The advent of the identity theft protection business opened the door to bad actors looking to make a quick buck by promising offers of protection they couldn’t possibly deliver. They failed to clearly disclose the limitations of the service offerings, hyped the threat and consequences of identity theft, or mislead consumers about the protection and benefits offered by fraud alerts and identity theft insurance.

The Best Practices addresses these lesser practices – and more.

I admire the companies who put many hours, many into this project, working with the CFA, toward the goal of self-policing the industry. Theses companies have expressed their intention to follow the best practices with the goal of giving consumers the information they need to make a smart purchasing decision.

ITAC and it member companies believe in collaboration. That’s what brought many of the largest financial services companies together back in 2004 to create a free identity recovery service for their customers. The ITAC companies knew that preventing identity fraud and helping customers were not competitive issues. These companies worked together to create a service that since 2004 has helped 80,000 consumers recover their identities.

Companies that profit from identity theft services and chose to participate in Best Practices should be commended. They recognize that collaboration puts the customer first and everybody benefits.

The report by Javelin Strategy & Research shows that the number of identity fraud victims decreased by 28 percent and the total fraud amount decreased from $56 to $37 billion.

“An improving economy, public education and better detection techniques appear to be working,” said Wallace. “Let’s take this as motivation to redouble our efforts to get out in front of criminals, especially in light of the growing threat of cybercrime.”

Writing in American Banker this week, ITAC President Anne Wallace challenged RSA conference-goers to rethink computer security in a way that compels consumers to embrace it. It’s time they think more like consumer product developers and marketers, and makes her case in the excerpt below:

Consumer electronics companies are masters at understanding human behavior and creating products that anticipate and respond to human wants and needs. The most successful devices, and the applications that support them, are indispensable to their owners. By understanding how we behave today and what we will want tomorrow, Apple, Motorola and Research In Motion create compelling relationships between device and user.

The smartest processes, and the best technologies, are not effective if people do not want to use them, avoid them or will not update them.  Technology and processes depend on user adoption and consistent use to be effective. This appears to be the Achilles heel in our current approach to cybersecurity.

Is it crazy to suggest that we create new gadgets and technologies for security that are appealing and that people will want to use? It must be possible to design a technology that delivers such obvious value that people will want to have a relationship. I admit it is hard to imagine consumers lining up for the latest version of MyCyberSecurityBlanket the way they did for the iPad, or downloading the latest security app the way they downloaded Angry Birds, but shouldn’t that be our inspiration?

In order to recruiting citizens in the war on cybercrime, the industry must develop and market tools that are easy-to-use, intuitive, unobtrusive and maybe even emotionally rewarding.

Maybe there will be an app for that in 2012.

But what about consumers, regular people, non-professionals and the end-users? How does the private sector and the public sector explain the need for cybersecurity? How do share our passion for protecting vital information in a way that moves individuals to adopt essential behavior and systems?

Webroot, provider of anti-virus software, thinks humor is one key to this dilemma. They believe that most consumer cybersecurity marketing campaigns are boring. The maker of anti-virus software is breaking the marketing mold with a national advertising campaign that uses self-deprecating humor to go beyond the typical jargon-filled and fear-inducing messages.

One of Webroot’s ads is a highway billboard that simply said “Paint drying. Admittedly more interesting than explaining malware protection.” Another billboard shows a large swatch of artificial turf with the caption “Grass growing. Admittedly more interesting than explaining spam filtration.”

The beauty of this campaign is that Webroot is expanding beyond the tech-savvy PC Magazine crowd and aiming for a broader audience with print ads in Fortune, Fast Company and even US Weekly. Check out one of their print ads here.

Similarly, Symantec has created a series of national television ads for Norton Internet Security software, which feature celebrities like the actors David Hasselhoff and Dolph Lundgren and the 1980s metal band Dokken. Funny, ironic and educational all in one.

We love it. Cybersecurity is vitally important but the truth is, it’s really boring. We applaud these creative ad campaigns and hope to see other stakeholders try humor and other novel ways to answer the crucial question, what’s in it for me?

Check out this Symantec advertisement that pits UFC champion Kimbo Slice against a caterpillar. Absolutely hilarious.

Written By:
Anne Wallace
President of ITAC, the Identity Theft Assistance Corporation

The bad guys hate perfect, so we should be working with consumers to stop them.

I deal with the ugly aftermath of one type of cybercrime, helping consumers recover from identity theft. As a result, I am passionate about letting consumers know about online and real world sources of the crime.
Organizations like mine are joining forces to recruit consumers – who are also your customers and employees – in the fight against cybercrime. Expect to see major public education outreach in October as National Cyber Security Week, an initiative of the National Cyber Security Alliance, a month that also features Protect Your Identity Week, a coalition spearheaded by the National Consumer Counseling Association.

