When Los Angeles money manager Frank Troise discovered that one of his credit card numbers had been stolen electronically from an ATM machine in Hollywood, he decided to take action into his own hands.

Troise, the principal of money management firm Soho Capital LLC, initially tried to galvanize politicians in Sacramento to sponsor legislation with stiffer penalties for identity theft crimes. He even called on his own customers executives at major banks in California to find out what internal procedures were in place to protect consumers from identity thieves.

"No one would listen," said Troise. "Everyone told me that politically, identity theft was a non-starter for both Republicans and Democrats." The conservatives like the stiff penalties for the perpetrators, but don't want any liability assigned to the financial institutions, a provision liberals insist upon.

Undeterred, Troise decided to take his campaign against identity theft directly to the public. Earlier this year, he launched a ballot initiative over the Internet Stop Identity Theft in California that would make identity theft a felony, punishable with up to five years in prison and fines of $1,000 for each victim. He has 125,000 of the 500,000 signatures of 500,000 registered voters he needs to qualify for the November ballot. His deadline is June 12.

Though California has been on the forefront of legislation to combat identity theft, many privacy advocates believe banks and data companies are standing in the way of laws that would increase regulations on data providers. Consumer advocates say stiff penalties against identity theft won't deter crime and will lead to overcrowding of prisons.

Some legislators are trying to strike a middle ground by limiting the dissemination of personal data without targeting financial services firms directly.

Last week, the state Senate passed a bill sponsored by Sen. Debra Bowen (D-Redondo Beach) that requires retailers to remove credit card and bank account numbers from credit card receipts at stores and banks. The bill heads to the Assembly next month.

"In this day and age, there's no reason why retailers or banks need to print credit card numbers on the receipts they keep after a sale," said Bowen, who has authored several bills on identity theft. "The fewer places that a person's sensitive financial information appears in print, the more we reduce the odds that they'll become the state's next identity theft victim."

National problem
Identity theft became a major issue last year after a nonprofit consumer group in San Diego, Privacy Rights Clearinghouse, disclosed that ChoicePoint Inc., a Georgia data broker, had sold consumer data to scam artists.

Nationally, more than 160 security breaches have occurred in the U.S. since February 2005, affecting some 55 million accounts, according to Privacy Rights Clearinghouse. The breaches included more than 40 cases of stolen or missing computers or laptops. The Federal Trade Commission has found that 40 percent of its 685,000 fraud complaints last year involved identity theft.

Those cases, along with highly publicized security breaches at LexisNexis and Bank of America prodded Congress to begin work on a nationwide notification law, and there are presently seven different identity theft measures pending before various House committees.

Tena Friery,cq research director at Privacy Rights Clearinghouse, said stronger measures are needed to monitor data providers. Though California passed the first law in 2003 requiring that companies notify their customers of any security breach of computer data, there is no law that addresses the issue of legal liability, even in cases of accidental disclosure of personal records.

"Lax business practices are a significant contributor to identity theft," said Friery. "When data breaches started becoming known last year, companies really backed down on limiting their notice to California residents."

Financial and data firms tend to be reluctant to divulge or even discuss identity theft and breaches, because they are embarrassing and could potentially involve liability. Representatives of Bank of America and Washington Mutual both declined comment for this article.

Many state laws contain "freeze" provisions that would allow consumers to stop the release of their credit information without their consent. But banks, auto dealers and credit agencies have opposed such measures, claiming they would hurt sales by delaying the release of credit information.

Burgeoning crime
Troise first discovered his credit card number had been stolen when he found $5,000 in charges from a Williams-Sonoma store in Pasadena, nearly 100 miles from where he lives. Police charged a woman who was caught on the store's videotape using his credit card. But an investigation later found that his credit card number had been uploaded electronically from an ATM kiosk that was linked to organized crime. His card was replicated and sold on a burgeoning secondary market. It took two years for Troise to get his credit report cleaned up.

"If someone steals your credit card and your Social Security card from your wallet, that's a felony," said Troise. "But if they are able to get that information electronically, then it's a misdemeanor. The crimes are the same they're stealing but the penalties are different."

For reprint and licensing requests for this article, CLICK HERE.