Identity Theft Rates Among Top Banks

Hugh Pickens writes "Consumers, regulators, and businesses lack objective tools to compare the incidence of identity theft across financial institutions and without such tools, consumers cannot 'vote with their feet' and choose safer institutions. Now a study by Chris Hoofnagle has analyzed 88,000 complaints submitted by victims to the FTC over a three month period in 2006 and found that Bank of America ranked highest of all firms in the study, with an average of 1,117 incidents over a three-month period. AT&T had 763 incidents, followed by Sprint Nextel, JP Morgan, Chase and its Chase and Bank One, and Capital One. When the estimated events are divided by the total deposits, the data show that HSBC, Washington Mutual, and Bank of America have the highest rates of identity theft. Hoofnagle said lending institutions should publicly report information about identity theft events such as the rate of identity theft; the form of identity theft attempted; whether it was a mortgage loan or credit card; and the amount of loss suffered as a result. would help consumers choose safer financial institutions. The full study(PDF) is available from the Berkeley Center for Law and Technology."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Faylone]

No, you didn't even read the summary properly.

When the estimated events are divided by the total deposits, the data show that HSBC, Washington Mutual, and Bank of America have the highest rates of identity theft.

Re:

[Faylone]

and...I didn't read your post or the article fully, summary should say divided by the total deposited amounts. Statistics before coffee is apparently a bad idea.

Uh, no...

[msauve]

The parent was correct - they pointed out how the statistic you cite is flawed. You didn't even read the comment you were responding to.

The findings presented (in the summary, the linked article, and the original paper) were based on total incidents per institution (favoring small institutions), and incidents in relation to total deposits (favoring institutions having large average deposits).

Since the study was meant to "meaningfully compare institutions on their performance in avoiding identity theft,

Re:

[Zeinfeld]

I am not at all sure what the paper shows, or even what definition of 'identity theft' is being used. Do the authors mean taking out fraudulent loans in the victim's name or fraudulent use of a credit card they hold?

The difference is pretty important as the number of customers of a bank is not going to make it more or less attractive as a place to take a fraudulent loan out at. That is going to be determined by the fraud measures in place and how well known the brand is. If we are talking about loan fraud

Re:

[hedwards]

The bottom line here is that the big financial organizations just don't care enough to fix their problems. Admittedly there's no way to be completely free of identity theft, but the worst offenders aren't even trying.

Look at TD Ameritrade last year, it took them an unknown length of time to discover that somebody was able to access one of the servers they had with personal information. It was fairly well known before they admitted it that they had been loose with customer data. I was personally receiving pe

Re:

[greg1104]

Another thing that bugs me about this is there's no notion of how much on-line activity is involved.

As an example, one of the reasons I have a Bank of America account is that you can do just about anything from their web site. I routinely move money around between accounts, pay bills, all sorts of stuff. Now, probably because of this, as well as their wide customer base, I regularly see phishing attacks aimed at BoA, with plenty of them e-mailed to me over the years. I've seen some pretty sophisticated r

Re:

[CastrTroy]

It probably has a lot to do with their clients more than their banking system. I remember hearing that ING had very low identity theft rates, and people chalked it up to their convoluted login system. I would say it has more to do with the fact that they are only online, and scare away a lot of web-savvy people. Also, because they mostly only for savings accounts, their clients pass the automatic IQ test by actually saving some money.

Re:

[perlith]

Agreed. This was written by a Senior Fellow, yet has the look and feel of a Statistics undergraduate term project. In defense, the quality of the data probably was poor. However, the analysis was poor as well. Most likely there is additional data available. Good luck getting a hold of it.

Further correction

[jrexilius]

The vast majority of identity thefts come in the form of phishing attacks sent directly to the end-user pointing them to a fake site. This type of ID theft is outside the control of the banks themselves.

Showing the largest numbers of incidents is more akin to showing the relative perceived popularity of the bank in Romania, Ukrain and other places that originate the attacks and the relative stupidity of the banks customers.

"Voting with your feet" based on that data is probably not the best idea..

Re:

[gosand]

Correct me if I'm wrong, but the Slashdot summary seems to be missing an obvious connection: The top institutions also have the most customers. Simply getting the number of incidents isn't enough; what would be far more interesting is the rate of identity theft (incidences per 1000 customers or such).

