How E-Mail Could Foil Fraudsters

January 8, 2002

Let's say you buy a pair of hiking shorts online at adventure-sports outfitter Patagonia.com. Within minutes, you get an e-mail saying your order has been received and giving you a order-confirmation number. And you'll get another e-mail when the order actually ships.

The benefits of such electronic alerts are clear. Getting valuable information makes customers happy and more confident about e-tailing. And if a glitch disrupts your order and you have to call a sales rep, Patagonia can reply to your inquiry via e-mail if it can't give you an answer immediately. The company benefits from having a more efficient customer-service operation.

LITTLE-USED TOOL. Too bad many companies that play important roles in our everyday lives have failed to see how valuable a tool e-mail can be. I'm talking about banks, utilities, and credit-reporting agencies. As the gatekeepers of loans, credit cards, and savings and checking accounts, banks hold huge sway in the life of the average American. Yet many don't give electronic notification of important account information.

It's the same with utilities. Some 25% of identify-theft complaints each year involve fraudulent establishment of new telephone, cell phone, or utility service, according to the Federal Trade Commission, but electronic notification that an account has been set up in your name is rare.

Credit agencies are the ultimate arbiters of the creditworthiness of hundreds of millions of people in dozens of countries. Yet few of these institutions have the type of electronic customer-relationship interactivity that even a smallish catalog company such as Patagonia has mustered.

COSTLY THEFT. Judicious use of e-mail could go a long way toward cutting down on identity theft and fraud, online or off. Such illegal activity costs consumers and banks hundreds of millions each year -- not to mention time and aggravation. And the incidence of fraud is growing rapidly. The FTC's ID Theft Hotline was receiving 285 calls per week in January, 2000. By January, 2001, it was getting 2,330 calls per week.

In some ways, an e-mail would just be a cyberversion of the communication that already takes place. As a check against identity theft, American Express and Charles Schwab both automatically send notification letters to an old address any time a customer requests an address change. The reason? If someone has tried to switch your address without your knowledge -- a common tactic used in identity theft -- then you would be clued in that something was amiss and could notify the company that you hadn't moved. Appropriate fraud warnings could then be put out.

In cyberspace, such a process should be even easier and faster. Any changes to an account, whether made over the phone, via the Web, or in writing, should elicit an automatic e-mail notification to the customer. What if the e-mail bounces? Sure, that could be a problem. But even the U.S. Postal Service won't switch your address without two or three weeks notification.

IN THE LOOP. If companies relied on a standard, but shorter, delay before implementing an e-mail address change, customer-service reps would have plenty of time to secure the correct address. True, not everyone has e-mail. But Americans held 440 million e-mail accounts as of December, 2000, according to Internet survey company Nua, and e-mail is the most common use of the Internet.

Most customers would feel more secure if banks and brokerages brought them into the loop electronically. The financial houses could save big bucks by heading off fraud efforts with virtually no additional costs incurred. Many of them already have e-mail accounts listed for a significant portion of their customers. It's a win all around.

Some companies have gotten smart. CapitalOne notifies me via e-mail if I use online access to change the mailing address of my credit-card account. And Charles Schwab will notify me with trade confirmations and the closing value of my accounts each day.

TO THWART A THIEVE. A far bigger payoff, however, lies with credit-reporting agencies. They sit astride the ultimate information crossroads, and they're in prime position to head off fraud before it happens.

Take this scenario: A thief fishes one of those now-ubiquitous preapproved credit-card applications from my curbside mailbox, fills it out after crossing off my mailing address, and enters his own or a post-office box number. When this application goes to the bank, it will change the address in its database to the new one supplied by the fraudster. The bank probably doesn't have my phone number on record, so it won't call me. Bottom line: I've got a problem.

This new credit-card account should cause a notation on my records at the three credit-reporting agencies: Experian, Equifax, and TransUnion. If those agencies sent an e-mail to notify me of the requested changes, I could head off fraud in a hurry.

EVERYBODY GAINS. That would save me the time and hassle of cleaning up my credit. It would save the credit-card companies money because it would reduce the time a fraudster would have to rack up bogus charges. It would save the credit-reporting agencies money by reducing their need to correct credit reports. Again, everybody would gain.

As it stands now, only two of the big three credit agencies -- Equifax and Experian -- offer 24-hour e-mail notification of any recorded changes. They charge consumers for the service, $50 and $80 per year, respectively. That means a consumer has to pay two separate entities and manage two separate accounts to get access to what is essentially the same information.

Worse, if a bank issues a credit card to someone who is using your identity based on a TransUnion credit check only, you won't probably hear about it for some time, since the companies prefer not to talk to each other.

PENNIES PER E-MAIL. I can't quarrel with a fee. These are for-profit companies, and they see e-mail notification as a value-added service. They spend a lot of money to collect all this data and want to be compensated for it. And any added services, even ones as easy to automate as e-mail notification, will cost some extra money to implement.

The real economic benefit to the credit-reporting agencies would come not in selling the service to consumers but in reducing the cost of fraud and identity theft. The expense of automating e-mail responses to account changes would likely be pennies per e-mail -- and it would lessen rather than add to the burden of existing customer-support personnel. This would be true not just of the credit-reporting agencies but other types of businesses as well.

If the credit agencies want to sell the service, I think they would have much better luck pooling information for a single notification system. That might raise antitrust concerns, but since the three already constitute a de facto monopoly, I can't imagine that the FTC would bother to stop them. And if they dropped the price, they would get more customers.

KEPT IN THE DARK. It's common sense that e-mail notification should come at a nominal fee, or perhaps even be subsidized by the banks or other financial institutions. According to the FTC, the average amount of time between the occurrence of an identity theft and when the victim notices it is 14 months. That's way too long, especially when you consider how quick and easy it is to give customers information that might tip them off. It could be done within 24 hours.

Using technology to tell your customers what's going on may not save money upfront, but it will definitely achieve big savings over the longer term. And it will make everyone -- consumers and companies alike -- more secure.