Page 2 of 2

While pretexting is the most prevalent tactic, it isn't the only one.

"There's always been evidence of them getting this stuff from insiders in various companies," he says. Not only are insiders actively recruited by online dealers, some actually advertise their availability on Web forums.

So what can be done to cut into this trade aside from waiting to see what Congress and law enforcement can belatedly accomplish?

Douglas says there's much that the carriers can do, beginning with suing the bastards - Verizon has been particularly active there. Also helpful are "good and repetitive internal training" of customer service reps, and the use of software that prevents "data leakage," he says.

In addition, carriers should be mandating that customer account information be protected by PINs and passwords. Most have the technical capability but only offer such services upon request.

"There is an ingrained fear within these companies that if they make it too difficult for consumers to access their own information then the consumer will go to the next company down the road," he says.

But Douglas believes that consumers have heard enough horror stories at this point to accept mandatory PINs and passwords.

"It's not just the phone companies," he says. "This is about any company in any industry that maintains consumer information."

Also see Winn Schwartau's thoughts on LocateCell.com.

Thoughts? The address is buzz@nww.com.