Personal information of victims used for identity theft

Root Causes of Identity Theft





In a trio of articles (for NSF-TRUST), I showed how identity theft is an externality of credit granting, where costs of fraud are spread among victims, merchants, and society generally. For instance, the image below is summary data on an identity theft victim who I interviewed–the impostor in the case made numerous errors in pretending to be the victim. Yet mortgage lenders were willing to grant huge loans in the victim’s name, despite mismatches in personal information and the presence of fraud alerts.  This incident of identity theft, and many others, are crimes committed by bad actors, but they are also incidents where credit grantors’ pursuit of profit causes them to overlook evidence of fraud.

In this work, I explain the economic incentives that lead grantors to overlook fraud. Understood as a problem of incentives, different public policy options could be sought. Instead of prescriptive rules proposed by privacy advocates, I argued that credit grantors should be liable for identity theft victims’ lost time and financial costs.  These costs should be allocated to credit grantors, because they are least cost avoiders in the identity theft context, and because consumers cannot control the credit granting process nor insure against identity theft losses efficiently.

My analysis shows that consumer education cannot be effective at stemming identity theft, because the most forms of the crime cannot be prevented through consumer action or inaction.  Further, criminalization largely failed to address the problem, because of law enforcement priorities, a lack of training, and reluctance among businesses to participate in investigations.