New Identity Theft Study Meets Mixed ReviewsBanks Downplay Findings; Advocates Call for Further Disclosure
The revelations were headline-worthy: Previously-private consumer complaint forms from the Federal Trade Commission -- requested by privacy attorney Chris Hoofnagle at the Berkeley Center for Law and Technology -- placed the Identity Theft problem in a new light, and showed that top banks in the U.S. were receiving hundreds, sometimes thousands, of consumer complaints per month. These statistics are notable since only about 5 percent of Identity Theft victims actually report incidents to the FTC.
Reactions among bankers, regulators and consumer groups range from nonplussed to angry. And while no banks report any specific actions related to the report, analysts say studies such as Hoofnagle's "ID Theft at Top US Banks" may in the long run influence U.S. bank regulators who, this past week, called for more transparency in the high-fraud subprime mortgage industry.
"We anticipate Dr. Hoofnagle will continue to work on this issue, and we'll see where it goes," says Doug Johnson, a senior policy analyst at the American Bankers Association. "Our general perception is that the market is much better served when we continue to share information among ourselves as financial institutions, but not turn the sharing of that information into some kind of competitive issue as Dr. Hoofnagle envisions."
New News is No News?
Regulators point to new "Identity Theft red flag rules" and a bevy of recent guidance reports from the Treasury's Financial Crimes Enforcement Network as evidence that Washington is pushing the banking industry for more accountability.
In that light, many banks say the Hoofnagle study simply told people what they already knew -- that the biggest banks are going to have the most problems with fraud. At JPMorgan Chase, which had an average of 613 complaints per month in 2006, the study caused some internal reactions, but no consumer bulletins or other action. Primarily, the ID Theft study wasn't specific enough about the cause of the fraud, a fact that downplayed its relevance to JPMorgan Chase and its customers, says spokesman Tom Kelly. "My eyes glazed over," he says.
For its part, CitiBank had an average of 413 ID fraud incidents per month in 2006, according to FTC data. "We are continuously enhancing our fraud systems and strengthening our relationship with law enforcement agencies to protect and reassure our customers," CitiBank said in a prepared statement.
For an industry awash with studies and statistics, the seemingly hard-hitting consumer data didn't actually move many boats. Hoofnagle says the data is for now too raw to be "consumer actionable." Releasing it now may, in fact, be counterproductive for anti-fraud efforts, some say.
"Compare having 10 people at a party to having 100 people at a party. When there are 100 people there, your chances go up that something's going to get broken," says Linda Foley, an analyst at Identity Theft Resource Center in San Diego, Calif. "For those people who understand what's going on, [the Hoofnagle study] makes sense. But because it went out to the public, which may not understand the nuances of all this, there's been negative reaction."
Conflicting Points of View
Not everyone embraces Hoofnagle's findings.
According to the 2008 Identity Fraud Survey Report released last month by Javelin Strategy and Research of Pleasanton, Calif., the banking industry is actually doing yeoman's work in beating back identity fraud. The total number of complaints is down, and there are fewer channels by which theft occurs, the survey finds. Losses to consumers, however, rose to $544 from $446 between 2006 and 2007, even as the mean fraud amount declined from $6,497 to $5,920.
"I don't think the banking industry spent much time on [the Hoofnagle study], but they're aware of it," says Jim Van Dyke, Javelin's founder and president. "Hoofnagle is a lawyer, not a statistician. His business is making arguments, not bringing new facts to light."
Philosophically and statistically, the Javelin and Hoofnagle studies couldn't be further apart: Javelin, which uses 5,000 phone surveys to gather the bulk of its research, names Bank of America as the bank with the most effective consumer safeguards; for his part, Hoofnagle's data shows BofA received the most consumer complaints, an average of 1,117 a month in 2006.
That discrepancy by itself is an argument for releasing more, not less, information to consumers, advocates say. "It's like that Jack Nicholson line from 'A Few Good Men': 'You can't handle the truth,'" says Steve Blackledge with the Public Interest Research Group in Sacramento, Calif. "Information can be power for consumers. Not every consumer will care to look at it, or understand it, but some will, and that's what matters"
Hoofnagle supporters say the study gave new insights into the extent of the problem, and which banks are struggling the most. It also, they say, gives banks a baseline by which to measure their work against other banks.
To be sure, releasing more fraud data would be embarrassing, costly and sometimes counter-productive for banks, but it's necessary, says Mari Frank, a privacy lawyer and host of the weekly "Privacy Piracy" radio show on KUCI 88.9 FM in Irvine, Calif. She says she's dealing with several cases where consumers have run up against stone walls when trying to get banks to help police prosecute ID thieves.
"This study is embarrassing for banks," says Frank. "People are now coming out of the woodwork. They're outraged."