Call Ralph Nader: Companies Don't Care About Identity Theft Because It's Cheaper To Just Clean Up The Mess If It Happens

from the class-action,-the-movie dept

Willton writes “Daniel Solove highlights a paper written by Chris Hoofnagle about how one of the reasons identity theft happens is because companies have made the economic decision to let it happen.

In the post, Solove compares the identity theft situation to the famous case involving an accident due to a defect in a Ford Pinto, in which it came to light that Ford knew about the design defect in the car but ignored it because it calculated that paying damages in lawsuits would be less than fixing the design flaw.”

Of course, in the case of the Pinto, the scandalous cost-benefit analysis in question led to 27 deaths, whereas identity theft, at least, hasn’t resulted in anyone’s death (hopefully). However, there is a significant cost to the victim in time, mental anguish, and inconvenience, none of which ever really hits the bottom line of the company involved. That said, since the Identity Theft Enforcement and Restitution Act was passed in 2007, it is now possible to sue scammers for the time and effort spent to repair one’s life after identity theft. If there is gross negligence on the part of a company that contributes to identity theft, perhaps a future class action lawsuit over this issue is not too far off.

Filed Under:

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Call Ralph Nader: Companies Don't Care About Identity Theft Because It's Cheaper To Just Clean Up The Mess If It Happens”

Subscribe: RSS Leave a comment
nasch (profile) says:

Re: Re: Re: Re:

You’re not making sense. In the patent case, Mike disagrees with the claim that most patent infringement is a matter of a company knowingly infringing after determining the benefit is worth the potential cost. In this story, he reports that many companies decide not to do anything about identity theft because it’s cheaper not to.

Just because they both involve a cost-benefit analysis doesn’t mean they have anything to do with one another.

Bradley Stewart (profile) says:

Sue Their Pants Off

No company can think of or prevent the ingenuity of every thief on the Internet. My feeling is if they don’t take every reasonable precaution to prevent these actions by these people it should without question cost them a lot more not only in fines but restitution to the consumer. It should cost them enough so that it hurts a lot. It’s the only way these people will get the message. “No More Mister Nice Guy.”

Steven (profile) says:

Simple solution

I’ve always wondered why we don’t just make the company accepting payment responsible for the loss. If somebody walks into my bank, claims to be me, and walks out with all my money, the bank should be responsible for that loss.

If retailers had that responsibility put on them they would push the credit card companies to find solutions.

Basically if I claim a charge/withdrawal/… to be fraudulent the burden of proof should be on the entity that accepted payment. If they can’t prove (I’m thinking civil levels of proof) I authorized the funds they must restore them.

Anonymous Coward says:

Re: Simple solution

Retailers ARE responsible for credit card fraud, a form of identify theft. The retailers have little leverage against the card companies such as Visa. Visa could care less if a single small merchant stopped taking Visa whereas a small retailer might end up out of business if they stopped taking credit cards.

Leverage is only available when there are alternate solutions that can be used.

Steve R. (profile) says:

Credit Card Security

Why is it that credit card companies will sell you “protection”, but don’t seem to actually implement security features?

It also presents an apparent conflict of interest. You don’t get protection unless you pay, but the credit card companies at the same time claim to protect you!!!! Doesn’t make sense from the security point of view, but does point to dishonest marketing to make extra $$$.

Anyway, I have noticed some recent simple security measures that could have been implement years ago. The gas pumps now ask for your zip code. Also when a large $$$ purchase was made, we did receive a call from the credit card company verifying our purchase. But overall, I would have to agree based on anecdotal experience that private companies really do NOT care about security.

Anonymous Coward says:

Why don’t we pass a law making every person a corporation.
Then maybe, we(real citizens for whom the Constitution was intended to protect) would at last have equal rights with these corporate inventions.
Of course, only temporarily, until they pool their resources(ie. money and lobbyists) to buy off our politicians and change the laws back in their favor.

TheOldFart (profile) says:

Yesterday's news, isn't it?

Want easy proof? Try to find a link/e-mail address anywhere to report online fraud.

You know, try to report blatant stuff like sites with faked “trust” logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity.

There isn’t any that I’ve ever found, and I’ve looked many times.

Back in the mid to late 1990’s I found a scam website in Florida (where they all seem to live/be hosted) The guy was pretending to sell cell phone contracts, but his database was stored in .csv format and accessible to anyone with a web browser. Names, addresses, home phone numbers, work phone nummbers, credit card issuer name and credit card numbers and e-mail addresses.

