In 1999, someone stole a credit card from Sallie Twentyman's mailbox, then used it steal her identity, applying for many more credit cards online -- including one at Providian.com, which promised approval in five minutes. Tonight's "Tech Live" takes a look at the latest efforts to combat identity theft.
"It really burned me," said Twentyman, a high school teacher in Northern Virginia. "I knew that if they were approving in five minutes, they weren't checking."
Twentyman was lucky. Providian didn't mail the card -- it approved it, but later saw a fraud alert on her credit report and learned of the scam when an employee called her at home to confirm the online application. Providian said it has improved its systems for catching identity thieves since then.
But as Twentyman found out, the Internet has made identity theft and fraud a lot easier -- not just to get credit cards and merchandise with stolen identities, but also to uncover personal information.
"I get very angry when I see that you can go on and buy information," Twentyman said. "You look up a person's phone number and then you get a pop up and 'find information about the person' [offer]."
But many other victims of identify theft aren't as lucky as Twentyman. Identity thieves often succeed at getting credit cards and merchandise, both online and off-line. The number of identity theft complaints received by the Federal Trade Commission doubled last year to 86,000, according to the agency. Other estimates of incidents of identity theft run as high as 1 million a year, according to the Identity Theft Resource Center.
Investigators said recent scams include fake email notices about tax audits from the IRS and online purchases from eBay that trick victims into sending back personal information.
"The Internet and telecommunications are definitely being used more and more by thieves," said Linda Foley, executive director of the Identity Theft Resource Center in San Diego, California. "It provides an additional layer of invisibility."
Now lawmakers and victims are pushing new federal legislation to crack down on identity theft and fraud.
At a Senate hearing in March, a police investigator made his point about the ease of identity theft to Senator Dianne Feinstein (D-California) with a surprise disclosure.
"I was able to obtain enough information off of your (Senate) website to obtain a credit card," Lou Cannon of the Washington, DC, police told her.
"Really?" Feinstein said, in a stunned voice.
"Yes ma'am," Cannon said. "All you needed was the basic information. That basic information gives you access to another site that will feed you the additional information that will then get you to your final destination."
Cannon promised to help senators change their websites to protect them from identity theft.
The proposed legislation -- one bill from Feinstein and another from Senator Maria Cantwell (D-Washington) -- doesn't stop the sale of personal information on the Web, a lot of which is obtained from public sources like phone directories. Instead, it generally sets new, tougher standards for credit card companies and credit bureaus to plug loopholes in existing law.
Among the provisions the Senate is considering:
Credit bureaus would be required to inform credit issuers if an applicant has a different address than the one on file with the bureau. Variations in address are good clues to identity theft.
Credit card companies would have to notify customers at both their old and new addresses when an additional credit card is requested on an existing account within 30 days of an address change request. Thieves who steal new and replacement cards from mailboxes often request duplicate cards at new addresses.
Manufacturers of credit card printers would have to make machines that print only the last five numbers on a receipt. California has already enacted this type of law and many merchants nationwide are taking the action voluntarily.
Federal agencies also have recently taken steps to combat identity theft.
In February, the FTC introduced a new, single affidavit that consumers can use to notify credit card companies and credit bureaus that they have been victimized. Identity theft victims usually have to fill out separate forms for each company and bureau.
But with fraud losses mounting, banks and credit card companies are beating lawmakers to the punch.
At Providian, the bank still provides quick approval for online credit card applications -- now within 30 seconds, instead of five minutes -- but the approval is only preliminary, said Chris Lewis, Providian's chief privacy officer.
Before the application is finalized, the applicant's address must be matched and verified by computer with the applicant's credit bureau file, which usually happens within a day. If the information doesn't match, the application is kicked out of the automated system for fraud review by bank specialists. Like many financial institutions, the bank also uses software that screens for purchase patterns in credit card accounts.
As a result of these and other moves, the bank says it has cut credit fraud losses of all kinds by about a third.