ID theft remains No. 1 worry

For the fifth straight year, the FTC said most complaints came from identity theft victims. And that's a problem for enterprises.

During an American Express forum on identity theft last year, panelists agreed enterprises must do more to protect their computer networks from those who would use them as pawns to commit the crime. A new report from the Federal Trade Commission (FTC) adds weight to that argument.

For the fifth straight year, identity theft topped the list of complaints the FTC fielded in 2004, according to its annual consumer complaint report. Specifically, 39% of the 635,173 consumer fraud complaints were for identity theft.

The report also showed that:

  • 246,570 of the 635,173 complaints were identity theft reports and 388,603 were fraud complaints;
  • Internet-related complaints accounted for 53% of all reported fraud complaints;
  • Major metropolitan areas with the highest per-capita rates of consumer fraud complaints were Washington, DC; San Jose-Sunnyvale-Santa Clara, Calif.; and Las Vegas-Paradise, Nev.;
  • Credit card fraud was the most common form of reported identity theft, followed by phone or utilities fraud, bank fraud, and employment fraud; and
  • Major metropolitan areas with the highest per-capita rates of reported identity theft were Phoenix-Mesa-Scottsdale, Ariz.; Riverside-San Bernardino-Ontario, Calif.; and Las Vegas-Paradise, Nev.

"These are real people who have lost real money and the FTC offers them a direct link to finding a solution," Chairman Deborah Platt Majors said in a statement. "By filing complaints, consumers are one click away from thousands of law enforcement partners who can help restore their good name, protect their financial security, and give the FTC the information we need to stop fraud in its tracks."

Majors said consumers can file fraud and identity theft complaints through the FTC Web site. The FTC enters complaints from consumers and various agencies in its Consumer Sentinel database. The data is accessible to more than 1,200 law enforcement agencies across the country and in Canada and Australia. The information helps law enforcement agencies coordinate actions, avoid duplication, spot trends and leverage law enforcement assets, she added.

The report adds weight to the observations panelists made at an identity theft forum American Express held in New York last November.

Panelists agreed that while it's up to consumers to carefully protect their information, enterprises must play an important role. This includes protecting electronic records with the proper security software and network management, carefully screening employees and adopting strict procedures for storing and handling customer information.

"I like to summarize best business practices as the three Ps: physical security, the need to secure paper and electronic records; personnel, companies carefully screening their employees; and procedures, not collecting information you don't need and shredding information you no longer need," said Ken Hunter, president and CEO for the Council of Better Business Bureaus. "Firewalls, antivirus protection and encryption are all necessary, and it's critical that companies only release the minimal information necessary to those who need it."

Though consumers are the biggest victims of identity theft, Hunter said enterprises pay a high price as well. "Businesses pay $48 billion a year to clean up after ID theft schemes," he said. "Businesses that are used are hurt by more than financial loss. Their reputations are also hurt."

Read more on IT risk management