Caslon Analytics elephant logo title for Identity Crime profile
home | about | site use | resources | publications | timeline |::| Analysphere | Ketupa

overview

identity?

pre-modern

apparitions

conmen

honour

survivors?

cards

resumes

pollution

digital

statistics

costs

responses

insurance

Aust law

other law

fiction

forensics

shadows

true lies

dead souls

gender

landmarks












related pages icon
related
Guides:

Security &
InfoCrime

Governance

Information
Economy

Consumers
& Trust





related pages icon
related
Profiles:

Forgery &
Forensics

Biometrics

Credit
reporting

Vetting
Services

















section heading icon     insurance

This page considers identity theft insurance.

It covers -

section marker     introduction

The insurance business is about marketing, number crunching and contract construction, with insurance providers assessing whether premiums from the insured (and income from investment funded with those premiums or through associated products) will typically be greater than payouts to the insured. Skilful drafting of terms & conditions (or a glacial attitude in their interpretation) and the sheer opacity of much insurance contract writing minimises payouts.

Like other parts of the financial services sector the insurance industry is prone to bouts of exuberance and herd behaviour, executive hubris and efforts to buy market share, along with occasional innovation that meets a genuine need of individual and corporate clients. (One point of reference is the $5 billion HIH collapse noted elsewhere in this site and examined in the 2003 report of the Royal Commission of inquiry).

Recent years have seen the emergence, particularly in North America, of a market for providing 'identity theft insurance' to consumers.

Some of that insurance is provided as standalone policies by major insurers or smaller specialists, in particular new market entrants hoping to populate a niche and then compete directly with major players. Some insurance is bundled as part of home-owner, car-owner, boat-owner or other policies: pay a few dollars extra each year and your existing coverage will be extended to deal with identity theft.

Some insurers have avoided marketing direct to consumers, instead targeting employers who are encouraged to include identity crime coverage in employee remuneration packages. Banks, credit card providers and other financiers have offered insurance as part of credit/debit accounts.

Emergence of identity theft insurance reflects several factors. The first is simply perceived market demand: consumers have become sensitised to identity crime and have expressed interest, during a range of surveys, in buying some form of cover.

Another reason is that market entrants and established insurance providers are seeking new opportunities in what at times is a cut-throat industry. That is reflected in developments such as US patent 20020173994 ('Method and apparatus for insuring an insured from identity theft peril and identity reclamation and credit restoration').

A third reason is industry pragmatism rather than opportunistic expansion: being seen to provide solutions helps to fend off pressure from legislators, regulators and consumer activists critical of industry practice (eg claiming that institutions are major contributors to identity crime and should "do more" than simply transfer costs).

What is identity theft insurance? It is important to emphasise that the policies do not prevent the range of identity crimes highlighted in this profile. They do not aim to stop identity thieves (within or outside the victim's circle of family and associates). Typically they do not aim to recover every financial loss experienced by a person whose identity has been appropriated or by someone who has dealt with an identity criminal.

Identity theft insurance instead provides a person whose identity has been 'lifted' with some money towards the cost of dealing with that theft, for example the cost of phone calls and postage or legal advice after you find that someone is running amok with your credit card.

That is consistent with comments earlier in this profile that many people experience three injuries when their identity is appropriated -

  • initial financial loss, often a loss that is ultimately covered by a bank or credit card provider (and passed on to consumers generally)
  • damage to a personal financial profile, with denial of credit or higher costs for access to credit
  • stress and time wasted dealing with credit reference agencies, individual financial institutions, police and other entities in trying to restore a good name.

Mainstream critics have questioned the value of some identity theft insurance policies (or potentially misleading statements in marketing). More adventurous critics have asked whether alternative mechanisms would be more effective. The UK national consumers association for example suggested that

companies are capitalising on people's lack of knowledge about fraud. Consumers would be better off spending the money on a shredder.

Others have asked whether legislation such as the US federal Fair & Accurate Credit Transactions Act 2003 (FACT Act) - which provides a right to a free annual credit report on request - should be extended to cover free automatic 'financial health warnings' if anomalies appear in data being aggregated and mined by credit reference services.

section marker     custodians

Discussion elsewhere on this site regarding data losses indicates that businesses and other organisations are contributing to identity crime through failures as custodians of customer data (eg losing tapes and laptops, inadequate firewall protection against hackers, sale of data to criminal gangs).

Definitively linking that negligence to the identity theft experienced by a specific customer is difficult and courts have tended to take a conservative approah in assigning blame. However, regulators in the US and elsewhere have imposed substantial penalties - in some instances amounting to several million dollars - for breaches by financial institutions. Organisations of course face much larger costs in marketing to rebuild a damaged reputation and reengineer IT systems.

Are insurers selling policies to organisations about such contingencies? Have there been substantial payouts? There is very little public information about practice.

That lack of information is consistent with confidentiality - organisations tend to be more open about coverage against hurricanes and other 'acts of God' rather than action by the Vladivostok mafiya or inaction by an imprudent CIO. It also reflects the shape of the market for corporate insurance, with insurers apparently not rushing to offer discrete ID theft coverage but instead bundling protection as part of general liability or broad IT security insurance.

A spokesperson for Swiss Re commented in 2006 that "identity theft seems to be mainly a topic for primary insurers, especially in the US ... but it is not really a topic for reinsurers".

Literature on custodian liability is highlighted here.

section marker     issues

As with identity theft alert services provided on a commercial basis by credit reference bureaus, some consumers have questioned whether identity crime insurance is good value.

Typical criticisms are that -

  • policies for giving consumers a false sense of security ("after all, they don't prevent the theft from occurring in the first place")
  • policies often do not cover a victim's out-of-pocket expenses, eg travel, phone and stationery costs
  • consumers may have trouble claiming
  • many policies do not cover legal fees
  • many policies do not cover lost wages due to time away from work dealing with identity crime
  • few policies make any payment regarding time spent outside work hours dealing with identity crime

Privacy Rights Clearinghouse commented

For consumers, you're not buying a guarantee that identity theft won't happen, and it's tough to say that these policies will ease your frustration if you are a victim. What you know for sure is that this is a kind of coverage where insurance companies have weighed the risk and decided that they can make money off of it.

As with all insurance, much depends on the circumstances of the damage, how much the consumer paid for protection and the specifics of what protection is offered.

section marker     studies

In the interim pointers to literature on the economics of information technology security and insurance are found elsewhere on this site.











   next page  (Australian law)

 

 


this site
the web

Google

 

version of September 2007
© Bruce Arnold 1997-2026
caslon.com.au | caslon analytics