Jay Foley recently fielded calls in his office at the Identity Theft Resource Center from two campaign donors who were worried about how their credit card information would be handled. One donor had given money to a congressional campaign, the other to a mayoral race.
So Foley called both campaigns to find out what steps they were taking to shield donors and was relieved to learn that the issue was being addressed. In the mayoral race, the campaign manager sympathized because he'd been a victim himself.
Identity theft covers a range of financial crimes. A common example involves using a stolen Social Security number to open new accounts in someone else's name. It also includes credit card fraud, when someone steals and uses another person's credit card.
Foley hasn't heard of identity theft striking a campaign. But, given the potential, he questions how many campaigns are truly focusing on identity theft, given the other demands on staff members' attention.
"They're focused on the issues of the campaign. They're focused on the campaign schedule. They're focused on their opponents. They're not focused on the details of the data they're collecting," Foley said in a telephone interview from the center in San Diego.
Two million people contributed money to campaigns online in 2000, a figure that doubled in 2004, according to the Pew Internet & American Life Project in Washington, D.C. One million gave online in the off-year election of 2002. Campaign donors tend to be wealthier than average citizens, said Lee Rainie, the project's director, potentially making them appealing targets for identity thieves.
"It's not the elite client list of a major bank," Rainie said. "But it's a pretty elite number of folks in this country who go out of their way to make campaign contributions."
Compared with banks, utilities and retailers that collect millions of names and account numbers, political campaigns aren't the most tempting targets for identity thieves. Still, campaigns run the same risks and therefore should make efforts to reduce or eliminate the potential for mischief, particularly as the Internet becomes more accepted as a fund-raising tool. Key steps include encrypting data, restricting access to donors' information and keeping account numbers no longer than necessary.
Campaigns have a strong incentive to protect donors from harm, particularly if officials hope to ask for money more than once or avoid embarrassment before an election, said Foley and other observers.
Third-party vendors who handle fund-raising details have a similar motive for being careful, said Carol Darr, executive director of George Washington University's Institute for Politics, Democracy and the Internet in Washington, D.C.
"It would be a real good way to lose your consulting business if word got out," she said.
[ILLUSTRATION OMITTED]
The number of victims appears to be declining, according to research by the Council of Better Business Bureaus and Javelin Strategy & Research, a financial-industry firm. Researchers estimated the number of adult victims was 8.9 million in 2005, down from 10.1 million in 2003 and 9.3 million in 2004.
Complaints are rising, despite the decline in victims, because people are more aware they can call the FTC, said Rubina Johannes, a research analyst with Javelin Strategy in Pleasanton, Calif. "It's not necessarily that there are more cases," she said.
At the same time, the average amount of money lost in each case has grown from $5,249 in 2003 to $5,885 in 2004 and to an estimated $6,883 in 2005, researchers found. And, they said, 90 percent of all cases do not originate with online transactions. Lost or stolen wallets, checkbooks and credit cards are the primary source of identity theft.
Vulnerability to identity theft lies less in the technology than in the people who use it, said Gary Gordon, executive director of the Center for Identity Management and Information Protection at Utica College in New York. "You always have the human element. That's part of the issue here that you have to deal with. You can have very secure systems. But, people tend to figure out ways around them, if just for convenience," he added.
People also can be duped. A common scam known as "phishing" has afflicted banks, credit unions and even the Internal Revenue Service. Crooks set up Web sites designed to look like the real thing and then send out e-mails convincing people to feed the site with Social Security numbers or other personal information. In theory, a crook could set up a fake site designed to look like a campaign's donation page and direct traffic to it, Gordon said.
Organizations that take credit card donations often farm out the task to companies that have experience in handling sensitive information. The National Republican Congressional Committee taps a company called VeriSign Inc. to encrypt contributors' data as it comes in and goes out, said Ed Patru, a spokesman for the committee. The re-election campaign of Pennsylvania's Democratic Governor Ed Rendell entrusts its online fund raising and related security to a company called Blue State Digital, in Washington, D.C., said Samantha Tubman, a spokesperson for the campaign.
Campaigns can also set themselves up with the necessary technology for accepting credit cards and safeguarding account numbers. "It is not a difficult process anymore," said Nathaniel Pearlman, president of NGP Software in Washington, D.C. The company's products include software that enables the receipt of credit-card donations.
The risk for campaigns seems minimal to Larry Hayes, owner of Synetech Group in Charlottesville, Va., in part because even a large congressional campaign might have only 20,000 names in the database. Synetech processes campaign contributions and offers other back-office services.
Workers can encrypt any credit card information they store and refrain from keeping numbers longer than they're needed, he said. For numbers that come in through the mail or by telephone, workers should enter and encrypt the numbers on a computer and then destroy the paper version.
In his experience, the technology experts working on campaigns are aware of the issues, and he has seen more campaigns asking questions, Hayes said.
"People can be completely careless. But, most people who are doing this are just professional," he said.
Joel Berg is a freelance writer in York, Pa., who specializes in financial services.
No comments:
Post a Comment