BreachExchange mailing list archives
Bank of America, HSBC Most Prone to I.D. Theft, Report Says
From: Richard Forno <rforno () infowarrior org>
Date: Wed, 27 Feb 2008 21:37:48 -0500
Bank of America, HSBC Most Prone to I.D. Theft, Report Says - Updated By Ryan Singel EmailFebruary 27, 2008 | 1:30:42 PMCategories: Sunshine and Secrecy http://blog.wired.com/27bstroke6/2008/02/bank-of-america.html In a first ever study of which companies have the most identity theft incidents, Bank of America, HSBC, and Washington Mutual were named as the companies with the most incidents per billions of dollars of deposits, according to a study released Wednesday by Berkeley Law School fellow Chris Hoofnagle. Among the nations' largest banks, ING Bank looks to be the safest, with only 0.085 identity theft complaints per billion dollars of insured deposits. In terms of sheer numbers of complaints, Bank of America, AT&T and Sprint were named most often in the complaints, followed closely by Chase, Capital One and Citibank. The study, entitled Measuring Identity Theft at Top Banks (Version 1.0), looks to be the first-ever attempt to name-and-shame companies based on their identity theft protections, or lack thereof. Hoofnagle, who started as a privacy and consumer rights advocate at the Electronic Privacy Information Center, says he did the study because he wants people to be able to choose institutions based on identity theft statistics. He used a open-government request to get more than 88,000 complaints filed by individuals to the Federal Trade Commission in January, March and September 2006. The FTC publishes statistical data about the complaints yearly, but does not publish the companies' names. "In order for the market to effectively address the ongoing identity theft epidemic, consumers need reliable information about incidence of the crime among institutions," Hoofnagle wrote in the study. "If data were available on this crime, consumers could choose safer institutions, regulators could focus attention on problem actors, and businesses themselves could compete to protect consumers from this crime." To get a rough tally of the number of incidents per customer, Hoofnagle compared the number of incidents against publicly available FDIC data on the institutions insured deposits. No similar data existed for telecoms companies, making even rough ranking per customer impossible. Hoofnagle admits the data is rough, but hopes the study will force better data to come to light in the future. He also hopes the data could force lawmakers and regulators to mandate public disclosure of identity theft statistics from banks (.pdf). While the FTC data is currently the best source of data on identity theft, it relies on individuals to complain to them. It does not count police reports filed or incidents reported to banks, cell phone companies or credit bureaus. For instance, the FTC data does not distinguish between fraud cases where an impostor establishes new accounts in a persons' name from more common cases where a person uses a stolen credit card to make purchases. The data also does not distinguish between identity theft committed online such as through phishing emails and identity theft done without the help of the internet. UPDATE: Bank of America spokeswoman Betty Riess says the company hasn't seen the study yet, but says BoA takes security seriously. "Keep in mind that if we have a customer who reports they are a victim of identity theft that doesn't correlate to security at BoA," Riess said, referring to the fact that a BoA customer experiencing identity theft could have had their mail stolen or fallen prey to a phishing attack. "Protecting customer information is a top priority at BoA and we have multiple layers of security." Riess added that BoA uses online security offerings from RSA and lets customers use one-time credit card numbers for purchases from unfamiliar online retailers. See Also: _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Bank of America, HSBC Most Prone to I.D. Theft, Report Says Richard Forno (Feb 27)