Retail & the ID theft menace – I

With the retail boom taking off throughout the country, operations managers in retail outfits will have to increasingly deal with the menace of “identity theft.”: Identity theft is one of several new age cyber crimes that businesses are being forced to tackle these days, something that was quite unheard of even a few years back. This article provides an overview of this new risk that businesses are facing.

Identity theft occurs when someone uses a customer’s individual identification information such as name, credit/debit card number, PAN card number, voter identity card number or other such information without the customer’s permission, to commit fraud or other crimes.

In the US, the crime had at one time assumed endemic proportions with law enforcement agencies declaring it to be the third most important crime that the nation was facing. According to annual surveys it turns out that such crimes reached a peak in 2006 but has somewhat abated in 2007 mainly because (a) most states in the US have now introduced strict and appropriate legislations to deal with it and (b) the financial system has tightened its processes and systems in such a way that ID theft once identified and reported can be kept to a minimum through such measures as immediate credit freeze so that those who have stolen a victim’s credit card information or other identifying information are unable to encash it by tapping the victim’s credit lines.

As a result, the “latest survey”: of identity theft crimes in US has revealed that:

* The number of US adult victims of identity fraud decreased from 10.1 million in 2003 and 9.3 million in 2005 to 8.4 million in 2007.
* Total one year fraud amount decreased from $55.7 billion in 2006 to $49.3 billion in 2007.
* The mean fraud amount per fraud victim decreased from $6,278 in 2006 to $5,720 in 2007.
* The mean resolution time was at a high of 40 hours per victim in 2006 and was reduced in 2007 to 25 hours per victim. The median resolution time has remained the same for each Survey year at 5 hours per victim.

While the US seems to have crossed the hump, in India criminals have just begun to take to this crime in a big way and as the retail boom takes off and credit card culture spreads, incidents of identity theft will surely skyrocket in the days to come. At present Indian businesses, especially BPOs have to deal with straightforward crime – direct stealing of data – which is akin to theft of any other valuable and, therefore, cannot be strictly termed cyber crime. But that the menace has begun to rear its ugly head in India is obvious from the fact that police departments of most metropolitan cities in India have opened cyber crime cells.

What then is identity theft and how does it occur? The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in the victim’s name. The victims may not find out about the theft until they review their credit report or credit card statement and notice charges that they didn’t make—or until they are contacted by a debt collector. Already many such incidents have begun to be reported in newspapers in India.

In the US identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.

Skilled identity thieves may use a variety of methods to get hold of your information, including:

* Dumpster Diving: They rummage through trash looking for bills or other paper with your personal information on it.
* Skimming: They steal credit/debit card numbers by using a special storage device when processing your card.
* Phishing: They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
* Changing Your Address: They divert your billing statements to another location by completing a change of address form.
* Old-Fashioned Stealing: They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records, or bribe employees who have access.
* Pretexting. They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources.

What thieves do with this information and how victims can protect themselves from such crime are topics that we will take up in another article.