FRAMINGHAM, Mass. – Smaller financial institutions such as credit unions are the natural next targets for credit card fraudsters thwarted by the new technologies deployed by the big issuers. And regardless of the size, turning back the invaders, repairing damage and anticipating further attacks should be "at least a top-five priority" for credit card issuers, says Financial Insights analyst Dennis Behrman, who calls the problem "largely solvable." Behrman just published a review of the "National Report on Identity Fraud," a sweeping, year-long study recently released by San Diego-based technology vendor ID Analytics. The report, Behrman says, offers valuable empirical data that could correct many public and industry misconceptions about identity fraud. "We can now make predictions," Behrman says, about trends in future identity fraud losses and the price of ignoring the problem. "We can now determine how much fraud goes undetected and the business segments that are vulnerable." As part of its work, ID Analytics studied more than 200 million account applications from a consortium of retail banks, lenders and wireless communications providers, including eight of the 10 largest card issuers in the United States, accounting for about 40% of credit card receivables in 2001. Recent government reports exaggerate the size of the identity fraud problem, Behrman concludes. Still, he says, credit card issuers must counterattack quickly and persistently, as the new study shows identity fraud growing at a "very troublesome" rate. The credit card market is especially vulnerable to identity fraud, Behrman says, because of fierce competition between issuers, widespread credit card acceptance and versatile use, and lag time before accounts are collected. Based on the new study data, Behrman says, "We can reasonably assume that there is a greater amount of identity fraud absorbed by card issuers than by depository institutions." The retail finance industry will lose an estimated $4.2 billion to identity fraud in 2003. (By comparison, the consumer victims now shown in TV public awareness campaigns will lose an estimated $200 million.) Behrman says the study suggests that identity fraud losses to the credit card segment have been underreported. He estimated the 2003 losses at $1.7 billion, although "the U.S. card industry has regularly stated that typical card fraud (for which the vast majority is not identity fraud) is about $1 billion per year." The credit card industry has been particularly slow to act on the identity fraud problem, Behrman says, citing the following reasons: * The U.S. banking industry has enjoyed another banner year of earnings and resilient equities markets, fostering complacency. * Without such concrete data as furnished by the ID Analytics report, institutional planners tend to assume current budgets for fraud prevention and detection technologies are adequate. * Traditional cost-benefit analysis for investment in anti-fraud measures does not apply to identity fraud, which is especially stealthy and can be irreparably damaging. * Identity fraud, once perpetrated, "carries the stigma of the violation of privacy" and can squander consumer trust in the credit card issuer. Behrman predicts the new study's findings would help spur the credit card industry to leave behind the "hype" phase of its response and enter the "exploration and testing" stage. The five phases in a nutshell are: * Hype: clouded by industry and consumer questions. "How could this happen?" * Exploration/testing: understanding true scale of problem, devising strategies, developing solutions. Case studies and new data prove that problems can be solved. Consumer education begins. * Solution/implementation: broad adoption of newly developed technology solutions. * Strategy refinement: tweaking strategies based on more detailed understanding of problem and solutions. * Ongoing management: Preventing identity fraud should be "as routine as a credit decision." Behrman strongly advises mid-size and smaller credit card issuers – which includes most credit unions – to follow adoption trends aggressively. They could become prime targets of identity fraud as the leading financial institutions begin to slam doors in the face of fraudsters. He also says the next wave of identity fraud might involve sophisticated confidence schemes where the perpetrator develops non-fraudulent identities that feed into fraudulent ones. The Financial Insights analyst also offers these steps for credit card issuers determined to repel identity fraud: * Learn exactly how criminals use false, inaccurate, or stolen personal information to defraud. * Admit the limitations of negative fraud files. Fraudsters have many sources of sensitive personal information free of negative history. * Educate consumers. They are no longer in denial. They expect their credit card company to explain the problem and how it is responding. * Pursue consortium-based solutions. "Identity fraud is a problem that can only be solved at an industry level, not by institutions acting in isolation." * Learn to flag not just fraudulent application data, but fraudulent application patterns. * Recognize that reliable identity verification will not only minimize fraud, but also will maximize consumer security and enhance relations management. -

[email protected]