That was the first thing I thought of, since Bank of America is the largest bank in the country. Another thing that they must be struggling with is their growth. They've grown by acquiring other banks. Tho

Re:

[shentino]

Even better would be *dollars* stolen versus *dollars* handled

Re:

[digitig]

Oh, I think the bank has a role to play: http://ledger.southofboston.com/articles/2005/04/16/news/news01.txt [southofboston.com].

It would depend on the type of business, no?

[chevman]

It would depend on the type of business, no?

- Online banking
- ATM access
- Point of sale transactions
- Brokerage Transactions

etc, etc.

My strategy has always been to spread my risk - make all point of sale transactions with a publically exposed credit card, which I pay off monthly from a completely separate checking account, which is totally divorced from my investment accounts. Each account is at a different bank, which i use different logins and passwords for.

If any one is compromised, I have at least a marginal degree of separation from all the others.

Re:It would depend on the type of business, no?

[dwater]

hrmph. surely they only need to break into one of them.

note that we're talking about stealing your identity here, not your money (though I guess that is likely to be the ultimate objective). Once they have your identity, they can likely open an account of their (or your) own - likely a credit account, of course - at some other institution.

perhaps I missed something...

Assumes a Cause

[jschnack975]

Voting with your feet will not help if the underlying cause is not the practices of the institution. If people are not careful with their own info they can switch banks all day long and still be at risk. There is a huge assumption here that it is the bank that is the cause of the problem. It may be the customer or other institutions.

Re:

[mam_bach]

.. There is also an assumption that all thefts are registered and are hence available data.
Is it not possible that one would not register a complaint with, say, a small local insurance broker (or just tell him over golf his secretary needs to check signatures better) whereas one might fill in a form for a multinational, since that's the only way you get a result (like cancelling your compromised card)
Data needed would be
-number of thefts
-number of customers
-volume of business
-some kind of 'estima

Re:

[kartan]

Mod parent insightful. When I read in the summary that Washington Mutual had one of the highest rates of identity theft, that meant to me that Washington Mutual customers have one of the highest rates of identity theft. Isn't Washington Mutual also known as a fee-less bank, probably drawing customers who are poorer, and thus potentially less educated about protecting themselves from identity theft?

Correlation != Causation!!!

"Bank of America" is an actual bank?

[JanneM]

I honestly had no idea Bank of America actually existed. I thought it was another one of those made-up company names spammers use, like Prime Staadslotterij, Commercial Trust or Coventry Promotions. I mean, it doesn't even sound like a believable name.

Re:

[Anonymous Coward]

Yes, and they're evil incarnate. Although at least they have the decency to close your account when it hits a zero inactive balance, rather than using monthly charges to drive you under zero and then charge overdrafts on top of that...

Not a Bit Surprised About Sprint

[Comatose51]

When I stupidly signed up with Sprint again after a few years of using Cingular, I had trouble activating my phone. I call customer service and the lady asked me for my password. I was initially very hesitant about it. I couldn't believe that she had my password in plaintext in front of her. She couldn't reset the password or anything like that, instead she just have it in front of her screen. After going through a few non-financially related password (weaker passwords), I decided to give up and told her I couldn't think of it. At that point, she tried to verify me through my mailing address. I tried it a few but that didn't work until I tried my parent's address. It turns out that when I gave her my social security number initially (stupid me, I know), she pulled up my old account from 8 years ago before I switched to Cingular. Since both the new and old accounts were keyed by my SSN, she got my old account, along with my parent's address, and my old password. How insane is that? Sprint kept all my information for 8 years along with the password in plaintext.

Re:

[totally bogus dude]

Completely agree with the point about companies holding onto personal information far longer than they should. Playing devil's advocate though, they may need to protect themselves from people complaining about misdeeds from the distant past. Or receiving a bill in the mail that was posted 10 years prior. This seems a reasonable excuse to hold on to records. However, I think they should move this data "offline" so that it can be called up as a special measure in case of a dispute, but will be non-existent fo

Re:

[Apotsy]

I don't know about this PIN you're referring to, but I too have had Sprint agents read me my password (the one used to log into the main sprint.com website) over the phone in the clear, without me even asking them to. Yes, they can see it in plain text. The only PIN they couldn't read me was the one to get into the pictures website. That had to be sent to my phone.

Considering the account password gives access to very sensitive info and the pictures website PIN doesn't, that seems totally backwards. I've m

I bet AOL users are more likely to be phised too

[logicnazi]

That hardly implies that if I choose to use AOL I will run a greater risk of having my identity theft. It shows that AOL users are more likely to be computer naieve and stupidly type their info into random phishing sites. Determining what banks have the highest rates of identity theft is useless unless from a security standpoint unless you determine WHY they have it.

