Identity Theft: Consumer Perception Versus Reality

Information about the threats of identity theft seem to be everywhere -- media headlines, websites, billboards, television ads, and your financial institution has probably warned its customers of the problem.

The real question is – how bad is the problem? When you compare studies and reports, it can yield confusing results. One study says it’s going up, another study says it’s flat. From the point of Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, identity theft or the threat of it happening to a consumer is more about the consumer’s perception rather than the real numbers of identity theft.

Yes, there are individuals across the globe becoming victims of identity theft as you read this sentence. But the “real” kind of identity theft, where another person assumes a victim’s entire identity, “Is not as large of a percentage as people think,” Ponemon said.

Financial institutions and other companies that hold consumer credit information, “are doing better job at detecting this type of fraud. It’s not growing at the exponential rate, but rather growing at linear rate,” he noted.

The other kind of identity theft, financial account takeover or credit card or debit card takeover—is growing, and it is exponential, he said. One example of this exponential growth is the TJX data breach where more than 45 million customers were affected.

However, Ponemon said he is more concerned with the level of consumers’ fears of identity theft and the overall perception of the issue. “Fear of identity theft is also growing at exponential rate. People are reading about identity theft, and are becoming more afraid of what or who is out there waiting to snatch their identity,” he said.

“This is paralyzing people, they don’t want to use online services such as online banking. The perception is a lot worse than it actually is,” he said. The other problem he pointed to was the cottage industries pushing their solutions to identity theft and privacy protection.

“These cottage industries are creating a myth and things are really bad, and tout their products to solve privacy protection issues that can’t be guaranteed,” he noted. As one example he pointed to was a company advertising a guarantee that the consumer’s name would not be on any lists for telemarketing. “How can they tell a consumer that no telemarketer will call them? It causes more uncertainty in the minds of consumers about the problem,” he said.

Financial institutions should consider educating their customers about the problems surrounding identity theft, credit card fraud, and other types of scams. “The erosion of consumer trust must be addressed in the industry,” he said.

The stronger authentication methods required for online transactions at financial institutions does help increase the trust among online banking customers, and he likes the idea of having a single identification card for all types of transactions, like a national identification card. “Though this conjures up the film noire scene of the soldiers stopping people boarding a train asking for identification papers, so it may be some work to gain acceptance of American consumers,” he said.

Based on a study that the Ponemon Institute did last year on consumer perceptions, how people feel about authentication, identification cards and identity theft vary widely. “But people are tired of having to remember 20 passwords,” he said.

Ponemon cautioned financial institutions to keep the confidence level high among their customer base. “The most trusted banks, from our report on top banks for privacy, shows that institutions such as Wachovia, Washington Mutual, National City, U.S. Bank and Bank of America stress the privacy of their customers’ identities and account information,” he said.

The "2007 Consumer Survey on Data Security" by the Ponemon Institute, found that 62 percent of the respondents have been notified that their confidential data has been lost.

The high percentage of individuals that have been notified of a data loss event has contributed to increased security concerns, as the vast majority of those notified reported concern about the event. "Our research clearly shows that data breaches are affecting consumers’ trust in the organizations with which they share their data and, ultimately, their buying behavior,” These data breaches have had a direct impact on consumer buying behavior, including reluctance to use their credit or debit card to make a purchase with a Web merchant they don’t know, and unwillingness to provide their Social Security number online.

“There a few big picture items in the study for financial institutions to ponder. One is that the average consumer has a different view of data breaches, and where they’re occurring. Financial institutions and brokerages are held to a higher standard, than say a retailer like TJX,” Ponemon noted. “For whatever reason, consumers tend to hold certain groups [financial institutions] to a higher standard.”


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network