Somehow, someone got the credit-card number and Social Security number of Maureen Mitchell's husband. She first learned about the problem when a bank called her to report unusual credit-card activity.
But the problems didn't stop for the Madison, Ohio, family. A department store and car dealers were issuing credit to people claiming to be Mitchell's husband.
By the time the thieves were caught - when they applied for large loans at a number of banks - some $111,000 in fraudulent charges and loans had been made against the family.
The Mitchells' problem might have been quickly resolved if credit reporting agencies and businesses had the means to coordinate information. But some businesses had automation or training to catch suspect credit and loan applications, while others did not.
As Mitchell told her story last week before the U.S. Senate Subcommittee on Technology, Terrorism and Government Information, a disparity among businesses quickly emerged: Large banks and some credit-card companies with the tools and training to detect fraud were able to protect themselves and the Mitchells from losses.
But some auto loan companies and a department store failed to take those steps. The thieves were able to get car loans to purchase a Lincoln Navigator and Ford Expedition.
The Mitchells' problems were being reported to creditors and credit reporting agencies, but the U.S. Federal Trade Commission (FTC) said the apparent inability of these entities to readily share information about fraud led to the continued abuses.
Jodie Bernstein, the FTC's consumer protection chief, is urging creditors and credit reporting agencies to develop mechanisms for detecting fraud, she said at last week's hearing. The hearing was called to examine the effectiveness of a recently enacted federal law to combat identity theft.
Companies that have invested in protection and detection systems and training are more likely to catch problems than those that don't, said Bruce Murphy, the global protection leader for technical risk security at New York-based PricewaterhouseCoopers. Making that investment boils down to risk vs. benefits. "It's a business decision," he said.
Congress approved a law in 1998 that gave federal agencies, including the U.S. Secret Service, the right to investigate identity theft. Criminals can be sentenced up to 15 years in jail under the law. But despite the law, the FTC said, anecdotal evidence, including reports of Social Security number misuse and calls to the FTC's theft hot line, all point to an increase in this type of crime.
Some law enforcers say the Internet is contributing to the problem by making private data easily obtainable.
But Emily T. Hackett, state policy director at the Internet Alliance, a Washington-based trade group, said the Internet isn't at fault. "The credit card that you hand to a waiter in a restaurant has less security," Hackett noted. The Mitchells have never purchased anything online.
When creditors called seeking payment, Maureen Mitchell said she told them: "Too bad you didn't find the real Mr. and Mrs. Mitchell before you loaned the money." She has since logged more than 400 hours trying to clear her name and restore her family's good credit.IBM Puts Voice on Palm