Raoul, 30 other AGs urge FTC to tighten identity theft protections
By GRANT MORGAN
Capitol News Illinois
SPRINGFIELD – Thirty-one state attorneys general, including Illinois’ Kwame Raoul, are advocating for tougher safeguards against identity theft in the Federal Trade Commission’s rulebook.
“We must keep in place federal protections for consumers to guard against identity theft and protect their finances,” Raoul said.
In 2017, 16.7 million U.S. consumers were victims of identity fraud and theft totaling $16.8 billion, according to a letter sent to the FTC by the attorneys general.
These numbers are so high, they write, because not only are consumers increasingly unaware of just where their information is, but because identity thieves can so easily collect consumer data from broad breaches.
These trends together make an older form of identity protection – “knowledge-based authentication,” when a consumer is asked personal information like the name of a spouse or a ZIP code – obsolete.
They cite a case from 2008, in which a Tennessee student reset the password for then-Alaska Gov. Sarah Palin’s email account by Googling Palin’s birthdate, ZIP code and the accurate location of where she met her spouse.
That happened just one year after the relevant FTC codes, called the “Red Flags Rule” and the “Card Issuers Rule,” were created in 2007.
Now, the attorneys general argue, it is time to modernize.
In their letter, they write that one of the best indicators of identity fraud is when an email or cellphone number is changed at the same time as a physical address, or when a replacement credit card, for example, is requested as well. They argue that companies should be required to notify consumers when this happens at their old addresses and phone numbers.
The attorneys general also advocate for more multifactor identification rules, which require two or more pieces of evidence to work – a card number along with a fingerprint, for example, or a password along with a secret-token USB stick.
Though some states have created their own security protection laws, the FTC must strengthen its own for those states that haven’t, the attorneys general argue.