FTC asks Congress for identity theft protections

April 13, 2011

A customer opens his wallet at a Macy's cash register on Black Friday in New York November 26, 2010. REUTERS/Jessica RinaldiWith millions of consumers losing billions of dollars and immeasurable time and aggravation due to identity theft, it’s time to require greater protections for Social Security numbers, the Federal Trade Commission told a congressional committee.

As a consumer, your Social Security I.D. is how you are recognized when it comes to taxes, government benefits and credit. But when Social Security information gets into the wrong hands, it’s also key to stealing your money and privacy.

The FTC in its testimony from Maneesha Mithal, director of the agency’s Division of Privacy and Identity Protection, told Congress that to better protect Americans from identity theft the following actions should be taken:

  • the establishment of national consumer authentication standards “to verify that consumers are who they purport to be.”
  • the creation of national standards to reduce the public display and transmission of Social Security numbers.
  • the adoption by Congress of national data-security standards.
  • the requirement that organizations notify affected consumers when their data has been breached.

Consumers are a constant target for thieves as the process of stealing has become something that can be done with the use of databases and computer programs — a far higher volume version of the old-fashioned pickpocket or purse snatch. Witness the recent theft of millions of email addresses and user names.

The value of that data is in thieves trying to use it to pry out additional information that could lead to accounts and money being unlocked.

In the testimony, Mithal said use of Social Security numbers has become such a prevalent tool for job applicants, credit applicants and government benefit applicants that they are easier to steal and of more value to thieves. It is important, she noted, that an alternative method of identifying people is developed.

The FTC told Congress that the agency gets 15,000 to 20,000 calls every week about identity theft. The calls range from people seeking to protect themselves to victims looking for guidance and help.

The agency, Mithal said, also has been working with businesses to help protect Social Security numbers and other personal information. The agency has taken action against those who have failed to use proper safeguards.

“Since 2001, the Commission has brought 32 law enforcement actions challenging businesses that failed to reasonably protect sensitive consumer information that they maintained,” she told Congress.

Among them:

  • In February, a collection of credit report resellers settled allegations that they failed to prevent hackers from accessing more than 1,800 credit reports.
  • Data broker ChoicePoint twice had to pay penalties in recent years after allegations that its practices exposed consumer names to identity theft. The first case cost ChoicePoint $15 million in penalties and restitution.
  • American United Mortgage Company in 2007 paid a penalty after the company was accused of tossing customers’ personal information, including Social Security numbers, into garbage receptacles rather than shredding discarded documents.

“We applaud the FTC for recognizing the role of Social Security Numbers in identity theft and the steps that it is taking to minimize the use of Social Security Numbers for purposes beyond its original intended purpose,” said Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse.

He agreed that authentication is something that would help protect the numbers.

“An authentication factor should be something a person knows, like a password or PIN, or something a person has, like a physical device or token, Stephens said. “Unlike identifiers, authenticators are supposed to be secret and not widely known, or entirely unique to the individual. That cannot be said of Social Security Numbers.”

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/

[…] to the Reuters’ blog, Maneesha Mithal, director of the FTC’s Division of Privacy and Identity Protection, told […]

Posted by ITAC Blog » Blog Archive » FTC Calls for National Consumer Authentication Standard to Prevent Identity Theft | Report as abusive

[…] incidence of tax-related identity fraud is indeed staggering,” said Paul Stephens, director of policy and advocacy for Privacy Rights […]

Posted by IRS sees staggering jump in identity theft cases | Reuters Wealth | Report as abusive