It is no wonder that security initiatives have risen to thetop of technology companies’ priority lists. In additionto terrorist and virus threats, personal identitytheft is a burgeoning menace for online consumersand merchants alike.
“[Identity theft online] is more likely than you mightthink,” Gartner senior analyst Kenneth Kerr toldthe E-Commerce Times. “In fact, the numbers areshockingly high.”
The Federal Trade Commission estimated thatidentity theft is the fastest-growing financial crimein the United States, with more than 700,000 victimsin 2000 alone.
That said, vigilant consumers can avoid online attacksand should not fear e-commerce, analysts said.
Personal identity thieves steal information –name, birth date, Social Security numberor credit card number — then spendhaphazardly under a victim’s name.
The Internet is just one of many venues wherethese criminals lurk.
“The expansion and popularity of the Internet toeffect commercial transactions has increased theopportunities to commit crimes involving identitytheft,” U.S. Attorney Sean Hoar wrote in a recentbulletin.
Some analysts do not consider online risks to be significantly higher than offline perils.
“It takes a sophisticated thief to hack into a Website or server,” Kerr said. “It is a lot simpler tosteal identity information in a physical environmentlike a restaurant.”
Although a recent Gartner survey indicated that 16percent of online adults have had their credit cardnumbers stolen and misused — and that 8 percent have hadother identity information stolen, such as a SSN ordriver’s license number — Kerr suggested that theactual thefts likely occurred offline.
Time-tested e-commerce sites like Amazon.com (Nasdaq:AMZN), EBay (Nasdaq: EBAY) and Yahoo! (Nasdaq: YHOO)have amassed enough experience to provide sufficientsecurity and privacy for user information, according to Kerr.
For its part, bellwether Microsoft (Nasdaq: MSFT)recently made a public commitment to online securitywith its “TrustworthyComputing” initiative.
In the same vein, IBM has teamed withVeriSign (Nasdaq: VRSN) to improve online identityauthentication in e-business applications.
And BestBuy.com (NYSE: BBY) recently announced a newonline payment engine designed to guard against creditcard fraud.
But no security measure is wholly impervious to fraud,experts insisted.
“You can install security software and procedures todeter and prevent crime,” SecurityFocus CEO Arthur Wong told the E-Commerce Times. “But will it be 100 percent secure? No. That’s impossible.”
And criminals who do circumvent online securityshields make their victims pay. The U.S. SecretService estimated that consumers lost morethan US$745 million in 1997 due to identity theft.
According to U.S. police detectives, annual losses now exceed several billion dollars and includelosses absorbed by credit card companies, victim costsincluding legal assistance, and judicial and lawenforcement time spent investigating and trying cases.
But online shoppers can protect themselves.
Some credit card companies offer surrogate accountnumbers for online use that mask a user’s true credit card numberfrom hackers, Kerr noted.
Also, over the next 18 months, more credit card firmswill mimic the Verifiedby Visa program, which offers personal passwords toauthenticate online shoppers’ identities, he added.
“Credit card numbers should not be provided to anyoneon the Internet unless the consumer has initiated thecontact and is familiar with the entity with whom theyare doing business,” attorney Hoar said. “[And] computer usersshould install a firewall on their personal computersto prevent unauthorized access to stored information.”
Hoar said consumers who suspect their identity has beenstolen should contact the fraud departments of thethree major credit bureaus: Equifax, Experian and TransUnion.
They also should contact the fraud departments of thecreditors of the violated accounts, and should file areport with a local police department as well, he added.