Stop Blaming the Victims of Identity Theft

Victims of identity theft at credit unions with cu 2.0 and breach clarity

The recent Harris Poll numbers are a splash of icy water on our faces: three in five Americans believe identity theft will likely cause them financial loss in the next year.

That is a finding of a poll done for the American Institute of CPAs.

That number is up from the 50% who in 2018 said they feared a likely loss due to identity theft.

Partly, the jump seems to be pandemic related—there just are a lot more online scams in the internet ether—and partly, too, it’s because all of us are shopping online much more than we had, also because of the pandemic.

Immediately, too, blaming fingers are pointed at consumers. How dumb are we? How do we let this happen?

The AICPA joined in the consumer bashing in its release: “While basic steps can help prevent being victimized by fraud, few shoppers are taking them. The survey found that less than half of Americans (45%) have checked their credit or debit card statements to ensure that the charges match their actual purchases since the pandemic began. Further, nearly 2 in 5 Americans (39%) admit they use the same username and/or password across multiple websites.”

The AICPA added in a press statement: “The survey found that since the start of the pandemic more than a third of American online shoppers (37%) have stored logins, passwords, or credit/debit card information on websites or apps, while only 3 in 10 (28%) have set up alerts on their credit or debit card for when a purchase is made without their card being present. These stats may be why in the past year one in five Americans (19%) have suffered identity theft or attempted identity theft.”

Yeah, how dumb are we?


The Elephant in the Room Roars

Except: the elephant in this room is that there is a continuing avalanche of news about breaches where our financial and personal data, everything from Social Security numbers to passport numbers and of course masses of credit card numbers are routinely pilfered by cyber crooks and put up for sale on the Dark Web.

They are stolen not from consumers but from businesses and organizations with porous cybersecurity controls.

Who has been sleeping on the cybersecurity job?


No More Victim Blaming

Stop blaming the victim. That’s counsel from Jim Van Dyke, founder of Breach Clarity, a firm that investigates breaches, grades the severity, and offers advice on best self-protection steps.

Van Dyke pointedly commented: “Data breaches and identity fraud aren’t going away, and we need to stop blaming the consumer for not acting.” He’s right. It is not the fault of the consumer.

Usually, too, it’s not the fault of the financial institutions that get looted by cyber crooks using consumer data stolen in breaches. In fact, financial institutions are victims, too, said Van Dyke, and that’s because they typically suffer the bulk of the losses. (Consumers often are protected by federal law.)

So, what do consumers and financial institutions need to do?

Start with the facts: Every day there are four significant data breaches, said Van Dyke, who founded Breach Clarity to shed a bright light on breaches and, importantly, what they mean to you and me (that is, to each individual). And know this: a given breach will have different implications for consumers. One might set up Jane Doe for new account opening fraud, another citizen might be ripe for IRS tax fraud, and John Doe could become victimized in a medical insurance identity theft scam.


Consumer Knowledge of Breaches = Power

Sounds grim? Definitely. But take some solace: Van Dyke believes that the more we know about breaches, the better we can protect ourselves. He added: “The problem clearly isn’t that people don’t care to act—it’s rather that consumers get complex, confusing, and often even contradictory one-size fits-all-advice, from every source that seeks to answer individuals’ questions about ‘what’s most important for me to DO to protect myself from identity threats?’”

Cookie cutter advice does not work to protect this consumer from this breach. That’s a key takeaway from Van Dyke’s advice.

Breach Clarity offers free scoring of breaches—just how bad, really, is that breach on tonight’s TV news?—as well as suggestions for individual self-protection steps.

That’s exactly what today’s increasingly terrified consumer needs. The cure for a paralysis of fear is an action plan and a sense of how much of a threat this breach really is.

Want to hear more from Van Dyke about breaches and what financial institutions as well as consumers really need to be doing? Listen to the half hour CU 2.0 podcast where he tells all you need to know about breaches but probably have been afraid to ask. Link here.


More Resources

CU 2.0 is dedicated to helping credit unions succeed in a fast-paced, digital-first world. Our work exposes us to many fintechs and other organizations who wish to increase credit union market share.

Would you like to hear our latest findings? Join our Quarterly Fintech Call list. In 30 minutes each quarter, we’ll call you to share the companies, technologies, and products that have caught our eye. Contact Chris Otey to learn more!

Recent Posts