Call Ralph Nader: Companies Don't Care About Identity Theft Because It's Cheaper To Just Clean Up The Mess If It Happens
from the class-action,-the-movie dept
Willton writes “Daniel Solove highlights a paper written by Chris Hoofnagle about how one of the reasons identity theft happens is because companies have made the economic decision to let it happen.
In the post, Solove compares the identity theft situation to the famous case involving an accident due to a defect in a Ford Pinto, in which it came to light that Ford knew about the design defect in the car but ignored it because it calculated that paying damages in lawsuits would be less than fixing the design flaw.”
Of course, in the case of the Pinto, the scandalous cost-benefit analysis in question led to 27 deaths, whereas identity theft, at least, hasn’t resulted in anyone’s death (hopefully). However, there is a significant cost to the victim in time, mental anguish, and inconvenience, none of which ever really hits the bottom line of the company involved. That said, since the Identity Theft Enforcement and Restitution Act was passed in 2007, it is now possible to sue scammers for the time and effort spent to repair one’s life after identity theft. If there is gross negligence on the part of a company that contributes to identity theft, perhaps a future class action lawsuit over this issue is not too far off.
Filed Under: identity theft
Comments on “Call Ralph Nader: Companies Don't Care About Identity Theft Because It's Cheaper To Just Clean Up The Mess If It Happens”
This shouldn’t be clasified under “Rumors…” more likely it should be listed under “I thought everyone knew this…”
so companies can make the cost benefit judgement on identity theft but they cannot make it on willful copyright or patent infringement? more stories from the techdirt lala land.
Re: Re:
Being bad at cost/benefit analysis does not mean you are incapable of trying. Also, different methods are used to calculate costs and benefits with real objects (like Ford Pintos) and ideas (Method to do something obvious).
Re: Re:
“so companies can make the cost benefit judgement on identity theft but they cannot make it on willful copyright or patent infringment?”
Yes, in both cases large companies with lawyers on staff find it cheaper to litigate than innovate. What’s confusing you?
Re: Re: Re:
masnick dismissed the other one as “one of the most ridiculous analyses of the current patent situation”. he cant have it both ways but he tries to.
Re: Re: Re: Re:
You’re not making sense. In the patent case, Mike disagrees with the claim that most patent infringement is a matter of a company knowingly infringing after determining the benefit is worth the potential cost. In this story, he reports that many companies decide not to do anything about identity theft because it’s cheaper not to.
Just because they both involve a cost-benefit analysis doesn’t mean they have anything to do with one another.
Re: Re: Re:2 Re:
basically all companies are smart enough to cost benefit identity theft issues but not smart enough to cost benefit intentional infringement? so companies can only be smart the agreed techdirt way?
Re: Re: Re:3 Re:
I think your little crusade here is turning into some kind of psychopathic compulsive obsession with Mike contradicting himself. Is your bedroom covered in wallpaper clippings of Mike?
Sue Their Pants Off
No company can think of or prevent the ingenuity of every thief on the Internet. My feeling is if they don’t take every reasonable precaution to prevent these actions by these people it should without question cost them a lot more not only in fines but restitution to the consumer. It should cost them enough so that it hurts a lot. It’s the only way these people will get the message. “No More Mister Nice Guy.”
Re: Sue Their Pants Off
You MUST be a lawyer. If the answer is ever “we need more lawsuits”, then the question sucks….
Re: Re: Sue Their Pants Off
Dark Helmet I may be just a bit biased as anything that I have ever gotten in my life of any financial value I have had to sue for. I admit that it is a pain in the neck but it usually works. My motto for decades has been “That’s not the figure I’m thinking of”.
Re: Re: Re: Sue Their Pants Off
Really? Everything you’ve ever gotten of financial value in your LIFE you’ve had to sue for? I’m not even trying to be an ass here, I’m just seriously surprised that such a statement could ever be uttered.
Your life would likely be an awesome basis for a novel….
Re: Re: Re:2 Sue Their Pants Off
“Your life would likely be an awesome basis for a novel….”
