onsumers' personal and financial information, including their Social Security number, date of birth and credit card account number, have become more valuable, than any precious metal. Criminals steal the data by hacking databases, skimming credit cards, or even rummaging through the trash.

However, personal data theft and credit card fraud should not fall under the same moniker, according to the National Retail Federation (NRF) and ATM Industry Association (ATMIA).

As a result of a number of recent and much publicized data thefts, the largest so far being the 40 million credit card accounts compromised at CardSystems Solutions Inc., lawmakers are now taking a closer look at the problem. On July 21, 2005, a subcommittee of the House Committee on Financial Services held hearings to address consumer data security issues.

In testimony before the subcommittee, NRF Senior Vice President and General Counsel Mallory Duncan urged Congress to make a clear distinction between identity theft and credit card fraud.

"Much of what is commonly referred to as identity theft is ... relatively straightforward credit card fraud," Duncan said. He said credit card fraud occurs when a criminal gains access to a card number and uses it to make a fraudulent purchase. It's usually a one-time event.

Identity theft, on the other hand, occurs when someone steals an individual's personal data, such as their Social Security number and date of birth, and uses that information to commit fraudulent acts like opening credit and checking accounts or buying a car In the breach at CardSystems, for instance, only credit card account data were compromised, not cardholders' personal data.

ATMIA has also emphasized the distinction between the two types of fraud. In a recent press release, ATMIA's Global ATM Security Alliance, which monitors, prevents and solves problems relating to cross border ATM fraud, stated, "The information, which can be stolen during ATM fraud, such as PIN or card data, cannot be used to carry out and complete identity theft, for example, by opening up new accounts in the victim's name."

We stand corrected.