ChoicePoint Inc. and LexisNexis may face withering criticism for not keeping identity thieves out of their massive databases, but information brokers are far from the only sources of the Social Security numbers, addresses and other tidbits that fuel the fast-growing brand of fraud.
Just ask Brielle LaCosta, whose personal data was stolen when she responded to a seemingly official e-mail purportedly from online auctioneer EBay Inc. Within a few days of filling out the online forms, a car she had put up for auction had been sold out from under her and someone had run up $12,000 in charges on her credit card.
"I was stupid," said the 20-year-old college sophomore from Connecticut. "I put it all on there."
She's not the only one. Despite high-profile security breaches at big data aggregators like ChoicePoint and LexisNexis, online attacks, inside jobs and old-fashioned burglaries provide crooks the bulk of the personal data they need to open fake credit-card and other accounts.
The rise of online commerce, in particular, has been a boon to thieves. Obtaining sensitive identifying information has become so easy, according to investigators, that the wholesale rate for valid credit-card numbers has fallen to as little as a dollar apiece.
"Consumers are not equipped to defend themselves properly," said Gartner Inc. data security analyst Avivah Litan. Among thieves' weapons of choice are so-called "phishing" attacks like the one that snared LaCosta, in which e-mailers pretend to be from a bank or other commerce site and refer people to sites that look official, and the use of spyware that surreptitiously logs account passwords as victims type.
As those tools become more effective, "there's no lack of supply of stolen credit-card information," said former Assistant U.S. Atty. Scott Christie, who prosecuted members of Shadowcrew, an accused identity-theft ring. Some thieves try to obtain card numbers issued by banks in specific parts of the country, making fraudulent purchases less likely to stick out on consumers' bills because they look local.
So worried are people about attacks that the percentage of online shoppers willing to enter a credit-card number has flattened out after several years of sharp growth, sparking concern that electronic commerce may start to slow down.
"It took several years for e-commerce to take off," said Shawn Eldridge, chairman of the Trusted Electronic Communications Forum. "Now the same problem is creeping up. The underlying trust people have in the Internet is being eroded again."