In particular did anyone else notice that the highest rates of identity theft seemed to occur at the largest banks who likely had the most customers? This suggests to me that it's not bad IT practices that account for these results but the make up of their customer bases. I suspect that while many financially and technologically savy people (such as me) have accounts at these banks their success at appealing to the largest possible market means they have a larger percent of non-savy customers. On the other hand another good hypothesis is just that more phising attacks attacks target the institution with the most customers. But if you are confident of your ability to avoid those then this shouldn't worry you much.

In either case this seems like a totally useless statistic and not a result of poor security as the write up suggests.

It's lucrative

[superbrose]

I have heard rumours about fraudulent bank employees selling confidential information about customers to third parties.

I heard about this through a friend who never lost or misplaced their HSBC credit card, and who suddenly received entries in their monthly bills that did not correspond to past activity. But since this friend was very cautious about using the credit card and it was used very rarely indeed, it was virtually impossible for someone to steal this information physically.

If this is true then ba

If you ever wondered...

[hyades1]

...who makes law on this side of the planet, all you need do is take an objective look at how indifferent governments and financial institutions are to identity theft. If somebody gets hold of your personal information, no matter whose fault it was, good luck if you expect a lot of help fixing the damage.

Canada's Royal Bank just sent around an amended customer agreement for people who bank on-line. They've refused to accept responsibility for quite a range of problems in this area, even if those proble

Re:If you ever wondered...

[gsslay]

You've missed the subtle twist in the process.

It used to be that if a bank lost money because someone defrauded them by pretending to be a customer of theirs it was their problem. But now, with the wonderful new term "identity theft", it's your identity that's been stolen and therefore your money. You may appear to still have your identity, and they may appear to have lost their money, but that's just looking at it too simplistically.

So remember; fraud = their money, identity theft = your money. Change the way you describe the crime and magically you change who's the victim. Isn't that clever?

Re:

[OneSmartFellow]

You've also forgotten that any very large bank will be bailed out by the Fed, so they don't really care !

Re:

[Valar]

Maybe that is YOUR perception, but I assure you, that isn't the law. The law doesn't distinguish between identity theft and fraud. There is only fraud. The law judges what is and isn't fraud and the extents of liability based on whether you were a good guardian of your card/account information, the method of the transaction (credit card vs. debit card pin transaction vs. check), and whether or not there were unauthorized transactions.

Re:

[gsslay]

Yes, I realise the law hasn't changed any. But that isn't going to stop financial institutions trying to change people's perception of what is happening. As long as they can convince their customers that the problem is theirs, rather than the banks, they can offload responsibility.

Re:

[Ritz_Just_Ritz]

The government is indifferent to the problem because the banks lob gobs of money at lobbyists who in turn line the pockets of the politicians in the form of perks and outright "contributions." The banks are indifferent because they simply pass along the cost of fraud to their customer in the form of higher fees and reduced services. You can bet your behind that if the banks suffered actual financial losses as a result of fraud the lobbying sailboat would do an immediate tack into "prevention" mode and the

Voting with your feet is "dangerous"

[anticlimate]

IANABanker but I suspect the last thing a financial regulator would want is a massive "voting with one's feet". Anything that has a slight chance of starting a bank run is seen as a danger. That can be one reason there are so little (public and detailed, comparative) data about data theft, card fraud etc. (Which is sad but rather a problem of the system not of the regulators).

Re:

[WaZiX]

IANABanker but I suspect the last thing a financial regulator would want is a massive "voting with one's feet". Anything that has a slight chance of starting a bank run is seen as a danger. That can be one reason there are so little (public and detailed, comparative) data about data theft, card fraud etc. (Which is sad but rather a problem of the system not of the regulators).

Exactly, it's the role of supervisors to deal with such problems, and unless you force every person in the society to have a PhD in statistics and access to the whole financial structure of every bank, it's impossible for the average consumer to take proper decisions on which bank is more exposed to risk then another. Asking consumers to make their decisions on identity theft is like asking car buyers to make their decisions solely based on the quality of the cars wipers, ID theft is just one minor aspect

Re:

[anticlimate]

and that's why the financial sector is so expensive. To the public at least and in almost all countries. A big knowitall aganecy telling the little dumb citizen whom to trust, and even if they fail there is always the (knowitall) government to pay the bill - from the pocket of the little citizen.
The catch is that you have to trust the regulators who are appointed by a government/president elected by representatives/electors elected through a sometimes complicated process by you. Too many leverages there.

