Financial Privacy & Security News

"Identity theft is the top consumer crime in Colorado. Colorado is one of two states that do not have strong laws on the books to prosecute criminals for identity theft. Last year, the state ranked fifth, up from 11th two years ago, in the nation for the number of identity-theft victims per capita, according to the Federal Trade Commission (FTC). Complex identity theft crimes occur when thieves steal Social Security Numbers or other personal data and use the information to take funds by opening credit card accounts, renting homes or obtaining loans", said Rex Wilmouth Director of CoPIRG (Colorado Pubic Interest Research Group).

Easy access to consumers' confidential identifying information, including social security numbers, has contributed to this epidemic. Credit card companies, merchants, credit bureaus and other businesses do not adequately safeguard consumers' private financial information, making it relatively easy for thieves to steal this data and use it to take out new credit or to rack up charges on existing accounts.

"Victims of identity theft literally have their lives stolen. They face credit and mortgage denials, out-of-pocket costs, and even arrest when mistaken for the thief using their name", said Grayson Robinson the Sheriff of Arapahoe County. The Federal Trade Commission (FTC) estimates that it took the average victim of identity theft in 2004 600 hours and an average of $1,400 to clear their name; cases average two to four years to be resolved. This is up from 175 hours and $808 in out-of-pocket expenses in 2000. The FTC estimates that identity theft cost consumers $5 billion and businesses $48 billion last year. And when a business, institution or other entity is sloppy with consumers' personal information, it's the victim that is responsible for cleaning up the mess. "Colorado legislators are looking at bills this year to get tough on thieves. Now it's time to prevent the crimes by safeguarding personal information", said Senator Dan Grossman.

"Often, all a thief needs is a social security number to open an account fraudulently, and rack up charges in an innocent victim's name", said Zach Friesen. Social security numbers were originally only meant for the federal government's use to track wages and benefits. But now, these numbers are used by a multitude of public and private institutions-such as health insurance companies, universities, cell phone companies, utility companies and others-as identification numbers, or as a security measure to confirm an individual's identity. The widespread use of these numbers completely undermines the use of it as a security measure. Widespread use also provides numerous opportunities for identity thieves to gain access to valuable information.

While Colorado has taken some steps to protect consumers, more needs to be done to prevent the crime and give victims the ability to clear their names. In the report released today CoPIRG is calling on the legislature to take the following seven steps to help stop identity theft in Colorado:

1. Increase criminal penalties for identity theft by making the crime a felony in Colorado.

2. Give consumers the right to freeze thieves out of their credit files. Allow consumers to block access to their credit reports and scores unless they affirmatively unlock their credit files by contacting the credit bureaus and providing a security code.

3. Restrict the invasion of financial privacy by eliminating the "credit header" loophole that allows credit bureaus to share consumers' personal identifying information, including social security numbers, to marketers and others.

4. Provide consumers with low-cost monthly access to their credit reports so they may monitor them for fraudulent activity.

5. Require businesses to notify their customers when a security breach puts them at risk of identity theft.

6. Prohibit businesses from using consumers' social security numbers on identification cards.

7. Require businesses to meet minimum standards for the proper disposal of documents that contain consumers' private financial information, and extend this standard to any third-party vendors that businesses use to destroy records.