Identity theft: the US legal environment and organisations’ related responsibilities
| DOI | https://doi.org/10.1108/13590790510625043 |
| Published date | 01 January 2005 |
| Pages | 33-43 |
| Date | 01 January 2005 |
| Author | Gregory J. Gerard,William Hillison,Carl Pacini |
| Subject Matter | Accounting & finance |
Identity Theft: The US Legal Environment and
Organisations' Related Responsibilities
Gregory J. Gerard, William Hillison and Carl Pacini
INTRODUCTION
In this paper, the authors discuss an organisation's
responsibilities to mitigate the opportunity for iden-
tity theft.
1
They also provide guidance to evaluate
and implement controls useful in addressing identity
theft risk. Identity theft is the criminal act of assuming
the identity of another person with the expectation of
gain. The gain is normally ®nancial as a result of
extending credit improperly, allowing banking trans-
actions, establishing cellular telephone or utility ser-
vices, or accessing governmental bene®ts.
It is estimated that identity theft resulted in the loss
of $221bn worldwide in 2003, with $73.8bn lost in the
USA alone. That number is almost a 300 per cent
increase over the losses reported in 2002. By 2005,
losses from identity theft could amount to $2trn
worldwide, if the 300 per cent growth rate continues.
2
Much that has been written about identity theft dis-
cusses steps that individuals can take to minimise the
risk of theft of their identities. Most of these steps
involve protecting the information that individuals
have in their possession. Other literature provides
advice on what to do if a person becomes a victim.
Typically discussed are the steps a person should take
to alleviate the problems associated with the theft of
identity.
In contrast, issues addressed here relate to organisa-
tions that collect, assemble, process, store and retrieve
information about individuals. Many organisations
may not recognise the potential liability of not con-
trolling information risks. This paper identi®es the
legal and moral responsibilities, risks, and related
internal controls associated with personal information
about an organisation's customers, employees, and
other stakeholders.
BACKGROUND
Identity theft is fast becoming the most pervasive
®nancial crime today. According to the Federal
Trade Commission (FTC), identity theft accounted
for more than 160,000 complaints in 2002 and was
the number one source of consumer complaints for
the third consecutive year. Identity theft accounted
for over 130,000 or 62 per cent of complaints received
by the FTC through the ®rst seven months of 2003.
3
A recent FTC telephone survey involving a sample
of more than 4,000 individuals projected that as many
as 27 million Americans were victims of identity theft
in the last ®ve years. In the past year, almost 10 million
people (or 3.4 per cent of the population) were victi-
mised. The average loss to businesses was $4,800 per
incident, primarily from new account fraud and
credit card misuse.
4
The average loss for individuals
was $500.
5
The greatest losses resulted from thieves using a vic-
tim's personal information to open new accounts.
Fraudulent new account openings accounted for
$32.9bn in losses to businesses and $3.8bn to consu-
mers.
6
In addition to out-of-pocket losses, there is
the cost of ®ghting the problems associated with iden-
tity theft. Law enforcement agencies spend about
$15,000 on each case and each victim spends about
175 man-hours on dealing with the paperwork
restoring order to their ®nancial lives.
7
Since liability of identity theft victims is limited by
law, credit reporting agencies typically have placed
the burden of proof on the victim to show that debts
incurred by identity thieves were not authorised.
8
Creditors and collectors, being well familiar with ela-
borate disavowals from debtors, generally continue
collection eorts in spite of the victim's claims. Ulti-
mately, the unpaid fraudulent accounts are charged-
o, leaving the victim abused by collection eorts
and often ®nancially ruined by adverse credit reports.
9
In addition to the victim's hassle related to clearing
up fraudulent bank accounts and credit card debts, the
public is put at risk because identity theft is linked to
drug tracking, money laundering and terrorism.
10
As Dennis Lormel, Chief of the FBI's Financial
Crimes Section, told the House Committee on Finan-
cial Aairs in October 2001, `terrorist cells often resort
to traditional fraud schemes to fund the terrorists'
activities. The ease with which these individuals can
obtain false identi®cation or assume the identity of
someone else, and then open bank accounts and
obtain credit cards, make these attractive ways to
generate funds'.
11
Page 33
Journal of Financial Crime Ð Vol. 12 No. 1
Journalof FinancialCrime
Vol.12, No. 1, 2004, pp. 33 ±43
#HenryStewart Publications
ISSN1359-0790
To continue reading
Request your trial