But a new Web-based system will notify users by email if their data is being misappropriated; the FTC is attacking the problem, too.
A Web-based system aimed at fighting identity theft debuted on Monday while US regulators mulled new ways of helping disentangle victims from this growing scourge of the Internet age.
Privista, a New York startup allied with credit bureau Equifax, rolled out ID Guard, which will be offered free for life to consumers signing up by Dec. 31 at Privista.
The service will monitor weekly an Equifax credit file for unusual activity: address changes, new account openings, account inquiries, uncommonly large credit-card balance changes, social security number changes, and 10 other potential warning signs.
When a trigger event has occurred, the service notifies the user by email, helping fight a problem that could afflict as many as 750,000 Americans next year, said Privista CEO Eric Gertler, citing industry projections.
Major hindrance to e-commerce
"This problem is growing rapidly," he said by telephone, calling ID theft a major stumbling block to the growth of electronic commerce.
The product was unveiled as the Federal Trade Commission began a two-day look at victims' headaches in trying to restore their good names with the three national consumer reporting agencies -- Equifax, Experian, and Trans Union -- and other bureaucracies.
As of Sept. 30, the FTC said it had processed in an 11-month-old data bank more than 26,000 entries from consumers and victims of identity theft.
By far, credit card fraud accounted for the greatest number of complaints, with more than half reporting an account had been opened in their name or that unauthorised charges were placed on an existing credit card.
Joanna Crane, of the FTC's Division of Planning and Information, said unauthorised phone or utility service was the next most frequent complaint, followed by bank fraud, fraudulent loans, and fraud tied to getting official documents or benefits.
More than 30 percent of complainants noticed the identity theft within one month -- "the fortunate few," in Crane's words -- but some complainants were unaware of it for as long as five years or more.
Arrest warrants, spending sprees
Robert Greer of New Hampshire told the workshop of his huge chagrin to learn that he was the subject of three outstanding arrest warrants in Massachusetts because of what he called a case of identity theft.
"There is no straightforward method for me to determine if my record is now clear," he said in a written statement.
Other victims described how data from credit card applications was intercepted from the mail by relatives who later went on spending sprees.
"Normally, you're innocent until proven guilty, but in this case it's the opposite," said Deborah North, a Maryland resident who discovered that a one-time co-worker had used her personal data to run up more than US$16,000 in charges.
Clearing an innocent victim's record is "a nightmare that takes hundreds of hours," said Mari Frank, a Laguna Niguel, Calif., lawyer, privacy consultant, and identity theft victim herself.
Fraud alerts needed
Jodie Bernstein, director of the FTC's Bureau of Consumer Protection, said the commission was seeking to mandate a "one-stop" process for getting a fraud alert on a consumer's file at all three consumer reporting agencies once any of them was alerted to a problem.
A second initiative under study is a standardised fraud declaration to report ID theft to banks, creditors, debt collectors, or others.
Rather than filling out a separate fraud packet for each institution involved, the victim would fill out a single standard statement and send along signed copies, Bernstein said.
