Identity Theft

View your identity as an asset, just as you view your earning power, reputation, and credit rating as an asset. We must preserve and manage that asset just like any other risk. Identity theft occurs when someone swipes your personal data, like your bank account number or Social Security number, to commit fraud or other crimes.

Identity theft is just one more risk to manage. Thus, let us approach it as we would any other risk and apply the usual complement of risk management solutions.

Insurance Coverage for Identity Theft

Identify theft insurance reimburses an insured for expenses related to restoring accounts after being victimized. Consumers can find stand-alone insurance policies that cover them for identity theft. Alternately, they may find the coverage–or at least some protection–afforded as an add-on in existing policies. First, consider the stand-alone coverages available. Allstate, AIG, Chubb, Encompass, Farmers, Fireman's, Liberty Mutual, MetLife, and Travelers all write identity theft insurance. For personal risks related to identity theft, stand-alone coverages can cost anywhere from between $25 to $200 per year. However, some observers caution against buying stand-alone identity theft insurance until you verify that such protection is not already provided under your existing homeowners' insurance coverage or credit-monitoring service.

Loss Control Techniques for Identity Theft

As in many areas of risk, loss control yields the biggest bang for the buck. Consumers can control the frequency or severity of identity theft. A sound loss control approach to preventing identity theft includes:

• Each year, get a free credit report from each of the big three credit bureaus; stagger your requests to monitor your credit every four months.
• Retain important information, such as passport copies, credit card numbers, phone numbers, in a safe place in case your wallet is lost or stolen.
• If you suspect you have been the victim of identity theft, file a report with the FTC and the police. Also notify banks and creditors. Ask creditors to put "fraud alerts" in your credit files.
• Check with your bank to see if it offers any identity theft resources. Some banks offer free seminars.
• If you can prevent identity theft, other risk management techniques become moot or function as fall-back protective options.

Retention as a Risk Management Technique

Retention is a conscious decision to set aside funds to finance the consequences of loss. It is an intentional decision to forego insurance coverage and absorb whatever financial consequences arise from identity theft. One way to blend retention with insurance is by having a deductible or a self-insured retention on a policy. One key term of the definition is conscious. This implies a reasoned decision to forego financial transfer and to self-fund (or self-insure) for losses arising from a peril. Perhaps many consumers (and even some businesses) engage in "unconscious" retention, where they are unaware of the risk and have no financial cushion available to absorb the monetary consequences that might arise in the event their identities are stolen.

Avoidance

Avoidance means not engaging in activities that give rise to a risk. Avoiding identity theft is hard simply because it is difficult to avoid having an identity. Forgoing checking accounts, credit cards and on-line activity might be one way. This could return consumers to the 19th Century. (Doing so is so easy that, well, a caveman could do it!) Alas, the conveniences of modern life–having bank accounts, credit cards, and surfing the Internet–are woven into our modern lives to the point where it is hard to conceive of functioning without them. Foregoing these activities in order to "avoid" identity theft is like having the risk "tail" wag the "dog."

Not Just a "Personal Lines" Risk

While the thrust of this discussion is on personal risks, we should not delude ourselves into thinking that commercial entities need not worry about managing the risk of identity theft. Professional risk managers–whether or not they have this formal title–must manage the risk and be aware of corporate liabilities and responsibilities. Plaintiff attorneys are sniffing around the phenomenon and considering various theories of tort liability. At least four present themselves:

• negligent security of personal information
• negligent sale of information
• failure of a bank to prevent identity theft or to mitigate damages
• liability of credit reporting agencies to prevent or fix instances of fraud

Trial magazine — the monthly publication of personal injury attorneys (uh, excuse me–American Lawyers for Justice) — has included an article on "Civil Liability for Identity Theft" in a recent issue. Whenever there is a wrong, there must be a deep pocket to sue!

Certainly if you manage risks for a Wachovia or Equifax, you have liability exposures. Consider a scenario, though, where Claims- or Risk-Management-Clerk Connie swipes the Social Security number and name of a workers' compensation claimant, procures two Visa cards and goes on a shopping spree. Any claims office, TPA, or insurance company could face third-party liability claims from aggrieved victims of identity theft for inadequate security. In the course of handling claims, adjusters work with tons of personal information that can make identity theft easier. The peril can hit close to home. Identity theft is not just a first-party personal lines exposure. It is also a potential third-party commercial lines liability risk.

So, do you have a mid-life fantasy of who else you would like to be? Morphing your identity should be something you do by choice, not because some dirt bag has stolen your credit card number. Use these tips to manage the growing risk of identity theft.

Kevin Quinley, CPCU is an insurance executive in the Washington D.C. area. He can be reached at kquinley@medmarc.com or at his website, www.kevinquinley.com.