By Vinita M. RamaswamyOCTOBER 2006 - Identity theft is the fastest-growing crime in the United States. It affects 13.3 persons per minute, 799 per hour, or 19,178 per day. It is financially and emotionally devastating for the victims, who face a long, hard struggle to regain their credit history even as they deal with a frightening sense of vulnerability and invasion. Less than 5% of complaints are prosecuted, however, despite the fact that identity theft is number one on the Federal Trade Commission’s (FTC) list of fraud-related crimes (43% of all reported crimes). Unfortunately, victims are not the only ones who pay the price. Society as a whole incurs additional costs in the form of higher interest rates and fees, higher prices, and increased security risks.
Identity theft has proliferated, but it has not received the attention it needs. Ambiguous delineation of responsibilities among law-enforcement agencies, lack of interest in prosecution, uninformed consumers, and easy availability of confidential information make identity theft relatively effortless. Controlling the problem requires a concerted effort on the part of the federal government, law-enforcement officials, businesses, and consumers to educate the public, take precautionary measures that reduce the possibility of theft, follow the money trail to identify and prosecute thieves, and encourage early reporting of theft so that losses are minimized.
What Is Identity Theft?
According to the FTC, identity theft occurs when personal information is used, without an individual’s permission, to commit fraud. According to the FTC’s report “National and State Trends in Fraud and Identity Theft, January–December 2004,” credit card fraud was the most common complaint, followed by phone or utilities fraud, bank fraud, and employment fraud. Other annual identity theft statistics from the FTC survey include:
The successful identity thief needs personal and confidential information such as credit card numbers and CW2 security numbers (on the back of credit cards), driver’s license numbers, ATM cards, telephone calling cards, mortgage details, birthdates, and PINs. The thief can then use this information to conduct a wide range of criminal activities, ranging from applying for false loans and mortgages to using phone cards and charging on credit cards.
According to the Identity Theft Resource Center (idtheftcenter.org), there are four types of identity theft:
Obtaining confidential information can be a simple matter:
As technology proliferates and more people use the Internet to conduct business, identity thieves have adapted, with cyber-theft now a common occurrence. An article in BusinessWeek (May 30, 2005) discussed how thieves steal information:
Although conventional wisdom would indicate that high-tech users are the main culprits of identity theft, statistics show otherwise. Obtaining personal information is relatively simple. Many people tend to be neglectful, carelessly throwing away credit card receipts or paycheck stubs—seemingly harmless pieces of paper that have a wealth of information, including names, addresses, signatures (credit card receipts), and SSNs. A study by the California-based consulting firm Javelin Strategy and Research found that 26% of the fraud victims knew the identity thief, while 29% of the victims had had their wallets or credit cards stolen.
Whatever the method used, the victim still faces big losses and hours of painstaking work to bring life back to normal. Knowing that a few simple precautions can ensure the safety of personal information is very important.
Minimizing the Risk of Identity Theft
A person’s identity is usually made up of pieces of information such as name, address, SSN, mother’s maiden name, PIN, date of birth, bank account number, and credit card number. An identity thief looks for these pieces of information, then links them together to commit a crime. While safeguards from identity theft and punishments for the crime continue to increase, all consumers are responsible for protecting themselves. Because research shows that most identity thieves take advantage of negligence and easily available information, a few simple steps can minimize these risks:
Finding the Identity Thief
Often a bank, the police or other authorities, or an identity-theft victim may hire a fraud examiner/forensic accountant to help find the cybercriminal and to provide evidence for conviction. When a forensic accountant is retained for such a job, an important first step is to obtain a fraud/forgery affidavit from the victim. According to Peter Donnelly (“ID Theft: Hunting Down and Nabbing the Thieves,” cfenet.com, Fraud Articles July/August 2004), this affidavit should state that the victim had no knowledge of the crime and did not give permission to use his credit card or to open bank accounts.
In case of fraudulent bank accounts or credit cards, the originals or best copies of checks, sales drafts, account applications, and delivery receipts can be used as evidence. If wire transfers were involved, copies of the sending and receiving reports, as well as a current transactions report, and a suspicious activity report (SAR) are also helpful. Many of these transactions are confidential, but if a bank reports the crime or is itself the victim of a crime, the federal Right to Financial Privacy Act does not apply.
In case of credit card applications, discrepancies in the information provided, such as employment history, salaries, addresses, area codes, zip codes, driver’s license numbers, and SSNs, can be used to demonstrate fraud. The places and times that charges were made to the credit card are significant, as are the items purchased. Some stores, especially gas stations, may have video surveillance tapes.
If the suspects are receiving fraudulent checks, credit cards, or merchandise by mail, postal authorities may be helpful in identifying the imposter. Careful analysis of the mail cover may reveal the real name and address of the suspect. If a P.O. box is being used, the postal inspector or the owner of the private mailbox can provide the name of the renter. Additionally, the forensic accountant can go Dumpster diving to see if any valid evidence has been thrown away.
