A study released Tuesday by Unisys Corp. reveals a startling contrast between what consumers believe their banks are doing to prevent identity theft and what the banks say they're doing. The study included a survey of consumers and a "mystery shopper" survey of approximately 300 bank branch personnel among the 100 largest U.S. banks.

Most consumers (84%) say their banks are doing all they can to prevent ID theft. Nearly two-thirds say they believe it's possible for banks to prevent fraud before it occurs, and three-quarters say it's the bank's responsibility to do so.

But branch banking reps tell a different story. Sixty-nine percent say their banks require customers to initiate a request to freeze an account because of suspicious activity. Only 22% say their bank immediately flags or freezes an account, and 20% say their bank will freeze or close all accounts a customer has after one has been compromised. Although 80% of bank branch reps say their bank monitors accounts for fraud, only 14% say there's a dedicated department for monitoring fraud.

The research suggests a porous ID system that's vulnerable to attack from inside and outside. For example, Social Security numbers remain the most common password, in use at half the largest financial institutions. And 62% of branch personnel say that any employee of the bank can access customer information.

Phishing attacks, despite garnering headlines and being the focus of industrywide prevention efforts, are still not on the radar screens at many financial institutions. Only 8% of branch reps are aware whether their bank has been subjected to phishing attacks, and only 11% warn customers never to give out personal information over the phone or in an E-mail.

Identity theft is on the upswing as scammers continually devise new ways to trick consumers into giving out personal ID information. The Federal Trade Commission recorded 215,000 cases of ID theft in 2003, up from 162,000 in 2002. As many as 27.3 million Americans have fallen victim to ID theft over the past five years.