A new workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) addresses various facets of how research companies measure identity theft. The report finds that disparities exist in the way that key terms are defined in statute versus in practice—terms such as identity theft, identity fraud, and data breach. This potentially causes confusion in the marketplace and creates impediments to fixing the underlying problems. The publication also reviews research studies and methodologies for studying identity theft and makes best practice recommendations for how research companies should measure and report on the issues.
The workshop report is freely available for download at http://webstore.ansi.org/identitytheft.
Administered by the American National Standards Institute (ANSI), the IDSP is a cross-sector initiative where the private and public sectors come together to discuss the voluntary standards and guidelines needed to fight identity theft and fraud. The IDSP convened this workshop because of a concern that controversies about research methodologies make it difficult to accurately measure how well the marketplace is doing in combating identity crime, posing a challenge to industry, law enforcement, and consumers.
Brian Zimmer, president of the Coalition for a Secure Driver’s License, led a group that compared how key identity theft and fraud terms are defined in statute and in research surveys. “We concluded that definitions vary depending upon the communities of interests and type of fraud involved,” said Zimmer. “Harmonizing terminology is a challenge because the various interests are not necessarily communicating with each other.” The group recommends that practitioners stay abreast of changes in the law and that definitions always be sourced. The report stops short of recommending the establishment of standard definitions across industries.
Rick Kam, president of ID Experts, led a team that catalogued 166 research studies on identity theft and data breach trends, identity theft protection services, and information security solutions. “Our group observed some contradictory results in research findings attributable to differences in terminology, research methodology, and even potential bias in research sponsorship,” said Kam. “We also noted a number of gaps in existing research such as the effects of identity theft versus identity fraud, breach correlation to identity theft, and the effectiveness of identity theft protection services and information security solutions.” The group offers some observations on what makes a study useful, such as disclosing research methodology, sources of funding, and potential limitations of the methodology, and clearly identifying the intended audience and the problem it is addressing.
James Van Dyke, founder and president of Javelin Strategy & Research, led a group examining methodologies. “Public findings of research do not always provide enough detail on the quality or appropriateness of methodology and definitions to encourage appropriate decision making,” said Van Dyke. “Our group recommends publication of a lexicon of significant terms and a methodology statement as a best practice when identity crime research is publicized or intended to shape public policy.” The group outlines specific elements that a methodology statement should include: the name of the research organization, sponsor and partners, target population, sample source / size, date research published, dates of data collection, time period being reported on, method of data collection, question formulation, a description of additional statistics methods used, and a statement regarding unknowns and impartiality.
The Identity Theft Prevention and Identity Management Standards Panel (IDSP) is a cross-sector coordinating body whose objective is to facilitate the timely development, promulgation, and use of voluntary consensus standards and guidelines that will equip and assist the private sector, government, and consumers in minimizing the scope and scale of identity theft and fraud. Sponsored by the American National Standards Institute (ANSI), the Panel’s sustaining partners are AT&T, IdentityTruth, and LexisNexis. For more information, visit www.ansi.org/idsp.
ANSI is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.
The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC), and is a U.S. representative to the International Accreditation Forum (IAF). ANSI currently has offices in New York City and Washington, DC. For more information about ANSI, see www.ansi.org.