Re:

[WaZiX]

and that's why the financial sector is so expensive. To the public at least and in almost all countries. A big knowitall aganecy telling the little dumb citizen whom to trust, and even if they fail there is always the (knowitall) government to pay the bill - from the pocket of the little citizen.
The catch is that you have to trust the regulators who are appointed by a government/president elected by representatives/electors elected through a sometimes complicated process by you. Too many leverages there.

Actually, most of the regulations are set by the Basel Committee (The Basel accords), which theoretically should guarantee that there is at any point 99.7% chance that the bank doesn't go bankrupt. What you have to trust are the agencies supervising the applications of those accords. Either way, the banks are the first wishing those rules to be enforced, because failure of on bank usually means crisis in the sector, and problems for every bank. But indeed, risk management is a very costly aspect of banking

Re:

[eipgam]

As I'm sure most Basel Committee members would tell you, you can't guarantee anything in banking. ;-) An interesting point you make about banks following and circumventing regulations at the same time, securitisation being a particularly salient example. Technically it wasn't circumvention of the rules, and substantial parts of Basel cover risk transfer. The danger is, of course, that we didn't realise the risk wasn't fully transferred.

Banks != Market

[WaZiX]

Isn't it the role of supervisors to regulate banks, and NOT the consumer?

I mean isn't the whole point of being able to call yourself a bank is that you apply to prudential rules set by the government and therefore the consumer doesn't have to ask himself questions whether the bank is safe or not?

Quite frankly identity theft is a detail compared to other risks the banks are facing, this is why the whole financial market is divided between the banking system (black box supervised by the government) and the markets (where the government just guarantees transparency and it's up to the consumer to make his choices based on the information he is given).

The problem with disclosing this kind of information is that it sets doubt on the banking system, and the whole banking system relies on trust to function (hence the tight regulation of the banking sector).

We're not going to ask consumers to assess the risk exposure of banks are we?

Re:

[mccabem]

You'll recall that "tight regulation" has been gone for some decades now. Re-remember the newspeak: Deregulation. The S&L scandal in the 80's was the tip of that iceberg.

Good day.

-Matt

P.S. Here's a link: http://en.wikipedia.org/wiki/Savings_and_Loan_crisis [wikipedia.org]

Re:

[eipgam]

Speaking as an actual prudential banking supervisor (not from the US) I have to say I agree with you. It's obvious that consumers are incapable of properly assessing the risk of exposure to a bank, particularly when some large and sophisticated counterparties also struggle.

WaMu victim here

[DigitAl56K]

I was hit with identity theft as a WaMu customer last year. I don't know how it happened, I pay for most things in cash and I don't use my card on small/disreputable websites, I use Firefox with NoScript, don't click links in e-mail even when they look legit (always type the URL myself), etc.

However, I have to say that my experience with WaMu was really bad:

* They canceled my card while I was displaced during the California wildfires
* If you call the number on the back of your bank card it's actually extremely hard to work out how to get through to an actual person to talk about card fraud
* When I did get through to an actual person, using an alternative number they provided me at an actual bank, they tried to forward me to their fraud department. I sat on hold for an hour before deciding to give up and call back later
* The would not reverse fraudulent charges to my account. They told me that they would send me an affidavit that I would have to sign before they would refund the charges, and then it would take 30 days or more to process. This affidavit never arrived.
* I had much better luck calling the numbers listed on my statement and getting merchants to refund fraudulent charges
* WaMu did refund one fraudulent charge eventually

Short story: If you're a fraud victim at WaMu don't expect them to go out of their way to help you as a customer. You may have better luck taking care of it yourself.

More recently, I tried to pay off a loan with my WaMu debit card. Big mistake. According to my statement there was a double-charge pending for thousands of dollars. I called WaMu immediately, here is how that conversation went:

Me: I'm looking at my statement, it looks like there is a double charge for several thousand dollars
Them: Yes, we do see that, we see one charge has cleared and another pending
Me: That's an unauthorized charge, and clearly a mistake
Them: Well, the good news is that it that the money hasn't left your account yet, it is still pending
Me: Okay, can you stop the charge?
Them: No. But after it gets charged you could file a dispute with the merchant
Me: But you just said that the money hasn't left my account yet, and I'm telling you it's unauthorized, so why don't you stop it?
Them: We can't do that.
Me: Well that's completely useless then, isn't it?
Them: Yes, I understand, sorry about that..

