Catch me if you can: How to prevent identity theft

Computerworld - Identity theft is the fastest-growing crime in the U.S. The Federal Trade Commission received about 86,000 consumer complaints regarding identity theft in 2002, by far the largest category (43%) of consumer complaint recorded. This represents a 500% growth rate in the past three years.
Today, the consumer is no longer the prime target. Just as in the physical world, where it is far more profitable for a thief to rob a bank or a store than to steal wallets one by one, it's much more profitable (and less risky) for thieves to break into databases that store thousands of consumer records than it is for them to employ the traditional methods of Dumpster-diving, stealing mail or pretext phone calling.
A case in point: the arrest in November 2002 of Phillip Cummings, a former employee of Teledata Communications, for allegedly stealing the personal information of about 30,000 individuals over three years (see story). As a help desk employee, Cummings was easily able to obtain access to Teledata's client companies' customer databases. He and an accomplice allegedly used legitimate passwords and user accounts to run credit reports on thousands of individuals and then sell their personal information to identity thieves, who used it to obtain loans, open new lines of credit and hijack bank accounts. Millions of dollars were stolen until several client organizations reported continued billing discrepancies that led to the discovery of the fraud.
Most identity theft precautions and warnings are aimed at the wrong targets. Although consumers are ultimately responsible for protecting themselves and their information, they lose direct control over that information at precisely the point when it becomes an attractive target for thieves. During an online transaction, the consumer hands direct control over to a merchant for the furtherance of that transaction. When it has been completed, the consumer's personal information becomes a data file, residing in the online organization's network. The consumer is now completely dependent on the organization to effectively maintain the security and confidentiality of that data.
Federally regulated industries have made some good progress in holding organizations responsible for the protection of personal consumer information. The financial services industry, in particular, has had some success with the Financial Services Modernization Act of 1999 (also known as the Gramm-Leach-Bliley Act). This act requires financial services organizations to maintain the privacy and confidentiality of their customers' personal data. Financial institutions directly regulated by banking agencies and credit-union authorities are further required to protect such data from theft, misuse and unauthorized alteration. These organizations are required