Giuliani offers strategy on identity theft

Former New York Mayor Rudolph Giuliani told financial industry executives yesterday they should protect consumers from identity theft in ways similar to cities preparing for terrorist attacks.

"If you anticipate everything you can, you will be ready for the unanticipated," Mr. Giuliani said.

Mr. Giuliani was the keynote speaker at a Mandarin Hotel conference on payment card security, where nearly 300 executives discussed methods to stop the growing rate of identity theft, particularly with credit and debit cards.

He said when he arrived at ground zero on September 11, 2001, after terrorists rammed hijacked airplanes into the World Trade Center, he told a police officer who accompanied him, "We have no plans for this."

Instead, New York City officials improvised with parts of other disaster plans for fires, subway derailments and chemical attacks to figure out a response, he said.

The lesson for the financial security industry is that, "Success comes about because of relentless preparation," said Mr. Giuliani, now the chief executive of Giuliani & Partners, a consulting firm that has a security division.

About 10 percent of U.S. consumers believe they have been victims of identity theft, according to a report from McLean-based credit-card issuer CapitalOne.

Debit and ATM card theft alone cost U.S. consumers $2.75 billion in the year prior to May 2005, with an average loss of $900, according to a study released in August by information technology firm Gartner Inc.

Several speakers said although they are getting better at stopping identity thieves, consumers who entrust their credit-card numbers or other financial information to strangers are the industry's biggest security risk.

"The greatest threat can be in your own house," said Marge Connelly, CapitalOne's vice president of corporate reputation and government, referring to consumers who do not guard their cards adequately.

Rep. Michael N. Castle, Delaware Republican, said he supports legislation that would require financial institutions to immediately report security breaches to consumers. It also should require financial institutions to secure their computer networks after the breaches, he tions to secure their computer networks after the breaches, hesaid.

He is a member of the House Financial Services financial institutions and consumer credit subcommittee, which is considering one of several bills to improve security against identity theft.

About 10 million Americans are victimized by identity theft each year, according to the Federal Trade Commission.

Visa USA, which sponsored the conference, is spending $200 million over the next four years for anti-fraud security measures, said John Coghlan, the new chief executive officer of the credit-card association.

"Innovation in technology can help, but only somewhat, because no one of us controls all of the aspects of vulnerability in the network," he said. Other risks are created by merchants, payment networks and consumers who are lax with their financial information.

"And hackers are always probing, in real time, to find the points of greatest vulnerability," Mr. Coghlan said.

Law-enforcement agencies have noticed "an increase in the level of sophistication" of cyber-thieves, according to Brian Nagel, director of investigations for the U.S. Secret Service.

In some cases, thieves in foreign countries with advanced computer skills have gained access to consumers' bank and retirement accounts, he said.

"It's not just young kids doing it," Mr. Nagel said. "We're seeing various levels of criminals from a variety of backgrounds."

Thieves use software that scans the Internet to monitor every keystroke electronic shoppers make.

Another common technique is phishing, which occurs when a cyber-thief sends an e-mail with a link to a false web site. The site typically is disguised to look like Web sites of banks or well-known e-commerce merchants.

The recipients of the e-mail then are asked to provide personal account information.

Phishing attacks increased 28 percent in the year prior to May 2005, according to Gartner.

Educating consumers about how to protect their information is one of the best security methods, Mr. Coghlan said.