. I think that was the first time I used the "c" word on a female cold caller and to this day I'm glad I did.
So, 2010 comes along and the credit card companies are still dishonest, greedy, unethical organizations and don't care about identity theft. What has changed? The US government is now deeply in cahoots with them because, as the US government puts it, "it's convenient"
http://www.irs.ustreas.gov/efile/article/0,,id=101316,00.html
Do you notice anything there? Do you notice any of those "concerned government entity" type disclaimers that say "Here are the pros AND CONS of paying by credit card"? No warnings?
Notice it's not until several pages down that you find out that in addition to your taxes you'll pay a "Credit or Debit Card Convenience Fee"?
So the US government plays along with their marketing approach "look how convenient it is" while downplaying the costs...
Any idea how much money the credit card issuers make if 0.5% of US income taxes get paid by credit card?
That's right, as the economy crashes, the government continues to receive in the tax money even when the people don't have any money to give *and* the credit card companies get to show a big profit even though the economy is in the shitter.
Sound like any present day scenarios?
[ link to this | view in chronology ]
Re: Yesterday's news, isn't it?
Erm, you mean phishing sites?
http://www.us-cert.gov/nav/report_phishing.html
http://www.google.com/safebrowsing/repo rt_phish/
http://www.irs.gov/privacy/article/0,,id=179820,00.html
http://www.onguardonline.gov /file-complaint.aspx
"There isn't any that I've ever found, and I've looked many times."
Try harder next time. Those were just the first few results that looked trustworthy from a Google search, and I'm sure that most major banks & retailers have phishing report links on their sites.
You will also probably find that things have vastly improved in the decade since your unfortunate experience in the late 90s, as have most things regarding the internet and security.
[ link to this | view in chronology ]
Re: Re: Yesterday's news, isn't it?
You can't because there isn't one.
Or are you suggesting that banks should operate like credit card issuers and wait until enough people have reported a bank robbery to a government site before the government decides it has passed a threshold and reports it to bank so that they can then call the police to investigate the robbery?
That's pretty much how it works. Bank gets robbed, it costs them money that they can't recoup, therefore they are proactive and hire guards and install security systems. A bank can't just send letters to all the people it has loaned money to and say "Sorry, we had some guys walk into our open vault when no one was around and they walked out with a bunch of money so we have to raise your student loan interest rates by 3%".
Credit cards get phished and the credit card issuers don't give a shit about what it costs their customers in terms of time, money or inconvenience. They don't have to give a shit about any of it because the next month they simply issue a new addition or amendment to their card holder's agreement telling every single one of them that they now have to pay an extra 3% in order to pay for phishing losses last quarter.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Real protection?
http://blogs.myspace.com/index.cfm?fuseaction=blog.view&friendId=388730644&blogId =532659819
[ link to this | view in chronology ]
[ link to this | view in chronology ]
hacker for hire
[ link to this | view in chronology ]
[ link to this | view in chronology ]
ID Theft
[ link to this | view in chronology ]
Identity theft
Seems a stupid attitude to me, especially when you realise that if they take action it will help the cause. But private individuals shouldn't be too casual about it either - there are a number of examples out there where people have had trouble with the IRS because of identity fraud and as someone mentioned above it is stressful. So at least go find a cross-cut shredding machine etc. and deal with your own security
[ link to this | view in chronology ]
Identity Theft
[ link to this | view in chronology ]