USA Today reports that the Consumer Data Industry Association (CDIA) is fighting credit freezes harder than ever, arguing that freezes are “an expensive burden to bear” for credit bureaus.

The CDIA represents the interests of the Big Three credit bureaus: Experian, Equifax and TransUnion. The CDIA is doing everything it can to get federal lawmakers to stop state laws empowering consumers to freeze access to their credit histories to prevent identity theft. The organization spent $1.4 million on federal lobbying in 2006 to fight credit freeze laws.

The CDIA’s requests are denied in most states. In fact, more states are requiring companies to notify consumers when their personal data turn up missing — and are ordering the credit bureaus to make it easier for consumers to ban anyone from viewing their credit files. By the end of this year, more than 35 states will have such laws; a few years ago, very few did.

As identity theft continues to grow, credit freeze laws are critical. Mandated by state data-loss notification laws, companies and organizations have disclosed more than 500 incidents of personal data turning up missing since February 2005. In addition, con artists are finding new ways to use stolen data, particularly Social Security numbers, to commit fraud, especially online. A report issued in March by Gartner banking security analyst Avivah Litan estimates 15 million Americans will become victims of identity theft in 2007, up 50% from 2005.

According to the USA Today article, the best protection against new-account fraud is a credit freeze, say credit consultants and fraud investigators. However, credit freezes hurt the credit bureaus’ core business. These companies issue billions of credit reports each year in support of loan applications. The combined annual revenue of Experian, Equifax and TransUnion tops $4 billion, according to Hoover’s. Perhaps this is why the CDIA has publicly opposed credit freezes.

According to a recent survey by LoJack Corporation and the National Insurance Crime Bureau (NICB), Americans are not taking the necessary precautions to protect their vehicles from theft and are putting themselves at risk for identity theft based on what they leave in their cars, trucks and SUVs.

The survey showed that many Americans have bad habits that make them highly vulnerable to both vehicle theft and associated identity theft.
o Nearly half of Americans leave mail in their vehicle;
o one quarter has left a wallet or purse; and
o nearly one third has left bank statements in their car — all of which contain personal information that can put people at risk for identity theft.

In addition, while people are cautious in some areas such as always locking their vehicle (79 percent) and never leaving spare keys (93 percent) in the vehicle, many leave themselves open to thieves. For example, 33 percent say that they have left their car running to warm it up, cool it down or run a quick errand — making their car a fast and easy mark for an opportunistic thief. Also, 47 percent do not always park in a well-lit area and nearly 40 percent do not hide valuables.

According to ConsumerAffairs.com, the Federal Trade Commission (FTC) has sent reimbursement claim forms to more than 2,400 consumers who may have been victims of identity theft due to ChoicePoint unwittingly selling their data to identity thieves in 2005.
In December 2006, the FTC mailed claim forms to 1,400 consumers who may have been victimized, providing instructions on how to file a claim. In April 2007, 1,500 consumers were identified and contacted.

When ChoicePoint announced that it had sold critical consumer information to identity thieves, he FTC investigated the ChoicePoint security breach and decided that these sales resulted in identity theft. The FTC and ChoicePoint reached a settlement, which included a $5 million payment to be used to reimburse consumers for expenses due to identity theft caused by ChoicePoint’s security breach.

The FTC letters inform potential victims of available assistance and encourage them to submit claims promptly.

In a self-grading exercise, McAfee’s Avert Labs researchers said they were accurate in predicting a 2007 rise in password-stealing websites and public awareness of identity and data theft, but were not so accurate in foreseeing a jump in mobile malware and adware.

Lab personnel gave themselves a “5,” the highest score, in four of 10 predictions, including their prediction that websites infected with password stealers would become more common.
They also gave themselves a perfect score in predicting that “identity theft and data loss will continue to be a public issue,” citing nearly 14 million breached records this year compared to 1.8 million from the same time last year.

The researchers did not get perfect scores, though. For example, they predicted that mobile phone attacks will increase. They gave themselves a score of “0″ because mobile malware numbers dropped significantly this year. They also issued a “3″ for predictions that both adware will go mainstream and that the use of bots will increase.

“The statistics from our daily collections show that bots actually declined to a low point in November 2006, but are now increasing again,” said a McAfee researcher. “The numbers aren’t as high as they were 12 months ago, but they’re definitely heading up.”

According to Paul F. Roberts of Infoworld, PayPal has introduced a new Security Key that will add an additional layer of security to user accounts and help prevent online criminals from gaining access to them. The PayPal Security Key is a small electronic token that generates a unique code that is used in addition to a user name and password when users sign in to their PayPal account.

This key provides PayPal customers with so-called “two factor” authentication that makes it harder for online criminals to raid accounts, even if they con users into giving up their user name and password using online “phishing” scams.

PayPal and parent company eBay are top targets for cybercriminals, who use fake Web sites in so-called “phishing” attacks that attempt to trick users into revealing their user name and password.