There’s not much to laugh about when it comes to identity theft, but this might give you a giggle. In a great case of “serves them right,” wannabe hackers around the world are getting a tough lesson in the laws of the jungle.

A hacking group from Morocco going by the handle “Mr. Brain” has jumped into the growing market for hacking and phishing kits with an irresistible offer to help it get noticed by "customers." It’s offering its kits for free. But there’s a nasty twist. The kit is designed to send stolen information back to Mr. Brain and not to the hackers who buy the kit.

Click to read more ...

Just last month research firm Javelin Strategy & Research issued a press release with a list of what it believes are the key elements that would help create a security “dream card” that offers the maximum consumer protection available.

I thought they had some great ideas, even if nothing original. But it’s certainly a wish list that every bank and credit card issuer should study carefully, and included.

• Providing customers with the ability to restrict or allow certain types of transactions (e.g. cash advances, foreign transactions, card-not-present transactions).

• Using identifiers other than social security numbers for identity verification.

• Encouraging customers to protect their home computers with anti-virus software by encouraging banks to partner with security software vendors (e.g. Bank of America’s partnership with Symantec).

• Using a photo of account holder on card.

• Providing mobile device or email alerts of high-risk changes to accounts (e.g. replacement card sent out, PIN or password reset, change of physical address or email address).

• Notifying customers of new account set-ups. New accounts fraud is traditionally the most difficult for consumers to detect. Credit cards continue to be the most abused category of fraudulent new accounts.

• Instituting a comprehensive, up-to-date data breach resolution plan.

• Providing an identity fraud assistance team to help customers affected by fraud.

• Offering free identity fraud insurance.

According to the report only 24% of card issuers provide user-defined limits and/or prohibitions (UDLAPs) on cash advances, and more than half (56%) of top card issuers still require full nine-digit Social Security numbers when interacting with customers, whether by phone, Internet or mail.

I think Javelin has hit a home run with their recommendations, and combined could help to shut down most attempts at identity theft and fraud. Let’s see who’s listening.

A recent announcement by the Justice Department not only shed light on why so many thieves are attracted to stock "pump-and-dump" schemes, but why there's no shortage of suckers to help them make millions.

The Justice Department just announced guilty pleas from four scammers who made an estimated $20 billion by using fake news stories to promote heavily promoting a pretty worthless stock, then selling at a huge profit only to watch the stock free fall at the cost of innocent investors.

But this scam would not have worked if it weren't for two groups of greedy, or at best naive speculators.

In this scam, the thieves were able to trick a bunch of companies into believing that the scammers were in fact legitimate and credible experts who could help take these small businesses public. Although the Justice Department didn't name names, I'd be very interested to know who these business owners were and what steps they took to verify the credentials of the promoters.

And of course the other group of suckers are the thousands of greedy investors who know or should know that the information they're getting is not verifiable and is not credible. But of course many of these investors probably smelled a rat and hoped to sell on the up and not the down.

Another reminder that most cybercrimes and identity thefts would not succeed but for the apathy, stupidity, or greed of consumers.

An identity fraud survey soon to be published promises to show some valuable insight into the current state of identity theft, and the cost to victims.

According to an early preview identity frauds committed by thieves known to the victim usually cost the most - $1,949 in out-of-pocket expenses as a result of theft by friends and neighbors, a few hundred less for thefts by family members, and just $135 to thefts by employees.

And the reasons for the difference are nothing new - people close to us have greater access to our information and knowledge of our habits; they can hide their crimes better and longer; and we're less likely to prosecute and therefore recover costs.

A recent story by the Boston Globe highlighted how a painful case of identity theft can lead to years of even greater suffering because of seeming indifference to the plight of victims by the credit bureaus.

The story looked at the plight of two couples whose identity had either been stolen, mistaken, or manipulated - nobody seems quite sure. In both cases, the harassment of the victims by debt collectors was compounded by the indifference of the credit bureaus and the lack of any real action by law enforcement.

One victim discovered that he a home, a wife, and a pile of bills he never heard of, while another battled for six years to clear debts that were not his. In both cases the victims suffered through years of effort to clear their name, denied credit, and constant threats of legal action. Not to mention the humiliation of constantly being accused (even subtly) of being the thief and not the victim, and compounded by lack of interest and co-operation from the credit bureaus and law enforcement.

While the article focused mainly on the indifference of the credit bureaus and deby collectors to the plight of victims, it also highlights the real cost of identity theft to the victims. If you think that "zero liability" means that you have nothing to lose as a victim of identity theft, and that your bank or credit card companies will carry all the losses, then maybe these stories will change your mind.

The biggest costs to identity theft victims are rarely covered by banks or credit card companies - costs like endless legal battles, denied or even ruined credit, frustration at the indifference of law enforcement and incompetence of the credit bureaus, and the overal emotional impact of years of effort to undo someone else's wrongdoing.

Zero liability is little more than marketing spin by the financial industry to persuade consumers not to worry so much about identity theft. You should worry, a lot, or you could end up with a lot more to worry about.