The problem with the phrase "identity theft" is that it puts the onus of security onto the consumer to secure their personal details instead of onto the bank/telcos/etc to secure their systems.
We should call it what it is: fraud. Whether that's bank fraud, computer fraud or wire fraud, banks should be responsible for compensating individuals for the losses incurred. One way to encourage this change is a change in the language we use surrounding these crimes.
> The problem with the phrase "identity theft" is that it puts the onus of security onto the consumer to secure their personal details instead of onto the bank/telcos/etc to secure their systems.
And it's really even worse than that, as you are assigned blame for something that the party blaming you is itself forcing you to do. Like, they won't open an account for you unless you tell them your SSN, but then they blame you if you don't keep your SSN secret.
It's reasonable to some degree to expect that you keep your password secret. It's a different thing altogether to take information that is unavoidably known to lots of parties, or in many cases even outright essentially public info (like, stuff you can just buy as a database) as proof of identity, and then insist that you are legally responsible for a contract or whatever they made with someone who knew your DOB or something.
It's really not much different than just throwing darts at a phone book, and then pretending that the fact they hit your name proves that you now have a contract with them ... no, it doesn't, and it's your fucking problem if you think it does.
We should call it what it is: fraud. Whether that's bank fraud, computer fraud or wire fraud, banks should be responsible for compensating individuals for the losses incurred. One way to encourage this change is a change in the language we use surrounding these crimes.