t the Electronic Transactions Association's (ETA) Annual Meeting and Expo in Las Vegas in March, in meeting with potential customers and current clients, Integrity Bankcard Consultants Inc. found that identity theft and consumer privacy were hot topics.

Following ETA, recent headlines included:

• In Chico, Calif., hackers accessed the personal information of 59,000 people affiliated with the California State University.
• Retail Ventures Inc., operator of DSW Inc. shoe stores, reported the theft of consumer credit card data at more than 100 of its stores, mainly over the last three months.
• LexisNexis admitted that hackers gained access to personal information of 32,000 of its customers.
• A computer virus is diverting Internet banking customers to fake Web sites run by criminals trying to steal personal information and funds.

The Federal Trade Commission (FTC) considers identity theft the nation's fastest-growing crime, and along with the Better Business Bureau, has estimated that 9.9 million American consumers fall victim to identity theft each year.

In most cases, victims don't end up paying for the identity theft transactions that occur. In 2002, identity theft crimes cost businesses $47.6 billion and consumers $5 billion, according to FTC estimates.

Often the true victims of identity theft are you, ISOs and merchant level salespeople (MLSs), and your merchant customers because of chargebacks that occur from the compromised accounts. Read my recent article, "Identity Theft and the ISO/MLS" (The Green Sheet, Mar. 14, 2005, issue 05:03:01) to see how to protect yourself from losses caused by identity theft.

Another area in which to use caution in operations is privacy. Vision I Properties LLC, doing business as CartManager International, recently settled with the FTC over charges that it "rented" personal information about merchants' customers to marketing organizations, while knowing that this contradicted merchants' privacy policies.

The FTC alleges that CartManager failed to adequately inform consumers or merchants that it collected and rented information and that CartManager did this, knowing that renting data was contrary to many merchants' privacy policies.

CartManager provides shopping cart software to online merchants, who then brand shopping cart and check out pages on their sites to look like their own. However, the pages are actually located on CartManager's site. Here, consumers enter personal information including their name, address, phone number, e-mail, and credit card account information and CartManager collects and compiles this data.

According to the FTC, some of the merchants working with CartManager made pledges to customers such as "'PRIVACY POLICY: It's simple. We don't sell, trade or lend any information on our customers or visitors to anyone.'" CartManager collected and rented personal data of nearly 1 million consumers who shopped at its merchant sites.

The company's settlement with the FTC prohibits use of personal data it collected as well as future misrepresentations about the collection, use or disclosure of personally identifiable information.

The settlement also requires that CartManager ensure consumers receive "clear and conspicuous notice" before disclosing any personal information to other companies for marketing purposes.

"A service provider cannot secretly collect and rent consumers' personal information, contrary to a merchant's privacy policy," said Lydia Parnes, Acting Director of the FTC's Bureau of Consumer Protection in a statement. "At the same time, merchants have an obligation to know what their service providers are doing with consumers' personal information."

For more information about the case, visit www.ftc.gov/os/caselist/0423068/0423068.htm for "In the Matter of Vision I Properties, LLC, doing business as CartManager International, File No. 042 3068, March 10, 2005."

As ISOs/MLSs, review your operations for potential privacy concerns, especially if you disclose any information about your merchant customers to a third party.

David H. Press is Principal and President of Integrity Bankcard Consultants. Phone him at 630-637-4010, e-mail dhp@integritybankcard.net or visit www.integritybankcard.net .