We're Getting Too Blase About Identity Theft, Data Breaches

Retinal Scanning SoftwareKeywordsaccess, accessibility, adult, advancement, alone, anatomy, big brother, business, businessm

The world is a risky place, and it's getting riskier. According to a poll by The Travelers Cos. (TRV), 63 percent of American consumers (801 of them, age 18 to 69, were surveyed in July for this annual survey) say they believe the world is getting riskier.

Perhaps this isn't surprising, since it comes out of a study sponsored by an insurance company, which makes money by promising to take on people's "risks" in exchange for money. But here's something interesting: According to Travelers, one of the biggest risks people worry about these days isn't fire, flood,or earthquake -- but the loss of personal privacy, and the risk it may result in identity theft.

Of those polled by Travelers, 82 percent said they worry about loss of privacy. And 63 percent have at least some worry, and 23 percent worry a great deal about having their identities stolen. Twenty-seven percent see the risk of having their bank or other financial accounts hacked as being of great concern.

Curiouser and Curiouser

Numbers like these show that Americans have ID theft on their minds. And after high-profile data security breaches at retailers Target (TGT) and Home Depot (HD) and most recently at JPMorgan Chase (JPM), this, too, isn't surprising.

But here's something that is: The number of Americans who say they worry "a great deal" about identity theft in the wake of scandals like these -- 23 percent-- is down from the 31 percent who worried "a great deal" about ID theft last year.

What's more, despite American consumers' worries over ID theft, The Washington Post reports that September sales at Home Depot (which reported a data breach early last month) remain "in line with its previous expectations." The company also expects "4.8 percent sales growth for fiscal 2014, unchanged from its forecast before the discovery of the breach."

Similarly, after the Target data breach in December, a Bloomberg poll revealed that only about 7 percent of Target customers said they planned to spend less at Target this year, while 85 percent said they expect to shop about as much at Target this year as they did last year. And true to form, in last quarter's earnings, Target reported a 1.7 percent increase in sales.

Put it all together, and what do we get? Continued, high-profile breaches of consumers' data security worry consumers -- but they worry consumers less this year than last, despite the drumbeat of bad news. And what's more, consumers are still shopping -- indeed, they seem to be shopping more -- at the retailers who are the source of the bad news. But why?

Returning to the Scene of the Crime

One theory is that consumers see companies as "once burned, twice shy." They assume that after suffering one data breach, companies will take measures to avoid being hit by hackers again. (This theory may be overoptimistic. In fact, hackers sometimes go back to the targets of past hacks, revisiting banks such as Bank of America (BAC) and Citibank (C) again and again. Chase -- the subject of the latest big hack -- was also targeted by hackers as recently as June 2013).

Another possible answer: We've yet to see an article that say "Retailer X suffered a breach of 10 million consumer records on Monday, and consumers reported $100 million in fraudulent charges on Tuesday." In other words, the connection between breaches of privacy and financial harm to consumers isn't always clear-cut -- or isn't being publicized clearly.

And then there's complacency. After all, federal law limits liability of consumers for actions resulting from data theft to as little as $500 (for debit card fraud reported more than two days after the fact),or $50 (for promptly reported fraud), or less (indeed, many credit card companies will hold consumers entirely harmless for fraudulent charges). As a result, consumers may simply not feel much pain from data breaches.

Another reason for consumers worrying about data security, but not worrying too much, may be that we feel powerless to protect our personal information. After all, we don't control this information. The retailers, banks and other companies that have collected it from us do. If consumers are reacting to the rash of identity thefts by concluding, "There's nothing to be done about it, so why worry?", well, that would be understandable.

You Can Do Something

And yet, there are a few simple steps you can take to protect your identity. For example:

  • Strengthen your passwords. Do you still have online accounts "protected" by such passwords as "000000," "qwerty" or even "password"? Many people do. Easy-to-guess passwords just make data thieves' work easy, however. In combination with the kind of data they can steal from a retailer -- your name, home address, telephone number -- they make it even easier.

  • Change your passwords regularly. We've been told for years that we need to change our passwords more frequently. It takes time for a hacker to guess a password, after all. Each time you change yours, you reset the clock on a hacker's guesswork, potentially forcing him to start the guessing all over again, and making his job (of trying to rob you) a little harder.

  • Open your mail. The faster you report an unauthorized charge to your bank account or credit card, the lower your potential liability. So open those credit card and bank statements the day they arrive -- and if you've got online account access, and can check your account activity even more frequently, all the better.

  • Blame the victim. It's not just the results of Travelers' survey that show consumers may be worrying less about identity theft. Continued sales growth at Home Depot, Target and other retailers who've been hit by data hackers is sending the wrong message to companies. It's telling them that this continued raiding of our personal information -- which they have collected, often without our express consent, and which they are failing to adequately protect -- is OK with us.

The solution? Blame the victim. Stop patronizing stores that have suffered high-profile, massive identity-theft scandals. Maybe then, the rest of these companies will get the message and begin spending what they need to in order to keep our data secure.

Motley Fool contributor Rich Smith has no position in any stocks mentioned -- but The Motley Foolrecommends Bank of America and Home Depot, and it owns shares of Bank of America, Citigroup and JPMorgan Chase. To read about our favorite high-yielding dividend stocks for any investor, check out our free report.