Austrian journalist Erich Möchel asked me why there might be a higher rate of identity theft in the United States than in Austria. He published an article in German about identity theft in which he quoted extensively from my responses (in translation) but, never wanting to waste any writing, I am using an edited version of my original comments (with a few additions) here for readers of English.

* * *

One of the problems any society faces is the use of universal identifiers. In the U.S., in contravention of the original legal restrictions on its use, the Social Security number is increasingly being used throughout society as an identifier. In Europe and many other parts of the world, a government-issued identity number is commonplace.

These uniform identifiers, if inadequately controlled, allow data aggregation: the use of disparate collections of data (e.g., bank records + air travel records + library usage records + credit-card records + etc.) to create an increasingly detailed profile of everything a person does, whether viewed as private or not by the individual. The United States is still behind Europe in its privacy regulations.

Another issue that lies at the root of the rise in identity theft involving credit-card fraud is the system of fraud-recovery in the U.S. banking system.

Yes, a person who has been defrauded does have limits (typically $50 in total) on liability for someone else's fraudulent use of their account - but who bears the cost of the fraud? Is it the banks? No, it's card holders who don't pay their accounts on time.

Interest rates for credit cards are two to three times the rates for secured loans. The enormous difference pays for the fraud. But shifting the costs onto users deflects responsibility away from the card suppliers; instead of investing in better identification and authentication schemes for cards, they have shied away from anything that would reduce credit-card use. Some European banks (e.g., the Bank of Scotland) have pictures on the credit cards they issue; very few (e.g., Citibank) in the U.S. do the same. Smart cards would make forging much more difficult, but they are not in use.

Stopping the practice of sending unsolicited, pre-approved application forms to millions of residents would deprive thieves of the opportunity to steal the forms from mailboxes. The stolen forms are then filled in and sent in with a different address from the original but the same name and identifying data as the original recipient's. The victim gets the bills and the thief gets the goods.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports