Call Ralph Nader: Companies Don't Care About Identity Theft Because It's Cheaper To Just Clean Up The Mess If It Happens

from the class-action,-the-movie dept

Willton writes "Daniel Solove highlights a paper written by Chris Hoofnagle about how one of the reasons identity theft happens is because companies have made the economic decision to let it happen.

In the post, Solove compares the identity theft situation to the famous case involving an accident due to a defect in a Ford Pinto, in which it came to light that Ford knew about the design defect in the car but ignored it because it calculated that paying damages in lawsuits would be less than fixing the design flaw."


Of course, in the case of the Pinto, the scandalous cost-benefit analysis in question led to 27 deaths, whereas identity theft, at least, hasn't resulted in anyone's death (hopefully). However, there is a significant cost to the victim in time, mental anguish, and inconvenience, none of which ever really hits the bottom line of the company involved. That said, since the Identity Theft Enforcement and Restitution Act was passed in 2007, it is now possible to sue scammers for the time and effort spent to repair one's life after identity theft. If there is gross negligence on the part of a company that contributes to identity theft, perhaps a future class action lawsuit over this issue is not too far off.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 7:06am

    This shouldn't be clasified under "Rumors..." more likely it should be listed under "I thought everyone knew this..."

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 7:12am

    so companies can make the cost benefit judgement on identity theft but they cannot make it on willful copyright or patent infringement? more stories from the techdirt lala land.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 7:28am

    Re:

    Being bad at cost/benefit analysis does not mean you are incapable of trying. Also, different methods are used to calculate costs and benefits with real objects (like Ford Pintos) and ideas (Method to do something obvious).

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Bradley Stewart, Apr 12th, 2010 @ 7:29am

    Sue Their Pants Off

    No company can think of or prevent the ingenuity of every thief on the Internet. My feeling is if they don't take every reasonable precaution to prevent these actions by these people it should without question cost them a lot more not only in fines but restitution to the consumer. It should cost them enough so that it hurts a lot. It's the only way these people will get the message. "No More Mister Nice Guy."

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Dark Helmet (profile), Apr 12th, 2010 @ 7:33am

    Re: Sue Their Pants Off

    You MUST be a lawyer. If the answer is ever "we need more lawsuits", then the question sucks....

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Steven (profile), Apr 12th, 2010 @ 7:37am

    Simple solution

    I've always wondered why we don't just make the company accepting payment responsible for the loss. If somebody walks into my bank, claims to be me, and walks out with all my money, the bank should be responsible for that loss.

    If retailers had that responsibility put on them they would push the credit card companies to find solutions.

    Basically if I claim a charge/withdrawal/... to be fraudulent the burden of proof should be on the entity that accepted payment. If they can't prove (I'm thinking civil levels of proof) I authorized the funds they must restore them.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 7:47am

    Re: Simple solution

    Corporations are exempted from being responsible for anything other than profits.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    ChurchHatesTucker (profile), Apr 12th, 2010 @ 7:47am

    Re:

    "so companies can make the cost benefit judgement on identity theft but they cannot make it on willful copyright or patent infringment?"

    Yes, in both cases large companies with lawyers on staff find it cheaper to litigate than innovate. What's confusing you?

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Steve R. (profile), Apr 12th, 2010 @ 7:56am

    Credit Card Security

    Why is it that credit card companies will sell you "protection", but don't seem to actually implement security features?

    It also presents an apparent conflict of interest. You don't get protection unless you pay, but the credit card companies at the same time claim to protect you!!!! Doesn't make sense from the security point of view, but does point to dishonest marketing to make extra $$$.

    Anyway, I have noticed some recent simple security measures that could have been implement years ago. The gas pumps now ask for your zip code. Also when a large $$$ purchase was made, we did receive a call from the credit card company verifying our purchase. But overall, I would have to agree based on anecdotal experience that private companies really do NOT care about security.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 8:30am

    Why don't we pass a law making every person a corporation.
    Then maybe, we(real citizens for whom the Constitution was intended to protect) would at last have equal rights with these corporate inventions.
    Of course, only temporarily, until they pool their resources(ie. money and lobbyists) to buy off our politicians and change the laws back in their favor.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Bradley Stewart, Apr 12th, 2010 @ 8:34am

    Re: Re: Sue Their Pants Off

    Dark Helmet I may be just a bit biased as anything that I have ever gotten in my life of any financial value I have had to sue for. I admit that it is a pain in the neck but it usually works. My motto for decades has been "That's not the figure I'm thinking of".

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Dark Helmet (profile), Apr 12th, 2010 @ 8:38am

    Re: Re: Re: Sue Their Pants Off

    Really? Everything you've ever gotten of financial value in your LIFE you've had to sue for? I'm not even trying to be an ass here, I'm just seriously surprised that such a statement could ever be uttered.

    Your life would likely be an awesome basis for a novel....

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    TheOldFart, Apr 12th, 2010 @ 8:49am

    Yesterday's news, isn't it?

    Want easy proof? Try to find a link/e-mail address anywhere to report online fraud.

    You know, try to report blatant stuff like sites with faked "trust" logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity.

    There isn't any that I've ever found, and I've looked many times.

    Back in the mid to late 1990's I found a scam website in Florida (where they all seem to live/be hosted) The guy was pretending to sell cell phone contracts, but his database was stored in .csv format and accessible to anyone with a web browser. Names, addresses, home phone numbers, work phone nummbers, credit card issuer name and credit card numbers and e-mail addresses.

    The number of people who cared? One and that was me. The number of people who didn't care. Florida attorney general. FTC. Visa. Mastercard. Discover. American Express. Citibank.

    The site operated for nearly a year and a half. I periodically downloaded the .csv file and I bcc'ed e-mails to all the new addresses that showed up (about 50 per month or so) explaining to them that they had been scammed and that their personal information is exposed to the entire world.

    What'd that get me? 100% of the people who responded accused me of being the one to steal their personal information. Apparently a lot of rocket scientists needed cell phones that year.

    Within a month after my mom died, Visa both mailed and phoned us to let us know that if we'd like to continue making payments on the $1,200 balance on her credit card (i.e. her unsecured, personal loan) that we could contact them at these addresses and phone numbers. I think that was the first time I used the "c" word on a female cold caller and to this day I'm glad I did.

    So, 2010 comes along and the credit card companies are still dishonest, greedy, unethical organizations and don't care about identity theft. What has changed? The US government is now deeply in cahoots with them because, as the US government puts it, "it's convenient"

    http://www.irs.ustreas.gov/efile/article/0,,id=101316,00.html

    Do you notice anything there? Do you notice any of those "concerned government entity" type disclaimers that say "Here are the pros AND CONS of paying by credit card"? No warnings?

    Notice it's not until several pages down that you find out that in addition to your taxes you'll pay a "Credit or Debit Card Convenience Fee"?

    So the US government plays along with their marketing approach "look how convenient it is" while downplaying the costs...

    Any idea how much money the credit card issuers make if 0.5% of US income taxes get paid by credit card?

    That's right, as the economy crashes, the government continues to receive in the tax money even when the people don't have any money to give *and* the credit card companies get to show a big profit even though the economy is in the shitter.

    Sound like any present day scenarios?

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Rob.Etler (profile), Apr 12th, 2010 @ 9:10am

    Hmmm, wonder if Nader's Raiders could see a comeback. Probably not, but a guy can dream.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 9:25am

    Re: Re:

    masnick dismissed the other one as "one of the most ridiculous analyses of the current patent situation". he cant have it both ways but he tries to.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    PaulT (profile), Apr 12th, 2010 @ 10:09am

    Re: Yesterday's news, isn't it?

    "You know, try to report blatant stuff like sites with faked "trust" logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity."

    Erm, you mean phishing sites?

    http://www.us-cert.gov/nav/report_phishing.html

    http://www.google.com/safebrowsing/repo rt_phish/

    http://www.irs.gov/privacy/article/0,,id=179820,00.html

    http://www.onguardonline.gov /file-complaint.aspx

    "There isn't any that I've ever found, and I've looked many times."

    Try harder next time. Those were just the first few results that looked trustworthy from a Google search, and I'm sure that most major banks & retailers have phishing report links on their sites.

    You will also probably find that things have vastly improved in the decade since your unfortunate experience in the late 90s, as have most things regarding the internet and security.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    The Groove Tiger (profile), Apr 12th, 2010 @ 10:21am

    Re: Re: Re: Sue Their Pants Off

    Have you tried contributing something to society instead? Like, getting a job maybe. Then you'll buy a car or a house, you know, get something of financial value without having to sue somebody.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Terri, Apr 12th, 2010 @ 11:04am

    Real protection?

    Todd Davis wonders why he's been scammed so many times even though he's the CEO of Lifelock. After reading this he's just plain stupid!

    http://blogs.myspace.com/index.cfm?fuseaction=blog.view&friendId=388730644&blogId =532659819

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 11:18am

    Sure, you can report fraud, but does anything ever happen? Does it produce results? I doubt it. So what is the point of reporting it?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 11:27am

    Re: Simple solution

    Retailers ARE responsible for credit card fraud, a form of identify theft. The retailers have little leverage against the card companies such as Visa. Visa could care less if a single small merchant stopped taking Visa whereas a small retailer might end up out of business if they stopped taking credit cards.

    Leverage is only available when there are alternate solutions that can be used.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    nasch (profile), Apr 12th, 2010 @ 12:40pm

    Re: Re: Re:

    You're not making sense. In the patent case, Mike disagrees with the claim that most patent infringement is a matter of a company knowingly infringing after determining the benefit is worth the potential cost. In this story, he reports that many companies decide not to do anything about identity theft because it's cheaper not to.

    Just because they both involve a cost-benefit analysis doesn't mean they have anything to do with one another.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 1:53pm

    Re: Re: Re: Sue Their Pants Off

    Dark Helmet I may be just a bit biased as anything that I have ever gotten in my life of any financial value I have had to sue for.

    That's the future of America: living by lawsuits. The only kind of school worth going to in America any more is law school.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    TheOldFart, Apr 12th, 2010 @ 2:03pm

    Re: Re: Yesterday's news, isn't it?

    Those sites aren't created by or supported by the credit card companies and for the most part do nothing about reports unless they receive many reports on the same issue. Google simply updates their spam filters with the address of the phishing sites reported there. The IRS website deals only with federal incoming tax related phishing scams, it has nothing to do with credit cards. Show me the link on onguardonline.gov where you can report a phishing attempt to a proactive site operated by a credit card issuer.

    You can't because there isn't one.

    Or are you suggesting that banks should operate like credit card issuers and wait until enough people have reported a bank robbery to a government site before the government decides it has passed a threshold and reports it to bank so that they can then call the police to investigate the robbery?

    That's pretty much how it works. Bank gets robbed, it costs them money that they can't recoup, therefore they are proactive and hire guards and install security systems. A bank can't just send letters to all the people it has loaned money to and say "Sorry, we had some guys walk into our open vault when no one was around and they walked out with a bunch of money so we have to raise your student loan interest rates by 3%".

    Credit cards get phished and the credit card issuers don't give a shit about what it costs their customers in terms of time, money or inconvenience. They don't have to give a shit about any of it because the next month they simply issue a new addition or amendment to their card holder's agreement telling every single one of them that they now have to pay an extra 3% in order to pay for phishing losses last quarter.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Apr 12th, 2010 @ 7:27pm

    Re: Re: Re: Re:

    basically all companies are smart enough to cost benefit identity theft issues but not smart enough to cost benefit intentional infringement? so companies can only be smart the agreed techdirt way?

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Apr 13th, 2010 @ 6:19am

    Re: Re: Re: Re: Re:

    I think your little crusade here is turning into some kind of psychopathic compulsive obsession with Mike contradicting himself. Is your bedroom covered in wallpaper clippings of Mike?

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    ChurchHatesTucker (profile), Apr 13th, 2010 @ 8:05am

    Re: Re: Re: Re: Sue Their Pants Off

    "Your life would likely be an awesome basis for a novel...."

    A Boy Named Sue

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    alina orozco, Apr 13th, 2010 @ 11:20am

    hacker for hire

    i hired a hacker to find out if my husband is cheating me. he hacked the email and gave me evidence that my husband is a real pain in my ***. i can recommend to you his email. his email is hacker4hire@hackermail.com

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    Overcast (profile), Apr 20th, 2010 @ 1:52pm

    Perhaps - but I recall many of the companies who have lost data over the years.... I wouldn't even CONSIDER using their services.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Jennifer Rademacher, Jun 8th, 2010 @ 3:14pm

    ID Theft

    With all the corporate greed going on nowadays, it’s not surprising that companies don’t care at all about the consumer. But what about identity theft protection services? Does it work?

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Mary Hillerby, Sep 11th, 2011 @ 9:46pm

    Identity theft

    Yes corporations can become cynical with regard to the cost versus the benefit of identity fraud, but are they smart enough to figure the consequences therefore the level of risk?
    Seems a stupid attitude to me, especially when you realise that if they take action it will help the cause. But private individuals shouldn't be too casual about it either - there are a number of examples out there where people have had trouble with the IRS because of identity fraud and as someone mentioned above it is stressful. So at least go find a cross-cut shredding machine etc. and deal with your own security

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Katherine Waters, Mar 28th, 2013 @ 10:55am

    Identity Theft

    Companies have security holes big enough to drive a truck through. It's not wonder that so many people get their identities stolen in the huge data breeches. Seems like it happens every day and not just to companies. Colleges are really bad at it, too.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This