The number of people who cared? One and that was me. The number of people who didn’t care. Florida attorney general. FTC. Visa. Mastercard. Discover. American Express. Citibank.

The site operated for nearly a year and a half. I periodically downloaded the .csv file and I bcc’ed e-mails to all the new addresses that showed up (about 50 per month or so) explaining to them that they had been scammed and that their personal information is exposed to the entire world.

What’d that get me? 100% of the people who responded accused me of being the one to steal their personal information. Apparently a lot of rocket scientists needed cell phones that year.

Within a month after my mom died, Visa both mailed and phoned us to let us know that if we’d like to continue making payments on the $1,200 balance on her credit card (i.e. her unsecured, personal loan) that we could contact them at these addresses and phone numbers. I think that was the first time I used the “c” word on a female cold caller and to this day I’m glad I did.

So, 2010 comes along and the credit card companies are still dishonest, greedy, unethical organizations and don’t care about identity theft. What has changed? The US government is now deeply in cahoots with them because, as the US government puts it, “it’s convenient”,,id=101316,00.html

Do you notice anything there? Do you notice any of those “concerned government entity” type disclaimers that say “Here are the pros AND CONS of paying by credit card”? No warnings?

Notice it’s not until several pages down that you find out that in addition to your taxes you’ll pay a “Credit or Debit Card Convenience Fee”?

So the US government plays along with their marketing approach “look how convenient it is” while downplaying the costs…

Any idea how much money the credit card issuers make if 0.5% of US income taxes get paid by credit card?

That’s right, as the economy crashes, the government continues to receive in the tax money even when the people don’t have any money to give *and* the credit card companies get to show a big profit even though the economy is in the shitter.

Sound like any present day scenarios?

PaulT (profile) says:

Re: Yesterday's news, isn't it?

“You know, try to report blatant stuff like sites with faked “trust” logos that are just local images or a website that uses a non-secure connection to submit credit card info in plain text and their plain text PHP simply writes it the credit card info to a database and discards all other order information like product and quantity.”

Erm, you mean phishing sites?,,id=179820,00.html

“There isn’t any that I’ve ever found, and I’ve looked many times.”

Try harder next time. Those were just the first few results that looked trustworthy from a Google search, and I’m sure that most major banks & retailers have phishing report links on their sites.

You will also probably find that things have vastly improved in the decade since your unfortunate experience in the late 90s, as have most things regarding the internet and security.

TheOldFart (profile) says:

Re: Re: Yesterday's news, isn't it?

Those sites aren’t created by or supported by the credit card companies and for the most part do nothing about reports unless they receive many reports on the same issue. Google simply updates their spam filters with the address of the phishing sites reported there. The IRS website deals only with federal incoming tax related phishing scams, it has nothing to do with credit cards. Show me the link on where you can report a phishing attempt to a proactive site operated by a credit card issuer.

You can’t because there isn’t one.

Or are you suggesting that banks should operate like credit card issuers and wait until enough people have reported a bank robbery to a government site before the government decides it has passed a threshold and reports it to bank so that they can then call the police to investigate the robbery?

That’s pretty much how it works. Bank gets robbed, it costs them money that they can’t recoup, therefore they are proactive and hire guards and install security systems. A bank can’t just send letters to all the people it has loaned money to and say “Sorry, we had some guys walk into our open vault when no one was around and they walked out with a bunch of money so we have to raise your student loan interest rates by 3%”.

Credit cards get phished and the credit card issuers don’t give a shit about what it costs their customers in terms of time, money or inconvenience. They don’t have to give a shit about any of it because the next month they simply issue a new addition or amendment to their card holder’s agreement telling every single one of them that they now have to pay an extra 3% in order to pay for phishing losses last quarter.

Mary Hillerby (user link) says:

Identity theft

Yes corporations can become cynical with regard to the cost versus the benefit of identity fraud, but are they smart enough to figure the consequences therefore the level of risk?
Seems a stupid attitude to me, especially when you realise that if they take action it will help the cause. But private individuals shouldn’t be too casual about it either – there are a number of examples out there where people have had trouble with the IRS because of identity fraud and as someone mentioned above it is stressful. So at least go find a cross-cut shredding machine etc. and deal with your own security

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...