There are also professional organizations, like the Anti-Phishing Working Group and the Online Trust Alliance, that develop ideas and solutions to educate and arm consumers.

The obstacles to engaging consumers in the fight against cyber crime are enormous – more about that next time – but we ignore consumers at our peril. I encourage you to consider joining professional organizations like these. In this fight, it takes an army.

As the leader of ITAC, the Identity Theft Assistance Center – a pioneer in helping victims of identity crime – I want to celebrate National Crime Victims Rights’ Week and urge colleagues in other industries affected by identity crime to join ITAC in addressing the needs of identity crime victims.

ITAC was created in 2003 by The Financial Services Roundtable and its member companies. Since the victim assistance center opened in 2004, ITAC has helped more than 66,000 individuals recover from identity fraud. Our unique service is free to consumers and paid for by their financial services company.

ITAC is committed to putting the consumer first and solving fraud from the consumer’s vantage point. It’s often noted, and it’s true, that identity crime has more than one victim. Identity crime wreaks havoc on merchants, government agencies, banks, colleges, and others. But it’s the individual whose personal information is compromised who experiences not just financial loss but also the fear and frustration of identity crime, and most needs help in getting through that experience. ITAC calls on colleagues in retailing, telecommunications, health care and elsewhere to commit themselves to fairness, dignity and respect for identity crime victims.

One area that has not received much coverage is the prosecution of identity theft crimes. Last week, Rita M. Glavin, Acting Assistant Attorney General, Criminal Division, Department of Justice, testified at House Homeland Security Committee hearing on PCI standards. Assistant Attorney General Glavin cited some very sobering statistics: there are more than 2,000 active cases related to identity theft pending in the U.S. Attorney’s Offices. She said there has been a 138.2 percent increase in identity theft convictions between 2004 and 2008.

The federal stats made me wonder about the number of state and local prosecutions. Conventional wisdom is that the federal prosecutions are the just the tip of the iceberg. U. S. Attorneys all over the country apply standards including big dollar losses, lots of victims, and “winability” to filter out any where from 50 percent to 90 percent of the cases in order to make the most of their limited resources.

So, how many state prosecutions for identity theft are there? Individual states publish data but I couldn’t find a compilation of state prosecutions. Is there one out there?

Does it matter? Well, there’s a sense that identity theft is a crime that isn’t punished. Maybe that’s why only about one-third of identity theft victims file a police report according to a recent report by Javelin Strategy & Research. Would more consumers file a police report if they thought the crook was likely to be prosecuted? Hard to know but I bet they would.

So, the question is…where is the data about state prosecutions? If you can point us to other resources, we would greatly appreciate it.

Why did the financial services industry spend $2 million to create ITAC’s victim assistance service? Because identity theft is a terrible experience that can corrode trusted relationships. In addition to ensuring that customers regain their financial standing and good name after becoming a victim, it is vital for businesses to maintain the trust of their customers

ITAC’s victim assistance service cuts recovery time and calms the anxiety of identity theft. An ITAC agent walks the consumer through his or her credit report to find suspicious activity. Then, ITAC notifies each company where fraud may have occurred.

And, the reality is that everyone, not just financial services companies that should be thinking about preserving “trust” with their customers.

Virtually every industry (and government agency) uses sensitive personal information of customers and employees. If the emerging privacy model is responsible use – businesses may collect and use personal information provided they do so responsibly – isn’t helping the consumer recover from the misuse of personal information key to responsible use?

The ITAC model works for the financial services sector. Can it work for others, including telecommunications, retail and transportation? We want to hear from other industry leaders about building and maintaining public trust.

History and literature are full of heroes and villains who used identity theft to achieve their ends but knowing who you are dealing with has never been more important, or more difficult.

The risks of identity theft to our economy and our security are enormous. For consumers, the risks are both economic and deeply personal. For five years, ITAC has been helping consumers – more than 50,000 – recover from identity theft. Hearing their stories drives our passion to protect others from identity theft.
ITAC is all about collaboration, starting with the 50 financial services companies that funded the first-ever collaborative victim assistance service. ITAC partners with law enforcement and the Federal Trade Commission in fighting identity crime.

But, we are always looking for ways around and through the walls that separate business from business, industry from government and industry from industry. The criminals are not limited by geographic boundaries or business silos. That means we – the “good guys” – must talk to each other across corporate and geographic boundaries to find lasting solutions.

That’s why we are launching this blog, which aims to be the definitive source for all things regarding identity theft and identity management.

This new online forum will allow industry professionals, policymakers, attorneys, information security and privacy experts, law enforcement, researchers and academics to exchange opinion, ideas and best practices.

Please make our blog a part of your daily reading. More important, we want to hear from you. Feel free to offer your opinions and expertise by posting comments, or email us directly with a story idea.

This is your resource and your voice will be heard.

Anne Wallace
President
ITAC, the Identity Theft Assistance Center