It's not identity theft, per-say, but more indicitive of my experiences with WaMu so far. They don't exactly go out of their way to help you out during a bad situation.

So, yes, I believe this information should be published, and not only that, each and every customer affected should be questioned as to how well they feel their bank dealt with the situation and as to how secure they feel at their bank. WaMu would not be getting a very high rating from me at all.

Re:WaMu victim here

[IL-CSIXTY4]

Them: Yes, we do see that, we see one charge has cleared and another pending

They should have explained things a little better. When a card is charged, it's a two-step process: authorization and capture. At authorization, they've told the merchant "yes, this transaction can go through and we'll hold the money for you". A merchant can't undo an authorization. The money doesn't get sent until capture, usually a nightly process. If a charge isn't captured within a certain amount of time (24 hours to a few days), the bank rescinds the authorization automatically.

They should have explained that there was a chance the merchant realized their mistake and wasn't going to capture the funds. If you contacted the merchant and let them know the situation, they probably could have prevented capture too. But, if the charge ended up being captured, you would need to file a dispute.

As a merchant, this is the way I want things to work. If an authorization goes through, I don't need to wait until I have the money in my account to ship someone their order. If they could back out of an authorization before capture, the authorization would be meaningless and I'd probably see a lot more fraud.

Re:

[DigitAl56K]

Thank you, that is a much clearer explanation than WaMu was able to muster.

However, even given that explanation, it does appear that simply having a debit card is a severe security risk for any customer - the bank seems to be unwilling to prevent the capture of funds when an account holder flags an authorization as false, and refunding fraudulent transactions may take well over a month. I've never seen any of my debit card transactions blocked for security purposes either - I have only ever received calls q

B of A victim here

[tholomyes]

I was with B of A for many years until this happened to me (when I switched to WaMU :\ ):

I had a check stolen out of my mailbox and, being a college student, they stole all $40 out of my account. After spending the requisite bazillion years on the phone with several shell companies to get the fraud itself straightened out, I visited my friendly B of A.

"I recently had fraud on my checking account," I told them. "Here's the paperwork proving that this is what happened."
"Okay," they said, "we first recommend

Re:

[Repton]

There's a problem with banks and credit cards: with many online merchants, all you need to make a purchase is the card number and expiry date. That wouldn't be too bad, except that most banks issue credit cards in contiguous blocks with the same expiry date. So if you start with a known-good credit card, you can increment or decrement the card number (modulo the Luhn algorithm [wikipedia.org]), keeping the expiry date the same, and get a lot of hits.

You could keep your card in a lead-sealed box buried under your house a

Identity Theft

[PC and Sony Fanboy]

As the large banks have the most customers (re: first post) this would be the obvious conclusion - more potential victims.

HOWEVER

I understand the problem differently - the TYPE of people at the bigger banks are MORE likely to be victims because of the mindset they have - they're unwilling to take the difficult steps of preserving personal information!

In canada, we have a different banking system, there are only five (or six, depending on what you consider as BIG) banks that most everyone uses. Several of

Re:

[vertinox]

Identity theft, which is usually the fault of the person for improperly disposing of information is also viewed as a PERSONAL problem, and people believe all banks to be the same.

I've had to write nasty letters to employers, brokers, and banks because they constantly put SSN on statements. Mail theft isn't that uncommon in larger cities (happened to my room mate once and sometimes I get important mail that appears to have been opened) so even though one could shred everything you cannot prevent someone from

Re:

[PC and Sony Fanboy]

We all receive this sensitive information in our mailboxes - and yes, mail theft is common, but dumpster diving is MUCH easier, faster and more widely spread.

For every story someone has about identity theft being someone else's fault, how many are actually caused because people don't dispose of things properly?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[i.r.id10t]

You contact the postmaster and tell them...

Look at the billing systems

[gelfling]

As a Sprint customer I have to guess that not only is their billing system UN-auditable but that Sprint doesn't have clear understanding of exactly what monies they collect and from whom. In the 4 years I've been a Sprint subscriber I've thrashed through at least 3 dozen billing errors. If someone wanted to steal identities it couldn't be that hard given the absolute anarchy and dysfunction of their billing system and its interaction with customer service.

Punctuation

[rocketman768]

Terriblepunctuation man.