Property tax records, rental agreements, and other evidence of occupation or ownership can link the suspect to the activities of receiving fraudulent checks or stolen property. Publicly available databases, as well as government databases, can be used to check the driver’s license numbers and the SSNs. Finally, other investigative techniques, such as surveillance, fingerprints, and DNA evidence, can also be used to build a solid case against the suspect.
Law-enforcement agencies at the federal, state, and local levels work hard to find identity thieves and to prosecute them to the fullest extent of the law. The U.S. Department of Justice uses federal statutes covering computer, mail, wire, financial institution, and credit card fraud to prosecute cases of identity theft. The Identity Theft and Assumption Deterrence Act of 1998 made identity theft a federal offense and increased the role of the FTC to develop the nation’s central database of identity theft complaints. The President signed the Identity Theft Penalty Enhancement Act in 2004 to increase the penalties for serious identity theft and increase the deterrence for future crimes.
What Identity-Theft Victims Can Do
Identity theft happens fast and silently, but the damage inflicted can be enormous. Many victims are unaware that criminal activities are being carried out using their personal information. Awareness of an imposter usually comes in the form of an unpleasant surprise when a collection agency or a bank calls about an unknown bill or loan. In some cases, a victim becomes the focus of a police investigation after his name is used to commit crimes. Warning signs that private information might be compromised include the following:
Once it becomes obvious that identity theft has taken place, the FTC advises victims to act quickly and assertively.
Contact law-enforcement agencies. The fraud should be reported to the local police or sheriff’s department, which will then fill out an identity-theft report. The victim must obtain a copy of this report because it may be required by credit rating agencies, credit card companies, and banks.
Place a fraud alert. Report the fraud immediately to the fraud department of the three main credit-reporting bureaus. (See the Sidebar.) The bureaus must be requested to place a fraud alert on the victim’s credit report. Initially, a fraud alert may be placed for 90 days. The alert may be extended for seven years (this requires a copy of the police report).
Monitor credit reports. Once the fraud alert has been placed, the credit bureau will mail a copy of the credit report to the victim. These credit reports must be carefully checked, and unauthorized transactions should be noted. Continuous monitoring of the credit report is necessary to ensure that no new transactions have taken place without proper authorization. In some states, a “security freeze” may be requested; this prevents anyone from accessing credit files without express permission from the owner.
New or existing accounts. If a credit report shows that new accounts have been opened without the knowledge of the lawful owner, or that fraudulent activities have been conducted using existing accounts, creditors must be contacted by phone and in writing. The Fair Credit Reporting Act has been amended to allow a victim to prevent businesses from reporting fraudulent accounts to credit bureaus.
Debt collectors. The name of the collection company, account representative, phone number, and address should be recorded. Verbal and written communications are necessary to report the fraud to collection agencies. A written statement must be requested from the collection agency stating that the victim is no longer responsible for the debt.
Banks. The bank must be informed of any fraudulent accounts or fraudulent activities in an existing account. A security alert must be placed on the account, outstanding checks must have a “stop payment” order placed on them, and existing accounts must be canceled and new ones opened with new passwords and security codes. The bank must file a report with ChexSystems, a consumer-reporting agency that compiles reports on checking accounts. If an ATM card or debit card was stolen, it must be reported immediately. New cards with new passwords must be acquired and monitored carefully. The victim may still be responsible for a fraud if the report is not filed immediately.
Telephone. Identity thieves can open new wireless, local, and long-distance service accounts in a victim’s name. The local telephone company must be contacted, in writing and by phone, for its fraud policy.
Student loans. If an identity thief has obtained a student loan in a victim’s name, it must be reported, in writing, to the school that opened the loan, along with a request that the account be closed. This information should also be reported to the U.S. Department of Education.
Report to the FTC. The identity theft must be reported to the FTC as soon as possible, along with the police report number. The FTC makes this information widely available to investigators.
Other issues. The Social Security Administration must be notified in case a victim’s SSN was illegally used. (Sometimes a new SSN may be necessary.) In addition, U.S. Passport Services and the local department of motor vehicles, if a driver’s license was involved, should be notified. The U.S. Secret Service may become involved if the dollar amount is high, or if a fraud ring is involved.
Court cases. If an imposter engages in criminal activities that result in a court indictment, the services of a lawyer may be required. The court with jurisdiction over the case must be informed, as well as the district attorney handling the case. A copy of the police report would be useful in this case.
Above all, the FTC advises victims to maintain good records of all transactions and complaints, including phone logs and copies of communications. The FTC also recommends that victims do not pay any bills that are a result of the fraud. If the business or the debt collector aggressively pursues the case, a willingness to cooperate should be reiterated, and government regulators informed immediately.
Useful websites providing information on consumer and victims rights include www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm and www.consumer.gov/idtheft/.
Vinita M. Ramaswamy, PhD, is an associate professor at the University of St. Thomas, Houston, Texas.