A Boy Named Sue
Re: Re: Re: Sue Their Pants Off
Have you tried contributing something to society instead? Like, getting a job maybe. Then you’ll buy a car or a house, you know, get something of financial value without having to sue somebody.
Re: Re: Re: Sue Their Pants Off
Dark Helmet I may be just a bit biased as anything that I have ever gotten in my life of any financial value I have had to sue for.
That’s the future of America: living by lawsuits. The only kind of school worth going to in America any more is law school.
Simple solution
I’ve always wondered why we don’t just make the company accepting payment responsible for the loss. If somebody walks into my bank, claims to be me, and walks out with all my money, the bank should be responsible for that loss.
If retailers had that responsibility put on them they would push the credit card companies to find solutions.
Basically if I claim a charge/withdrawal/… to be fraudulent the burden of proof should be on the entity that accepted payment. If they can’t prove (I’m thinking civil levels of proof) I authorized the funds they must restore them.
Re: Simple solution
Corporations are exempted from being responsible for anything other than profits.
Re: Simple solution
Retailers ARE responsible for credit card fraud, a form of identify theft. The retailers have little leverage against the card companies such as Visa. Visa could care less if a single small merchant stopped taking Visa whereas a small retailer might end up out of business if they stopped taking credit cards.
Leverage is only available when there are alternate solutions that can be used.
Credit Card Security
Why is it that credit card companies will sell you “protection”, but don’t seem to actually implement security features?
It also presents an apparent conflict of interest. You don’t get protection unless you pay, but the credit card companies at the same time claim to protect you!!!! Doesn’t make sense from the security point of view, but does point to dishonest marketing to make extra $$$.
Anyway, I have noticed some recent simple security measures that could have been implement years ago. The gas pumps now ask for your zip code. Also when a large $$$ purchase was made, we did receive a call from the credit card company verifying our purchase. But overall, I would have to agree based on anecdotal experience that private companies really do NOT care about security.
Why don’t we pass a law making every person a corporation.
Then maybe, we(real citizens for whom the Constitution was intended to protect) would at last have equal rights with these corporate inventions.
Of course, only temporarily, until they pool their resources(ie. money and lobbyists) to buy off our politicians and change the laws back in their favor.
Yesterday's news, isn't it?
Want easy proof? Try to find a link/e-mail address anywhere to report online fraud.
You know, try to report blatant stuff like sites with faked “trust” logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity.
There isn’t any that I’ve ever found, and I’ve looked many times.
Back in the mid to late 1990’s I found a scam website in Florida (where they all seem to live/be hosted) The guy was pretending to sell cell phone contracts, but his database was stored in .csv format and accessible to anyone with a web browser. Names, addresses, home phone numbers, work phone nummbers, credit card issuer name and credit card numbers and e-mail addresses.
The number of people who cared? One and that was me. The number of people who didn’t care. Florida attorney general. FTC. Visa. Mastercard. Discover. American Express. Citibank.
The site operated for nearly a year and a half. I periodically downloaded the .csv file and I bcc’ed e-mails to all the new addresses that showed up (about 50 per month or so) explaining to them that they had been scammed and that their personal information is exposed to the entire world.
What’d that get me? 100% of the people who responded accused me of being the one to steal their personal information. Apparently a lot of rocket scientists needed cell phones that year.
Within a month after my mom died, Visa both mailed and phoned us to let us know that if we’d like to continue making payments on the $1,200 balance on her credit card (i.e. her unsecured, personal loan) that we could contact them at these addresses and phone numbers. I think that was the first time I used the “c” word on a female cold caller and to this day I’m glad I did.
So, 2010 comes along and the credit card companies are still dishonest, greedy, unethical organizations and don’t care about identity theft. What has changed? The US government is now deeply in cahoots with them because, as the US government puts it, “it’s convenient”
http://www.irs.ustreas.gov/efile/article/0,,id=101316,00.html
Do you notice anything there? Do you notice any of those “concerned government entity” type disclaimers that say “Here are the pros AND CONS of paying by credit card”? No warnings?
Notice it’s not until several pages down that you find out that in addition to your taxes you’ll pay a “Credit or Debit Card Convenience Fee”?