Hoofnagle said lending institutions should publicly report information about identity theft events such as the rate of identity theft; the form of identity theft attempted; whether it was a mortgage loan or credit card; and the amount of loss suffered as a result. would help consumers choose safer financial institutions. The full study(PDF) is available from the Berkeley Center for Law and Technology."

All those semicolons should be commas and that second to last "sentence" should

Bank of America

[DuctTape]

Of course, we need to remember that Bank of America is the bank that took San Francisco resident Matthew Shinnick to jail back in late 2005 when he tried to sell a pair of mountain bikes on Craigslist. He took the buyer's check that he received in the mail, asked the teller if it was a good check, and after an affirmative answer ended up handcuffed by police in a downtown Bank of America branch and jailed for almost 12 hours. BoA never offered to reimburse him for thousands of dollars in legal costs, thoug

Intresting what you leave out

[SmallFurryCreature]

The guy tried to sell a pair of bikes for 600 dollars, then received a check for 2000 dollars, and tried to cash it in. He then claims he found that suspicious and all, sure he did AFTER THE FACT! It wouldn't look good in court to say "I thought it was my lucky day receiving more then TRIPLE the amount we agreed".

WHOOOP, WHOOOP, WHOOOP! Red FLAG!

The article explains that this is part of a scam and you can't scam an honest person. What honest person would believe that someone sends more then 200% of the pr

What are they measuring?

[davevr]

This sounds to me like a measure of the average customer's IQ, not of banking security. Things like phishing scams are almost entirely outside the bank's control. BTW, this would also explain why Bank of America did so badly. I can't imagine anyone who is capable of doing math would open an account at that place.

Personally I find this whole focus on "web safety" is overrated. I still see lots of people giving their credit card with signature and photo ID (with DL#, DOB, address, etc.) to minimum wage wo

Re:

[gujo-odori]

It is indeed primarily a measure of customer IQ. I've been in the anti-spam industry for five years and before that was a postmaster at an ISP, and every single freaking day, I see blatant phishing released from quarantine and reported as a false positive. It makes me want to rip my hair out, that so many people are so gullible. The only thing that gives me any hope that people are wising up is that phishers have recently started targeting very small institutions in addition to the biggies (I've seen phishi

No fricking suprise

[hardburlyboogerman]

I've had an identity theft after I paid off a Mastercard that I had thru Capitol One.Fortunately for me,I had closed the account and had a letter stating that the account had a 0 balance and was closed.Turned out that some of their employees had reactivated the account and purchased about $6000 worth of stuff.I took Capitol One to court and forced them to investigate.The culprits were caught and the account was ordered cleared.I also collected punitive damages.
I do not have a credit card now nor do I want o

Exporting America

[BlueBoxSW.com]

Anyone else find it funny that the biggest names on the identity fraud list are the same large financial institutions found on Lou Dobb's "Exporting America" list?

Are we simply getting our financial information ripped off from our cheapo call centers in India?

Re:

[BlueBoxSW.com]

http://www.cnn.com/CNN/Programs/lou.dobbs.tonight/popups/exporting.america/content.html [cnn.com]

BofA Stinks

[psychobiker]

Two years ago I was shopping for a mortgage and contacted BofA. Their rates were high and I passed them by. Then a set of checks arrived from BofA from an account I had not asked them to set up. I called and was told it was a mistake. Then a statement for a saving account appeared and I kept on the phone until I found their security head in my area. It turns out I worked with one of her kids and knew where she lived. I did not state that as a threat but until the veil of anonymity was lift, she was no

I'd like some more data

[gorbachev]

What percentage of the identity theft cases were done by conning the customer to give their account information to the thief, either by phishing or keyloggers.

What percentage of the identity theft cases were done by social engineering the banks.

What percentage of the identity theft cases were done by stealing the date from a 3rd party.

Without that information the data is pretty much meaningless and usable only for trending analysis by just looking at the number of total cases.

Kill the editor! (or submitter)

[blueZ3]

AT&T is now a bank? Sprint Nextel?

I don't insist that the article titles (or summaries) be perfect, but could they at least have SOME relation to the story itself?

Re:

[account_deleted]

Comment removed based on user account deletion

Whatever

[Master of Transhuman]

I used to work at Bank of America. It's run by idiots. So no surprise they come out on top.

American Express Is Actually Good

[dynamator]

They went to bat for us against two fraudulent merchants. There was no identity theft involved, but hey, they were there for us.