Posted by: Arian Eigen Heald
Data Breaches, Identity theft
Information about consumer purchases, habits and history have become multi-billion dollar treasure troves for businesses to sell and mine for others.
Specialized, targeted information from consumer databases held by banks and other financial institutions are being used to develop business lines. Advertisements, mailings, telemarketing and other targeted ads are the marketing tools of choice to offer services to the targeted market of financially stable consumers. But it’s no accident that identity thieves use the same tools the marketers do. It’s the same information, put to illegal ends. Identity thieves have become experts at following the money.
I recently received a letter in the mail, with the words “Important Information!!!” emblazoned on the front, (along with the bank’s name and return address) and inside, along with my name and address, was the entirely unsolicited offer to let me cash out on the equity in my house via a six figure loan.
What would have happened to that information if it had been intercepted and I had never seen the offer? Or tossed it in the trash, to be opportunely reviewed by whoever took an
interest? How long would it have taken for me to find out a loan had been taken out on the equity in my house?
Mailing products have become the favorite hunting grounds of small-time identity thieves. One thief can ruin several dozen credit histories and move on before a consumer can react.
Consider the arrival of checks. Those pleasant brown boxes the bank orders for you are distinctive AND contain important nuggets of information, such as address, phone number, bank account and routing number. Some folks have had their driver’s license number printed on their checks. By providing this service via regular mail, with no safeguards to confirm arrival to the proper party, retail institutions invite theft.
Banks and financial institutions that send unsolicited checks in the mail (the kind used to withdraw from CDs, for instance) are also providing opportunity. Those long white envelopes from business addresses are becoming noticeable by their very anonymous return postal addresses.
Banks looking to expand markets often run credit checks on potential customers in order to offer tailored services (witness my home equity loan offer). But by doing so, banks open themselves to legal risk when data is lost or stolen, and angry consumers demand to know why their information was revealed.
Businesses can run credit checks with any of the “Big Three” credit bureaus (Experian, TransUnion and Equifax) by acquiring a business account and password. Once they log on, all they need to obtain a credit record is a name and Social Security number. That means those access codes are digital gold for would-be thieves who also happen to be employees.
Such temptation sometimes proves too much: 7,300 customers of Marchese Auto World settled a class action suit in May 2004 for $2.45 million. The charges were criminal and civil, based on customers of Marchese Auto World whose credit information was accessed by the defendant who used the information to take out loans in their names without their permission. The suit stated that the general manager of B.J. Marchese Auto World, Limerick, PA, illegally obtained credit reports for the victims and obtained more than $4 million dollars in unauthorized auto loans that were never purchased or leased. The plaintiffs were unaware of the loans, and suffered from credit damage and invasion of privacy.
It will be difficult for business organizations that depend on credit reviews to resist marketing campaigns that have provided profit before. Banks and businesses have been willing to absorb “acceptable levels” of fraud loss as part of the cost of doing business. The cost of this form of fraud is becoming extremely expensive when class action lawsuits take place.