Identity Theft? Why not an instant-audit trail on credit card transactions?

Commerce | Accountability

You’d think, with financial fraud costing society about $35 billion last year (that’s over $100 per person), the credit institutions would do more to fix this. While they talk mightily about the fantastic biometric technologies on the horizon, they keep a lot of people employed handling all of this identity fraud and pitching “Identify Theft Solutions”. But they don’t have to. Here’s a breathtakingly simple solution: start having the major credit card companies, as well as the major credit bureaus, register people’s email and SMS addresses.

Phase 1: Whenever you use your credit card, the company which manages all that infrastructure to move money around (Visa, MC, Amex) can take a little more effort to send an SMS to your cell phone, or an email to your PC letting you know that your card has been charged (you could ask companies to whom you register auto-payments to disable this). If it wasn’t you who used the card, you should be able to send a quick response back to the credit card company, which would notify the Point of Sale, and the local law enforcement authorities. Case Closed.

Phase 2: In identity theft, some crook assembles your semi-private identifiers (Social Security #, mother’s maiden name) and applies for a new credit card through the mail. The credit card company, checks with one of the three major credit bureaus (Equifax, Experian and Trans Union) to check whether they should send you a card. Would it be that hard for the credit bureau to send an email, or even registered mail, to your registered address?

Why is it so hard for the largest financial institutions on Earth to manage an itty-bitty piece of data– your address– and employ instant-audit checks, just as every website does? Indeed, there may be a few people left in this country who don’t have cellphones or email addresses, and a few purchases may slip through on a stolen card. But make credit cards applications a real thorough process, and you’d stop identity theft cold.

There are about 5 web pages that Google returns with “credit card” and “instant audit”. Let this be another.

Update, September 25 2005: 20 months later, Google now lists about 276 links for the above terms, though I regret not being able to summon the patience to review all of them. Once again, this interest returns to me, as I had two thousand dollars sucked out of my debit card through a dozen transaction over the span of a few days last month. Bank of America has credited me full and launched an investigation (where they will learn that my Visa credit card was in Waterville Valley, NH one of those days, with its authorized user). Now, suppose that the system I described above were in place today, for debit cards as well– and let’s assume that my phone is programmable to give a unambiguous alert once a warning is generated– I would have responded much faster, perhaps even fast enough for law enforcement to nail the SOB.

And I had another idea. For some reason very few banks; maybe it’s too easy for a forger to paste on somebody else’s photo. So consider this: many big retailers now have bright computer screens at their cash registers. Why not show some useful data on that screen after the card is charged– like a photo registered with an identity service? Or even images of my registered signature?

Again, to repeat from the top of this article, this is a thirty-five billion dollar problem, that is: $35,000,000,000.00. Surely I can’t be the only one coming up with these ideas. A few months back I found an article on this in the trade press, wrote the author about whether these ideas had ever been considered, and I got no response. I’ll try my luck with Joe Light, who wrote excellent article in the Globe today, going as far as interviewing actually identity thieves.