By Jane Black Identity theft skyrocketed 81% in 2002, a statistic so shocking that it seemed unreal -- until it happened to my sister. Last weekend, she had her wallet pinched. Within six hours, the thieves, clearly professionals, had charged $5,000 to each of her credit cards and wiped out much of her bank account by using her debit card to "purchase" limousine services from a nonexistent company. Worse, the thieves also obtained her Social Security number, which was printed on her health-insurance member card.
These days, Social Security numbers are gold mines for thieves, since the numbers are widely used as ID and passwords by banks, brokers, even the IRS. My sister immediately put a fraud alert on her account with the credit bureaus to prevent anyone from opening new lines of credit. But experts say she'll still have to check her accounts monthly for the next several years. And many credit companies don't always perform every check before issuing new cards. Despite the alert, if criminals do obtain a new line of credit, the onus is on her to prove it was identity theft.
LAZY AND DANGEROUS. All this hassle, fear, and financial loss because my sister was carrying her health-insurance card -- as she's required to do. The incident prompted me, as well as my friends and colleagues, to open our wallets. Each of us found at least one piece of ID, and sometimes as many as three, with our Social Security numbers printed in plain sight. Health-insurance and prescription-drug cards were the worst offenders. Mandates that we carry these cards are the equivalent of forcing us to walk around with thousands of dollars in cash and jewelry.
No wonder ID theft is climbing to dizzying heights. According to a July 30 survey conducted by nonprofit Privacy & American Business, 13 million Americans have fallen victim to identity theft since January, 2001. Total out-of-pocket expenses came to $1.5 billion, or $740 per person. Of those surveyed, 16% said the cause was a lost or stolen wallet. That means if Social Security numbers weren't printed on wallet cards, at least 2.1 million Americans might have been saved the anxiety and aggravation of ID theft.
So why do health plans, among others, continue to put people at risk? "It's a lazy way for companies to assign customer ID numbers because the Social Security number is easy for people to remember," says Beth Givens, executive director of the San Diego-based Privacy Rights Clearinghouse. "But by doing so, they are shamelessly putting people at risk."
CALIFORNIA'S EXAMPLE. Health insurers allow that removing Social Security numbers from member cards is "a priority." But in the absence of a federal mandate or widespread corporate pressure, most aren't moving fast enough for my taste. For example, Aetna (AET), which insures 8 million people nationwide, plans to issue new cards only to new members or companies that change their benefit plans.
If a corporation wants new cards for its employees without making changes to its plan, Aetna will charge $1.05 per card. If the company waits until February (after its heaviest enrollment period), Aetna will charge 75 cents -- still a hefty fee if you have thousands of employees. In the meantime, individuals have little choice but to carry their cards with them. Aetna spokeswoman Rochelle Cunningham says it's likely that patients would still receive treatment without presenting a physical card -- but she doesn't recommend leaving home without it.
Other plans just make excuses. Guardian says it has never printed Social Security numbers on member cards, just the employer name and group number. That's true -- but the cards also have a fill-in-the-blank section where members are asked to write in their name and Social Security number. Most people probably do. And prescription-drug benefits manager Merck Medco says it has no control over whether the number is printed on a card: It's up to the insurer that contracts out the business.
Luckily, change is afoot. In California, a law goes into effect on Jan. 1 that requires all corporations to remove Social Security numbers from ID cards. It also mandates that they be removed from correspondence and forbids companies requiring people to transmit a Social Security number over the Internet unless the connection is secure or the number is encrypted. In an effort to comply with the California law, some companies are overhauling their systems for members in all 50 states. Yet, more often than not, says Harriet Pearson, IBM's (IBM) chief privacy officer, health insurers aren't making changes other than those that are specifically required.
BIG BLUE'S ULTIMATUM. That's why Pearson took action to protect IBM's more than 100,000 U.S. employees from ID theft. Late last year, she sent a letter to the 100-plus health plans that IBM does business with, asking them to stop using the Social Security number visibly on member cards or in correspondence. Many agreed but a few large plans declined.
So, on Jan. 21, she sent another letter to 16 health plans, warning them that if they didn't comply by January 1, 2004, IBM would no longer do business with them. "We share the concern of our employees and health-plan beneficiaries regarding the potential for identity theft resulting from the display of Social Security numbers on administrative documents such as identification cards and health care-related forms," the letter said. "We believe that, eventually, it will become an expected practice throughout the industry to guard against inappropriate display of Social Security numbers...so it makes sense for us to move forward now."
It makes sense for everyone to move forward now. The longer health insurers take to remove Social Security numbers from IDs and correspondence, the more likely it is that rates of ID theft will continue to soar. Health-insurance plans should seize the initiative, do the right thing, and reissue IDs to every member. Smart corporations will follow IBM's lead and ask insurers to do so -- or face the consequences. Otherwise,
it will be individuals, like my sister, who pay the price. Black covers privacy issues for BusinessWeek Online