I have concluded that identity obesity and underlying identity mismanagement by consumers and companies is the root cause of the identity theft epidemic. As I continue my research about the causes of identity theft and related risks or solutions, I am convinced that both consumers and companies unnecessarily accumulate, retain and share personal information at an alarming rate without the understanding of the risks and/or willingness to learn about and adjust their identity protection practices.
Let’s first understand what I mean by identity obesity and why I think most consumers and some companies are identity obese. With regards to consumers, the best comparison can be made to our food consumption and weight obesity as I have previously discussed. As eating more of the wrong things can lead to health and weight problems, managing too many personal information components in the wrong way can also lead to identity theft and fraud. One of the reasons consumers excessively create, duplicate and share personal information is that they lack the basic understanding of the identity protection risks. For example, consumers continue to accumulate credit cards in which case the average consumer owns 8 credit cards or they carelessly create too many online accounts whether it’s financial accounts or social networking accounts without the basic understanding of identity theft risks and related identity protection techniques. The big difference between weight obesity and identity obesity is that it’s very difficult to reverse the damage caused by identity obesity. Once personal information is shared with other parties, it’s extremely difficult if not impossible to recollect the shared information or stop the sharing cycle by parties we shared the information with in the first place.
Some companies also collect more personal information from their clients than they need in order to run their businesses. This careless practice leads to unnecessary information protection risks and costs. What makes it even worse is that companies which sell exploitable consumer goods and services such as credit cards fail to educate their customers about the identity fraud risks and best identity protection practices when using their products because customer education and awareness are not mandated by any laws and can also lead to lower sales. Companies in regulated industries such as healthcare, insurance and banking which are required to educate their employees about best information security and privacy practices are not required to educate their customers for protecting personal information outside of their business boundaries. Although educating customers is not required by current regulations, it is a good business practice and what some businesses fail to understand is that the long term cost of not educating their customers for preventing and detecting fraud is much higher than the cost for providing upfront and continuous awareness and education to prevent and detect fraud on a timely basis.
The long term consequences associated with unengaged customers include time and money spent for resolving increasing number of fraud cases, dealing with increased regulatory scrutiny, rebuilding corporate image, regaining lost customer loyalty and trust, and fighting multiple lawsuits.
As we discussed, identity obesity which is the excessive and unnecessary creation, retention and sharing of personal information can lead to a higher risk of identity theft and fraud if consumers mismanage their private and exploitable information. Let’s first discuss what constitutes identity mismanagement in order to learn about the identity protection principles.
The Identity KAOS principles which I created and serve as the building blocks for developing the Identity Diet plan address the risks of identity obesity and identity mismanagement. Once you understand these principles, you will become aware of the identity protection risks and learn how to manage them. In summary, identity mismanagement can be summed up in 4 sections:
1- We might not know what exploitable personal information we possess and where they might be. For example, we might not know what information we have in our wallet or what identity component can lead to what type of crime.
2- We might not understand the risks of accumulating more personal information or using our personal information in an inappropriate manner. For example, we might write down our ATM code or keep applying for new loans on the Internet without any regard for the increased identity theft risks.
3- We might not properly organize our personal information and/or monitor to detect identity theft. Most people don’t have their identity organized for maximum recovery and protection let alone monitor to detect any unauthorized use.
4- And lastly, we might not secure and limit the sharing of our personal information. Most personal information components such as passports and credit cards must be physically secured and shared with caution if at all to reduce the identity theft risks.