Tech firms band together on ID theft

Some of the biggest names in e-commerce, including Amazon.com, eBay and Microsoft, form a coalition to curb online identity theft.

Alorie Gilbert
Alorie Gilbert Staff Writer, CNET News.com
Alorie Gilbert
writes about software, spy chips and the high-tech workplace.
4 min read
Some of the biggest names in e-commerce, including Amazon.com, eBay and Microsoft, have formed a coalition to curb online identity theft.

The Coalition on Online Identity Theft, announced Tuesday, said it plans to launch a public education campaign and encourage its members to work more closely with law enforcement officials in an effort to fight a crime that has emerged as a major concern among politicians and consumers in recent years. The group is being organized by the Information Technology Association of America, a trade group representing the high-tech industry.

"We all agree we want to do something about this and nip this in the bud," said Greg Garcia, vice president of information security at ITAA, claiming that a small percentage of identity theft cases actually begin online.

Statistics show that identity theft has moved well past the bud stage to reach the level of full-blown weed infestation in recent years. The number of U.S. consumers that complained about some sort of identity theft nearly doubled to 162,000 last year, according to the Federal Trade Commission. And government figures only scratch the surface, technology analyst firm Garter said. Gartner estimates that 3.4 percent of U.S. consumers--about 7 million adults--have been victims of identity theft of some form in the past year.

The formation of the group comes just two months after the passage of a California law that requires companies to report to consumers any incident that may have compromised their personal data. The ITAA and others oppose such laws, saying they place too big a burden on corporations and could have unintended consequences, such as scaring people from going online.

"A lot of this is about public education and awareness," Garcia said. "People can protect themselves."

Garcia said the passage of the bill in California and the introduction of a similar national bill helped the coalition gather steam. "The existence of that law certainly adds another reason as to why such a coalition needs to exist," Garcia said. "We want to be less reactive to policies that are not well thought out, like that one."

Yet some believe consumer education can only go so far, and that legislation may be necessary. Gartner says, for instance, that banks and credit-card companies are mishandling the problem by treating fraud as a cost of doing business rather than as a crime against their customers.

"There is a serious disconnect between the magnitude of identity theft that innocent consumers experience and the industry's proper recognition of the crime," said Gartner analyst Avivah Litan in a July report. "Without external pressure from legislators and industry associations, financial services providers may not have sufficient incentive to stem the flow of identity theft crimes."

Credit-card fraud accounted for 42 percent of the identity theft complaints to the FTC last year, according to the agency.

Visa International, the world's largest credit-card company and a member of the ITAA-led coalition, could not be immediately reached for comment.

eBay began waging a public awareness campaign of its own against so-called spoof sites. This rapidly proliferating form of online fraud--called phishing--involves imposter e-mails and Web sites that look like they are from legitimate companies such as eBay. When people enter their passwords, credit-card numbers and other personal information, a thief on the other end collects the information to make charges on customer credit cards.

Earlier this year, eBay teamed with the FTC and a number of states to tackle spoof sites and other online auction fraud. Central to the effort is a public awareness campaign called "Operation Bidder Beware." However, the spoof site problem seems only to have spread since then, with new scams reported at Best Buy and Citibank in the past few weeks alone.

"It's still fairly early," said Kevin Pursglove, an eBay spokesman, discussing the impact of Operation Bidder Beware. "The fact is that more companies are beginning to report (the crime), and perpetrators believe there is gain to be had. There are probably more individual perpetrators behind this than there were a year ago."

The ITAA plans to push its members to share more information with government investigators and one another when they detect identity theft, Garcia said. Many companies have been loath to report such incidents to the police, fearing negative publicity should the media pick up the story. Garcia said he didn't know how the coalition could completely overcome that obstacle, but said it has already done something about it.

The ITAA was behind a provision in the federal Homeland Security Act, which is now law, that exempts information related to "critical infrastructure" from Freedom of Information Act requests by journalists, Garcia said. That includes information businesses report to the government, such as cybercrimes.

Is ITAA interested in extending the exemption to matters related to commerce in addition critical infrastructure? "I don?t know," Garcia said. "We're not advancing specific ideas just yet, but it's all ripe for conversation."

CNET News.com's Robert Lemos contributed to this report.