Speaking of European vs. American security differences, I just saw this piece below on MSN's online news. Don't know if everyone can access it via a link, so I copied the whole article and removed all the HTML I could find. For imbedded links go to the original, the link for which is: _http://moneycentral.msn.com/content/Banking/FinancialPrivacy/P116528.asp?GT1=6582_ (http://moneycentral.msn.com/content/Banking/FinancialPrivacy/P116528.asp?GT1=6582) My U.S. Social Security card, which I obtained in 1959, still says "FOR SOCIAL SECURITY PURPOSES. NOT FOR IDENTIFICATION". I don't remember being notified by the S. S. Administration when that rule was ever eliminated so that I could take proper steps to protect my identity and private data. Bill Fairchild The Basics What Europe can teach us about identity theft
An epidemic of identity theft is sweeping the U.S., but it hasn't spread to Europe. Here's what they're doing right. By Liz Pulliam Weston Determining the rate of identity theft in Europe is difficult, and the reason is telling: Data security experts say it's not seen as enough of a problem to warrant a comprehensive survey. The exception is the United Kingdom, where fraud experts estimate 100,000 people, or about 0.17% of the population, fell victim last year to account hijacking, new-account fraud or other types of identity theft. Compare that to the U.S., where a Federal Trade Commission survey found 10 million ID-theft victims a year -- or 3.39% of the population. So what is so different in the Eurozone? Several things: Social Security numbers are for Social Security -- period. Most European residents have national identity cards -- the exception being the U.K., which is still struggling with the concept. Credit bureaus tend to have unique identifying numbers for the consumers in their databases. Social Security numbers are used for retirement benefits, not as an all-purpose identifier. "It's much more difficult to steal your identity" in Europe, said fraud expert Jim Vaules, a vice president with U.S. database company LexisNexis. Vaules said the key piece of information an identity thief needs is a person's national ID number, and that appears in a lot fewer places than Social Security numbers do in the U.S. Information is kept private. Western European countries have laws that keep businesses from sharing and selling private personal or financial information. "A lot less of their data is floating around," said Bob Sullivan, an MSNBC technology reporter and author of "Your Evil Twin: Behind the Identity Theft Epidemic" (2004, John Wiley & Sons). "They are far more strict about data sharing than we are in the U.S." The massive databases maintained by ChoicePoint and LexisNexis simply wouldn't be possible in Europe, Vaules said. Both companies recently announced that their databases were breached and information on hundreds of thousands of people was stolen. In Europe, "information is only available to the person to whom it pertains," he said. "The European Union privacy directives restrict data aggregation of public records, even of stuff we take for granted over here." For example, companies aren't allowed to create or sell databases of people's former addresses and phone numbers. Such databases here are often used to contact neighbors or relatives of people who owe debts in an attempt to find out where the debtors have gone. Credit bureaus aren't wide open. In many European countries, credit bureaus are maintained by groups of banks that share information with each other -- but not with outsiders, said Theodore Iacobuzio, vice president for European banking and payments at financial research firm TowerGroup. Three countries -- France, Spain and Denmark -- allow the bureaus to report only negative information about consumers, Iacobuzio said. That makes the databases of limited use to lenders, who must use other factors to gauge credit risk. Contrast that with the U.S., where just about any business can subscribe to a credit bureau and use credit scoring to instantly assess someone's risk of default. The ease of accessing all that information has enabled lenders to make credit decisions in a matter of seconds. The process is often much slower in Europe -- which also means it's not as easy for the bad guys to open new accounts in someone else's name. "It's much more difficult to establish credit over there," Vaules said. Credit isn't king. Interestingly enough, Europeans are far more likely to use debit cards or deferred debit cards (where charges are deducted from checking accounts once a month, instead of daily) than credit cards. And they get those debit cards from their banks, which generally know enough about them to verify their identities. "A credit card is a relatively exotic instrument in Western Europe," Iacobuzio said. "Only 27% of all plastic in issue in Europe is credit cards, and 73% is debit cards." Debit cards also limit the amount of damage a thief can do -- and therefore the profitability of identity theft. Your bank account might be drained temporarily, but the potential losses are usually far lower than when a thief takes over a credit card or establishes a new account in your name. Credit card marketers do send out some direct-mail solicitations, Iacobuzio said, but the volume is far less than the deluge that stuffs -- and is often stolen from -- Americans' mailboxes. Smart cards fight fraud. In the U.S., it's relatively easy to counterfeit a credit card: Thieves run your plastic through a handheld device called a "skimmer," which picks up all the essential information from the card's magnetic strip. A new card can be created with specially designed machines that imbed the skimmed information onto its strip. In France, Britain and other countries, issuers have replaced magnetic strips with tiny computer chips that are much more difficult to reproduce. Instead of signing for purchases, consumers punch their personal identification numbers into the merchant's terminal. This "chip and PIN" technology is credited with reducing payment fraud by half in France, where it was introduced in 1992. Europe, like the U.S., is still struggling with "card not present" fraud -- transactions made over the phone or on the Internet, where a merchant can't verify the purchaser actually has the card in his or her possession. But it's businesses, rather than individuals, that tend to take the beating for that kind of fraud. Take a hint from the Europeans Containing the costs and prevalence of identity theft needs to be more of a national priority in the U.S. We don't need to slavishly copy the Europeans, but we could adopt a few of their better ideas. Such as: Don't use Social Security numbers as a universal identifier. Old-timers will tell you that Social Security cards used to be stamped with a warning that the document was not to be used for identification purposes. Let's return to those good old days. (For steps you can take to protect yourself, read "Safeguard your Social Security number.") Make it a little tougher to open credit accounts. Lenders would like us to think the U.S. economy would collapse if we were no longer able to access credit instantly. Somehow, I think we'd be able to struggle along if lenders took an extra minute to verify someone's identity before issuing a credit card or approving a loan. Put people in charge of their own data. Right now, consumers can "opt out" of some information sharing -- if they can decipher the notices sent to them by their financial institutions. Switching to an "opt in" system, where businesses need your permission to share, would put control of your personal financial information back where it belongs: with you. The fewer databases that have your information, the fewer opportunities thieves may have to break in and steal it. (For more ideas, read "10 ways to stop identify theft cold.") Liz Pulliam Weston's column appears every Monday and Thursday, exclusively on MSN Money. She also answers reader questions in the Your Money message board. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html