Identity theft is a catch-all term for crimes involving illegal usage of another individual's identity. The most common form of identity theft is credit card fraud. Identity theft is often looked at as an individual's problem. You know, something that consumers have to worry about. However organizations often spend a lot of time, effort, and money trying to prevent their customers from experiencing it. The reason for this is because if customers of these organizations experience identity theft (sometimes due to negligence or lack of proper security controls, and other times at no fault of their own), the organization has to face several consequences. These consequences often include loss of customers, reduced client loyalty and trust, reparation costs including credit repair and monitoring fees, as well as hard costs (reissue fees, account reimbursements, insurance fees, etc).
According to the Better Business Bureau, "The vast majority of identity fraud victims (68%) incur no out of-pocket expenses. This points out that businesses are victims of fraud."1 The aim of this paper is to provide some clarity to the real losses sustained by organizations whose customers experience identity theft. This fraudulent behavior by criminals erodes the reputation and profits of institutions, which I am calling "institutional identity theft". I also want to offer to the reader some of the best policies, procedures, and solutions to reduce your risk to institutional identity theft.