Author(s): Chris Jay Hoofnagle
Abstract: Imagine shopping for a car in 1960. Safety is important to you. How do you assess a car’s performance in surviving a crash? What tools were available then to take an informed decision?
The modern consumer of financial services is in a similar position as the car shopper of the 1960s. How does the modern consumer choose a bank that is relatively safe from identity thieves and other malicious individuals? Perhaps she chooses the larger institution, because it has more resources to address fraud. Or perhaps a smaller institution offers more protection, because it is more obscure. There is no way to know for sure, and thus, consumers cannot make an informed decision.
This article attempts to actuate a market for bank safety by comparing identity theft victim data with government statistics used to measure the relative size of financial institutions. It envisions a future when this market incentivizes financial services firms to explicitly compete to reduce the likelihood that customers will become victims of identity theft or other frauds. In a world of competition in bank safety, consumers who put a premium on avoiding fraud could reward the most proficient firms with their loyalty.
This article concludes that the available data, while weakened by several methodological concerns, do show that certain banks, large and small, have different identity theft footprints. Other discoveries were made as well. First, if present trends continue, there will be a substantial upswing in identity theft complaints to the Federal Trade Commission in 2008. Second, over a three-year period, a small group of companies accounted for almost 50 percent of identity theft incidents. Focusing interventions on this small group of companies could have a profound effect on incidence of identity theft. Finally, non-banking institutions, such as telecommunications companies, have an enormous identity theft footprint; in our highly dependent credit markets, impostors may be using these companies as stepping stones for attacks against banks.
Keywords: privacy, security, identity theft, reporting, regulation through disclosure