Austrian journalist Erich Möchel asked me why there might be a higher rate of identity theft in the United States than in Austria. He published an article in German about identity theft in which he quoted extensively from my responses (in translation) but, never wanting to waste any writing, I am using an edited version of my original comments (with a few additions) here for readers of English.

* * *

One of the problems any society faces is the use of universal identifiers. In the U.S., in contravention of the original legal restrictions on its use, the Social Security number is increasingly being used throughout society as an identifier. In Europe and many other parts of the world, a government-issued identity number is commonplace.

These uniform identifiers, if inadequately controlled, allow data aggregation: the use of disparate collections of data (e.g., bank records + air travel records + library usage records + credit-card records + etc.) to create an increasingly detailed profile of everything a person does, whether viewed as private or not by the individual. The United States is still behind Europe in its privacy regulations.

Another issue that lies at the root of the rise in identity theft involving credit-card fraud is the system of fraud-recovery in the U.S. banking system.

Yes, a person who has been defrauded does have limits (typically $50 in total) on liability for someone else's fraudulent use of their account - but who bears the cost of the fraud? Is it the banks? No, it's card holders who don't pay their accounts on time.

Interest rates for credit cards are two to three times the rates for secured loans. The enormous difference pays for the fraud. But shifting the costs onto users deflects responsibility away from the card suppliers; instead of investing in better identification and authentication schemes for cards, they have shied away from anything that would reduce credit-card use. Some European banks (e.g., the Bank of Scotland) have pictures on the credit cards they issue; very few (e.g., Citibank) in the U.S. do the same. Smart cards would make forging much more difficult, but they are not in use.

Stopping the practice of sending unsolicited, pre-approved application forms to millions of residents would deprive thieves of the opportunity to steal the forms from mailboxes. The stolen forms are then filled in and sent in with a different address from the original but the same name and identifying data as the original recipient's. The victim gets the bills and the thief gets the goods.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.