Late last month, four servers containing names, addresses, and Social Security numbers of thousands of Wells Fargo & Co. mortgage and student-loan customers were stolen from an Atlanta company that prints loan statements. There's no indication the information has been misused, the bank says, but it's advising affected customers to monitor their accounts for suspicious activity. It's also offering a free one-year credit-protection program and has established a toll-free hotline.

The incident was the latest reminder of how pervasive the threat of identity theft has become, as well as how much of a risk it is for banks and credit-card issuers and their customers. According to the Federal Trade Commission, 9.9 million Americans were identity-theft victims last year. Of those, 6.6 million reported fraudulent use of existing accounts while more than 3 million reported new accounts opened in their names. That cost businesses $48 billion and consumers $5 billion in economic losses.

Mounting concerns over stolen identities are prompting banks to review account-access policies and implement sophisticated fraud-detection systems. Banks have unleashed a panoply of technology against the problem, such as pattern-recognition software to flag suspicious transactions or new accounts. They're also requiring customers at times to verify online credit-card purchases with IDs and passwords, equipping customers with anti-spam software to thwart phishing, and setting up shared databases for reporting and exchanging information about ID crimes. One London bank recently began using pattern-recognition software that monitors its E-mail system to spot phishing attacks and alerts Scotland Yard's Criminal Investigation Division when it does, according to Autonomy Corp., which supplied the application.

But do banks really have a handle on the problem? A study released last week by Unisys Corp. found disparities between the way consumers see their bank's role in preventing ID theft and the way the banks themselves view it. A majority of consumers (84%) say their banks are doing all they can to prevent ID theft. But branch reps tell a different story: 15% say their banks don't do anything special, and 62% say any bank employee can access customer data.

Banks are trying to thwart ID thieves with two main tools: consumer education and IT. Using statement mailings and alerts on their Web sites and at branches, banks have stepped up warnings not to divulge sensitive information over the phone and in E-mail. The issue is one of personal accountability, says Larry Brown, senior VP and head of risk management at Citizens First Bank. "It means not giving out confidential information to an untrusted party," he says. The problem "will get worse until we do a better job of educating customers," he adds.

Some banks are working directly with security-software vendors such as McAfee Inc. and Symantec Corp. to improve customer security. BMO Financial, formerly the Bank of Montreal, is considering funding a program to give online banking customers tools to scan their PCs for malicious code, says Vivek Khindria, senior manager of security practices and technology information security.

Some banks promote their anti-ID theft strategy as a competitive advantage. Earlier this year, Washington Mutual Inc. began offering customers a service to monitor credit accounts called ID Theft Inspect and another to provide credit-report alerts for identity-theft victims.

But banks tend to be secretive about specific security technologies they've deployed behind their walls. To prevent employees from stealing data, ATB Financial, an Edmonton, Alberta, bank, is considering using a mix of passwords, personal-ID numbers, and encryption devices such as key fobs for its employees. "The challenge then is to make sure those authorization methods can't be compromised," says Ken Casey, senior VP and head of retail banking. The main challenges of access control are making sure lists of authorized users are up to date and setting up a hierarchy of security levels, Casey says.