Last month I came home to my Las Vegas apartment complex to find the mailroom trashed! The controlled access door had been literally torn from the hinges, the mailbox fronts broken and all articles of mail stolen.
This wasn’t your typical incidence of vandalism, but one episode of what has become a growing problem for many in America—identity theft.
My experience in Las Vegas – a hotbed for such crimes – showed me firsthand the need to protect Americans from identity theft. In a survey released by the Federal Trade Commission, some 8.3 million people or 3.7% of the adult population, were victims of identity theft in 2005. Some surveys have as many as 10 million Americans claiming identity theft. It is estimated that identity theft cost businesses $15 billion in 2005.
In response, “The Social Security Number Privacy and Identity Theft Prevention Act of 2007,” H.R.3046, was introduced in Congress. The bill is intended to reduce identity theft by restricting the sale, purchase and public display of Social Security numbers by government and business entities. Simply put, H.R.3046 would restrict routine financial transactions – including the servicing of accounts – that involve documented SSN’s, thus stopping lenders from using the number as an authenticator for each customer.
That’s enough to put the chill in any banker that relies on the number to identify his clients. Bill Himpler, Executive Vice President of Federal Affairs for the American Financial Services Association, summed it up best in a letter to members of Congress, “simply SSN’s are the most effective and the only universal and consistent data element used to authenticate identity in commerce.”
And what does H.R.3046 add that current laws don’t already do?
There is currently in place an assortment of federal legislation regarding data security and privacy, including the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA), which amended FCRA to prevent identity theft. There’s Gramm-Leach-Bliley Act (GLBA), which regulates the exchange of personal financial information among financial institutions. On the healthcare side of things we have HIPAA, the Health Insurance Portability and Accountability Act. On top of this mountain of bureaucracy throw a heaping handful of state legislation (remember, there’s 50 of them) and you have the landscape of privacy laws across the nation today.
Furthermore, while it’s uncertain whether the lack of cohesion currently in place hinders efforts to stem identity theft, what is certain is that legislation restricting financial transactions has yet to prove effective at combating the problem. In the absence of consistency between state and federal regulatory structures, the private sector has moved forward with initiatives such as PCI Security Standards and individual internal procedures for safekeeping of sensitive information.
As disconcerting as coming home to a vandalized mailroom was, it helps to keep in mind that most if not all financial institutions refrain from using SSN’s on their statements. While well intentioned, H.R.3046 would not address the major concerns of such ground level attempts to steal credit card and other account numbers.
In an already fractious system, a federal approach is probably necessary. But H.R.3046 doesn’t fix the real problem.