Security expert Bruce Schneier has a good post on How Banks Profit from ID Theft. Those offers of “fraud protection services” are mostly BS. You aren’t liable for fraudulent use of your card, so they’re giving that away for free. You can get your credit report once a year, and if you watch your statements and tear up any bills with important numbers, you’re pretty safe, and you can catch the problem before it gets too far.
Schneier has made an interesting comparison before. In England, the consumer is liable for money stolen from an ATM machine, which makes the banks invest less in security. In the US, the bank is liable, so it’s worth their while to invest in security for the machines, cards and network.
The solution to ID theft is to raise the regulatory cost to the financial institutions. They can afford to to random audits of their customers at low cost, or even just check for bad signs every week. If Experian, Equifax and TransUnion could be held liable for giving out information used in an ID theft, they’d be imposing all sorts of extra safeguards.
People complain about the litigious society, and rightly so, but the courts and civil suits offer a path to resolving real problems, and no one should loose sight of that.