Credit-card companies do a good job of helping consumers resolve identity-theft problems once they occur. But they could reduce ID fraud even more if they gave consumers better tools to monitor their accounts and limit high-risk transactions, such as large cash advances or foreign transactions. That's the conclusion of a recent study by Javelin Strategy & Research, a research and consulting firm specializing in the financial services industry.


Javelin cites a previous study that found that almost half of all ID theft cases are detected by consumers, one-third of the cases by banks. The rest are through third parties such as police, debt collectors and credit bureaus.


If the consumer is the one who's going to find the problem, "why not empower them," said Rubina Johannes, a Javelin research analyst and author of the latest study. "This doesn't mean businesses are off the hook."


For one thing, Johannes found, too many credit card companies still use people's full Social Security numbers in their interactions with customers, whether by phone, Internet or mail. "This is a risky practice that unnecessarily increases the customer's exposure to identity fraud," the report concluded. At the very least, credit-card companies should only ask for the last four digits of a Social Security number after the initial application process (when it's still needed for credit-report data).


Because a previous Javelin study found that identity theft is greatest through the continued use of paper documents and not the Internet, the company also said credit-card firms should offer consumers greater ability to view statements online and shut off paper statements.


At the same time, it called on banks to offer consumers the flexibility to place restrictions on their account activity, such as limiting cash advances or foreign transactions. "No one knows his spending habit better than the consumer, so if a consumer knows he's never going to do a foreign transaction, why not give him the option of restricting it. You can always change it later," Johannes said.


Banks should also send e-mail alerts when there are high-risk transactions -- such as a card not being present, a foreign transaction or activity on a dormant account -- or requests to make changes in the account (for a new PIN or password, address relocation, addition of an authorized user, etc.).


Right now, only Discover "offers customers the option to be notified should there be a change in authorized users on their account. This notification could be essential in the early detection of account takeover fraud," the report said.


"Everything we're recommending is a choice for the consumer. The customer can choose to do it or not," Johannes said.


Beth Givens, director of Privacy Rights Clearinghouse, a public-interest advocacy group that specializes in ID-theft issues, said the report has some good suggestions, including the curb on the use of Social Security numbers. However, she expressed skepticism about the e-mail notifications of high-risk transactions. "I don't think e-mail notices will be very effective these days; most people would probably ignore them, thinking they were another phishing message or scam." The banks need to figure out a better way to alert consumers, she said.


More important, Givens said, credit-card issuers "shouldn't rely on consumers alone to detect fraud, especially when most consumers only review their accounts once a month. Banks needs to make more use of sophisticated pattern-recognition programs that can detect and halt fraudulent transactions almost immediately."


Source: The Washington Post