So the US government plays along with their marketing approach “look how convenient it is” while downplaying the costs…
Any idea how much money the credit card issuers make if 0.5% of US income taxes get paid by credit card?
That’s right, as the economy crashes, the government continues to receive in the tax money even when the people don’t have any money to give *and* the credit card companies get to show a big profit even though the economy is in the shitter.
Sound like any present day scenarios?
Re: Yesterday's news, isn't it?
“You know, try to report blatant stuff like sites with faked “trust” logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity.”
Erm, you mean phishing sites?
http://www.us-cert.gov/nav/report_phishing.html
http://www.google.com/safebrowsing/report_phish/
http://www.irs.gov/privacy/article/0,,id=179820,00.html
http://www.onguardonline.gov/file-complaint.aspx
“There isn’t any that I’ve ever found, and I’ve looked many times.”
Try harder next time. Those were just the first few results that looked trustworthy from a Google search, and I’m sure that most major banks & retailers have phishing report links on their sites.
You will also probably find that things have vastly improved in the decade since your unfortunate experience in the late 90s, as have most things regarding the internet and security.
Re: Re: Yesterday's news, isn't it?
Those sites aren’t created by or supported by the credit card companies and for the most part do nothing about reports unless they receive many reports on the same issue. Google simply updates their spam filters with the address of the phishing sites reported there. The IRS website deals only with federal incoming tax related phishing scams, it has nothing to do with credit cards. Show me the link on onguardonline.gov where you can report a phishing attempt to a proactive site operated by a credit card issuer.
You can’t because there isn’t one.
Or are you suggesting that banks should operate like credit card issuers and wait until enough people have reported a bank robbery to a government site before the government decides it has passed a threshold and reports it to bank so that they can then call the police to investigate the robbery?
That’s pretty much how it works. Bank gets robbed, it costs them money that they can’t recoup, therefore they are proactive and hire guards and install security systems. A bank can’t just send letters to all the people it has loaned money to and say “Sorry, we had some guys walk into our open vault when no one was around and they walked out with a bunch of money so we have to raise your student loan interest rates by 3%”.
Credit cards get phished and the credit card issuers don’t give a shit about what it costs their customers in terms of time, money or inconvenience. They don’t have to give a shit about any of it because the next month they simply issue a new addition or amendment to their card holder’s agreement telling every single one of them that they now have to pay an extra 3% in order to pay for phishing losses last quarter.
Hmmm, wonder if Nader’s Raiders could see a comeback. Probably not, but a guy can dream.
Real protection?
Todd Davis wonders why he’s been scammed so many times even though he’s the CEO of Lifelock. After reading this he’s just plain stupid!
http://blogs.myspace.com/index.cfm?fuseaction=blog.view&friendId=388730644&blogId=532659819
Sure, you can report fraud, but does anything ever happen? Does it produce results? I doubt it. So what is the point of reporting it?
hacker for hire
i hired a hacker to find out if my husband is cheating me. he hacked the email and gave me evidence that my husband is a real pain in my ***. i can recommend to you his email. his email is hacker4hire@hackermail.com
Perhaps – but I recall many of the companies who have lost data over the years…. I wouldn’t even CONSIDER using their services.
ID Theft
With all the corporate greed going on nowadays, it’s not surprising that companies don’t care at all about the consumer. But what about
identity theft protection services? Does it work?
Identity theft
Yes corporations can become cynical with regard to the cost versus the benefit of identity fraud, but are they smart enough to figure the consequences therefore the level of risk?
Seems a stupid attitude to me, especially when you realise that if they take action it will help the cause. But private individuals shouldn’t be too casual about it either – there are a number of examples out there where people have had trouble with the IRS because of identity fraud and as someone mentioned above it is stressful. So at least go find a cross-cut shredding machine etc. and deal with your own security
Identity Theft
Companies have security holes big enough to drive a truck through. It’s not wonder that so many people get their identities stolen in the huge data breeches. Seems like it happens every day and not just to companies. Colleges are really bad at it, too.