Next time you hack into a commercial enterprise’s database, with a view to stealing credit card information, steer clear of those records belonging to state prosecutors.

ID theft targets seem to be getting a clue. How could they not? Every financial institution is putting warnings on their websites about scams, and how to determine and protect against them. Getting the word out always works.

It seems, however, that the well-to-do aren’t doing online banking or brokerage, or just don’t listen like the minions. ID thieves are finding fewer victims, but are getting better rakes from the ones they do hit.

NewsFactor has a laundry list of action items to protect against online ID theft. I’d say you can read the subheader and get the gist:

Ultimately, while technology can help protect you, the fight against identity theft must be fought with common sense, informed caution, and a solid understanding of what you are up against.

For those with no common sense, you can: avoid clicks on strange email links, use Firefox, buy lots of anti-virus and anti-spyware software, periodically get your credit report, etc.

The word out of the California AG’s Office is to be wary of phishing emails, as your identity may be stolen as a result.

So, what should the everyday citizens of California do about the stolen laptops full of their data, the banks losing the stuff off the backs of UPS trucks, or the data brokers who willingly give it to scammers?

Don’t ask me.

If the ecommerce site you frequent suddenly announces their database was cracked, and thieves took off with you credit card information, you can keep the warm fuzzies because you are not alone. Huh?

Bruce Schneier suggests that way too many pieces of identifying information are being stolen already, and the chances of you actually getting hit with a financial fraud are about 1 in 1000.

I am not going to argue with Bruce on the point - he is a better at math than I’ll ever be. But it does tell me this:

1) Once you get notice of such a breach, taking quick action by changing account numbers should reduce your chances to 0 in 1000;

2) Notices of such breaches when they happen, not weeks or months later, should be the law of the land; and

3) If you Social Security number is snatched, government bureaucracy assures that there is nothing you can do. Sorry.

Identity theft is being called easy and lucrative. Organized crime is naturally getting in on the game - if hackers and script kiddies can do it, why can’t they. They supposedly control the garbage pickup business, so why not - sift through the stuff for credit card statements at a secure location, eh?

Then again, maybe they are employing computerized means - they made the latest tech agenda setters list, for goodness sakes.

Privacy advocates don’t like personal data warehouse businesses (like credit reporting agencies) to begin with. I believe that if it was up to them, there would be no data, and of course our consumer spending-based economy would grind to a halt. But the companies in question have fallen victim to a lot of data theft as of late (think Choicepoint, Bank of America), and the hows and whens of notifying the end consumer who is the subject of all that data is rearing its ugly head again.

I think quick notification must be the protocol, but I do not think that we need consumers running around suing companies for their ID theft - the two just don’t fit together. The average consumer barely knows what data is actually gathered on them to begin with. If you notify them of a breach, they are going to start suing for ridiculous sums, even if no damage is done. And, as things go with lawsuits, the only ones who stand to benefit are the attorneys in the middle.

Let legislate this issue straight, with some simple, common sense protocols which put the onus of notification and reparation on the data reporting agency, but not lock them down so far that consumer data can’t flow easily enough for me to get that Mercedes lease (not).

Many assume that identity theft (or whatever you would like to call it) is solely a product of our burgeoning internet use. While living in the information age has its pitfalls, we have seen by the recent burst of data theft cases that internet usage is often NOT the culprit.

Unfortunately, the least publicized piece of the ID theft story is what actually happens to that data once it goes astray. I think the public’s understanding of that point would lead them to keep a more watchful eye for suspicious activity. Fortunately, I dug something up for you.

Instead of wonder-geeks with artificial intelligence capable laptops, sitting in an exotic locale, hacking away at your life, what this this piece from The Redlands Daily Facts put together is something much more along the lines of what I imagined:

- Transient drug addicts, lugging bank boxes full of documents from one seedy motel to another;

- Makeshift ID card manufacturing lines that can fit into the trunk of a small car;

- Equipment readily available on eBay, purchased while sitting in coffee shops offering free wireless access;

- And lets not forget the ever-present dumpster divers, stealing your trash and turning it into gold.

I think these are the types of stories the press should be carrying - stories about how ID theft is closer to you than you think. Staying off the internet is not going to stop you from becoming a victim. If you think that is the answer, it is easy to do. Then once you get complacent about securing your home, your wallet, and even your garbage, that is when you name and address will wind up next to someone else’s picture.

The US Government is starting to put their foot down on the incidents of ID theft. Everyone is becoming aware of the fact that ID theft is not an isolated purvey of email phishers, so US regulators are asking financial institutions to develop appropriate notification measures (for their customers, that is).

ID theft results in losses that number in the tens of billions per year, and growing fast. I have seen numerous announcements at bank sites, warning customers of what to and not to do when utlizing online services. But the notification issue is a good additional step, if done right.

California has a notification rule, but gives institutions several weeks leeway before having to take action. Spamroll can’t say it enough…a couple of weeks is a crime in itself! Customers who may fall victim to ID theft, at the hands of lax security protocols inside an organization trusted with their personal information, need to be notified yesterday! (read Drug dealing is big business…so is Phishing and Spamroll: Data Stolen from UC Berkeley, again, if you still don’t get what I am saying).

Some say that data is already regulated, and safeguards are in place. Not quite true. Section 607 of the Fair Credit Reporting Act does provide impetus for those in possession of personal data to properly handle it, but seems a little outdated for our fast paced, picobyte level world. Section 607 is just a few paragraphs, for goodness sakes.

What I am exceptionally curious about is whether regulators will put their money where their mouth is, or simply their foot. Asking financial institutions to make “some changes” is a far cry from requiring the implementation of strict guidelines. With billions upon billions at stake, you would think financial institutions would accept this as a foregone conclusion, but you never know.

Read the whole story over at IT-Analysis: Identity Theft - U.S. banking regulators take action.

Three cheers to Ovid. Ovid, Ovid, Ovid. You have to love a guy who shows the world just how stupid credit card thieves can be, even if you don’t know him. Read: Don’t fuck with Ovid — the long version.

Then do the Ovid cheer once more.