Why competition among credit card companies is good for identity thieves

In the last week, I've received two different pieces of news in my inbox that I wish weren't related, but that I suspect are.

First was a report from Datamonitor, a vertical market research company, warning that fuel card providers must "adapt to stave off threat from commercial credit cards." Apparently, incentives such as discounts, loyalty reward points and expenditure reporting plans are luring companies, small- to mid-sized ones in particular, to use commercial credit cards instead of gas cards. "To maximize growth going forward, " the e-mail states sternly, "oil companies must take a leaf out of their competitors’ book and expand the functionality of their fuel cards in order to counter the threat from commercial credit cards."

Now I don't know about you, but the first thing I think of when I think of oil companies and credit cards is the Exxon Mobile Speedpass, which allows consumers to purchase gas just by waving an RFID-enabled device, rather than swiping a credit card. I'm sure the gas companies will tell you that the security on these devices is all locked up--that someone driving past or maybe stopping to buy a soda won't accidentally be charged for a tank of gas. But the fact is that swiping your credit card and signing for the purchase is still the most secure (or rather least insecure) way to use a credit card. The reason gas companies circumvent this--and the reason that a growing number of merchants won't make you sign for charges less than $25--is that those companies perceive that the risk of letting customers make purchases this way is outweighed by the reward, i.e., making it easier for people to spend money with them. "To maximize growth going forward" and all.

Then, this past Monday, President Bush's Identity Theft Task Force unveiled its strategic plan for preventing identity theft. Disclosure: I haven't read the whole report, which is 120 pages long. (You can download the PDF here.) But it's worth noting that according to the table of contents, 17 pages are about keeping data out of the hands of criminals, and 18 pages are devoted to prosecuting and punishing identity thieves--but only three (yes, three) pages are about making it harder to actually use consumer data.

When it comes to identity theft, this is the dirty secret that no one wants to talk about: that the underlying reason identity theft is proliferating is that it's so easy for criminals to turn identity information into cash. It's easier to talk about educating consumers to protect their information (when in reality the problem is largely out of their hands) or about the importance of law enforcement coordination (also important, but too late for the victims), than it is to address the fact that it's simply too easy for identity thieves to use pilfered information to obtain and use credit. Raise the bar there, and the incentive and payoff for identity theft decreases--as does the problem.

Meanwhile, companies offering credit are ever pushing to make it easier, not harder, to spend money. The only good news? Part of the Task Force's strategy is to assess state laws about credit freezes, which put some of the power back where it belongs: with the consumer.

--Sarah D. Scalet


Copyright © 2007 IDG Communications, Inc.

The 10 most powerful cybersecurity companies