When scammers with identity theft in mind used business accounts at Alpharetta-based ChoicePoint to access more than 145,000 consumer records, they created the consumer anxiety story of the year.
ID theft became a buzzword.
The ChoicePoint incident was followed by a cascade of subsequent stories about personal data security involving Bank of America, British financial giant HSBC, the DSW chain of shoe stores, LexisNexis and others.
It seemed obvious: ID theft is booming --- and your risks of being affected are rising.
Maybe they are. But even the experts can't agree on how many cases of identity theft there are in a year. Or on exactly what constitutes identity theft.
The Consumer Sentinel, a federal database, recorded 635,173 complaints of ID theft reported to various federal agencies during 2004. The Federal Trade Commission did a study in 2003 that found 10 million Americans were victims of identity theft. That study counted almost every kind of theft --- everything from stolen credit cards to incidents in which criminals assumed a person's credit identity and used it to obtain loans.
The Gartner Group, using the same survey information as the FTC, said there were 7 million victims in 2003. That study used a narrower definition of ID theft. Search for the term "identity theft" on the Web and you'll find still other figures.
It's not just numbers that are unclear. Experts don't even agree on what comprises identity theft. That disagreement, and the lack of reliable statistics, makes life more difficult for those who fight identity theft and for lawmakers who attempt to do something about it.
It also makes it tough for consumers --- who increasingly want the convenience of using credit cards and managing bank accounts online, or getting quick car loans and insurance quotes --- to assess the true risk they face in having their data in circulation.
"One of the problems is when you see the crime stats, they are all basically made up because there isn't a good definition," said Bruce Schneier, chief technology officer of Counterpane Internet Security and a nationally recognized expert in security technology.
Tough to draw line
The Federal Trade Commission, the main government agency responsible for monitoring identity theft, agrees the lack of a definition is a problem. But "if you try to draw the line, it gets fussy fast," said Keith Anderson, an economist with the FTC.
"If I lost my credit card and someone used it I wouldn't consider it ID theft," Anderson said.
But the government and many of the groups tracking ID theft do consider that scenario ID theft.
If your identity is stolen at phisher site --- a fake Web site designed to fool you into entering personal information for the purpose of identity theft --- you are a victim. If a criminal uses your Social Security number and driver's license information to establish credit, take out a loan and buy a house, that's identity theft. And if you leave your purse in the ladies room and someone uses your credit card, that's also identity theft.
Narrowing the definition isn't easy.
"I wouldn't know how to ask the question that would include the phishing experience but rule out the simple misuses," Anderson said.
With a catch-all definition, it's no wonder the numbers are so high, Schneier said.
"The reason you're seeing all those bad definitions is that, in many cases, it's an old crime," Schneier said. "It is someone using your information to commit fraud."
As politicians scurry to tighten laws on identity theft, and to create new laws, broad definitions create problems. "If you could absolutely define it, it would be better," said John Gardner, a lawyer and former South Carolina state legislator. "But some protection is better than no protection at all."
Gardner, who is writing a book on identity theft called "What's Yours is Mine, or Soon Will Be," said lawmakers will have to use vague language like "not limited to but including the following" as they craft regulations for how companies like ChoicePoint can compile and sell data.
The media also play a role by lumping disparate incidents under the identity theft heading, some experts say. The term identity theft is a made-for-TV expression, said Robert Thompson, an expert on popular culture and founding director of Syracuse University's Center for the Study of Popular TV.
Identity theft is the "paranoia of the 21st century," Thompson said. The focus on identity theft may have unearthed stories that wouldn't have been reported otherwise, he said. A catchy phrase like identity theft fuels media attention because it grabs the ear or eye and "has an instant feeling of something ominous," he added.
"It implies this world where not only are people using your credit card to buy shoes, it sounds like they're going to steal your very identity, like they're going to come home to your wife."
There's no disagreement that identity theft, whatever it is, is a serious problem. It's just that no one knows how serious.
Dozens of private groups raise money to fight the problem.
The Identity Resource Center in San Diego was the beneficiary of a $1 million donation from ChoicePoint. The donation came during the heighth of publicity about the fraud at the Alpharetta-based data warehouse firm.
"If you're trying to quantify, it's a problem, if you're going to use it when considering legislation, then unfortunately you do have a problem," said Lina Foley, director of the center. "But no one argues when you say that this is costing us all a lot of money."
