(Of course, this isn’t a phenomenon that’s limited to the Internet. Often, when you buy things in bricks-and-mortar stores, there’s more
information-sharing
going on than you ever realize.) Not all online information sharing is bad. Some goes to positive use: Companies take information of your purchases and create a profile and then develop
cus-tomized pitches to your needs and wants
. Many people like those campaigns.
On the other hand, when it’s shared and sliced and diced by people you don’t know and you don’t understand how they’re going to use it, it’s very discomforting.
The thing to remember is that Internet security is
oriented toward convenience, not protecting the information.
9 7
T H E M E C H A N I C S O F I D T H E F T
In his May 2001 congressional testimony, Bruce Townsend, Special Agent in Charge of Financial Crimes Division, United States Secret Service, said: Information collection has become a common byproduct of the newly emerging e-commerce. Internet purchases, credit card sales and other forms of electronic transactions are being captured, stored and analyzed by entrepreneurs intent on increasing their market share. The result is a growing business sector for promoting the buying and selling of personal information.
With the advent of the Internet, companies have been created for the sole purpose of
data mining, data
warehousing and brokering
of this information.
These companies collect a wealth of information about consumers, including information as confidential as their medical histories.
The Internet provides the anonymity that criminals
desire. In the past, fraud schemes required false
identification documents, and necessitated a “face
to face” exchange of information and identity verification. Now with just a laptop and a modem,
criminals are capable of perpetrating a variety of
financial crimes without identity documents through
the use of stolen personal information.
In an investigation conducted in April 2001, Secret Service Agents from the Lexington, Kentucky, Resident Office, along with their local law enforcement
9 8
C H A P T E R 4
partners from the Richmond, Kentucky, Police Department, arrested a suspect who was operating an online auction selling
counterfeit sports memora-bilia
. During this investigation, it was learned that the suspect had fraudulently opened a number of credit card accounts utilizing the personal information of individuals who had participated in his auction on the Internet.
F A K E I R S F O R M S
In 2001 and 2002, a scheme appeared throughout the U.S. that used fictitious bank correspondence and bogus IRS forms to mislead taxpayers into disclosing their personal and banking data. The information was then used to steal the taxpayers’ identities and bank account balances.
In the scam, the taxpayer receives a letter, purport-edly from his or her bank, stating that the
bank is
updating its records
to exempt the taxpayer from reporting interest or having tax withheld on interest paid on the taxpayer’s bank accounts or other financial dealings. According to the letter, anyone who does not file an enclosed form is subject to 31 percent withholding on the interest paid.
The bank correspondence encloses a form allegedly from the IRS and seeks detailed financial and personal data. Recipients are urged to fax the completed forms within seven days. Once they get the information, the scheme’s promoters use the information to
impersonate the taxpayer and gain access
to his or her finances.
9 9
T H E M E C H A N I C S O F I D T H E F T
One such form is labeled W-9095, Application Form for Certificate Status/Ownership for Withholding Tax.
This form requests personal information frequently used to prove identity, including passport numbers and mothers’ maiden names. It also asks for data such as bank account numbers, passwords and PIN numbers needed for access to the accounts.
This form is meant to mimic the genuine Form W-9.
However, the only personal information that a genuine W-9 requests is the taxpayer’s name, address
and Social Security number or employer identification number.
Other fictitious forms include
Form W-8BEN
. In contrast to the legitimate W-8BEN, the fictitious one has been altered to ask for personal information much like the W-9095. Also used is a form labeled
W-8888
.
The requested information in the fake form goes far beyond what anything anyone would wisely want to volunteer to strangers: a passport number, mother’s maiden name, account numbers and names, dates they were opened and date of the last transaction.
Legitimate IRS forms generally have an IRS processing center address on them as well as the IRS phone
number. Beyond that, the IRS doesn’t ask for things
like your bank passwords or insist that you fax things
in to them.
100
C H A P T E R 4
Any such request should be a red flag
.
M E D I C A L I D T H E F T
Taking advantage of e-commerce and insufficient safeguards on patient and physician information in hospitals and clinics, crooks have come up with sophisticated schemes to
steal physician identities
and walk off with millions of dollars.
In California, an ID theft crew allegedly defrauded the state’s Medicaid program of $3.9 million by using physicians’ stolen identities to order bogus tests—and then billing both Medicare and Medicaid for the tests.
Identity theft is a particular problem for MediCal, California’s Medicaid program. Medicare is harder to defraud because the insurance forms go out to the recipients. But Medicaid doesn’t send out notices of what claims are being submitted, so there’s
no paper
trail
to track down criminals.
Physician identities are accessible from sources such
as a state medical board’s Web site, local physician
directories or the Yellow Pages.
Physician names, as well as copies of medical licenses and office addresses, also can be stolen from hospital personnel files. The criminals submit the documents to the state health department to obtain Medicaid provider numbers and then tell the state Medicaid program that the physician has a new address and request payment at that address. If the physician
101
T H E M E C H A N I C S O F I D T H E F T
doesn’t have a Medicaid provider number, crooks will use the stolen identities to file for one.
Another tactic involves stealing the names, Social Security numbers or identification numbers of Medicaid and Medicare beneficiaries. Both patient information and physician information are necessary to bill the programs.
Once armed with the physician’s name and provider numbers, as well as stolen patient information, criminals can
submit bogus claims to Medicaid or
Medicare
.
The reimbursement checks are either mailed to the clinics, labs or post office box addresses, or directly deposited to bank accounts opened under the physicians’ stolen identities. The crooks then forge the physicians’ signatures on the checks that the state sends them.
This type of fraud can go on for years, until the physician gets a call from the Internal Revenue Service, asking why she didn’t pay taxes on $400,000 of income received from Medicaid. Neither Medicaid nor the physician knew what was going on.
In early August 2002, a claims entry operator for Wisconsin Physicians Service was charged with identity theft after he allegedly supplied personal information of WPS clients to a Milwaukee man who used it to apply for credit cards.
Mario L. Mason, who worked for WPS subsidiary Tricare health insurance, allegedly took names and personal data from claims he processed for Tricare
102
C H A P T E R 4
and gave them to Milwaukee resident Marques J.
Kincaid, who used the information to fill out credit card applications on the Internet.
Mason and Kincaid were each charged with identity theft. According to a criminal complaint, they had become acquainted while serving time in the Dane County Jail several months earlier. Kincaid used the name and personal information of an Arlington, Texas, man to obtain a credit card that he used to obtain cash advances of more than $8,000.
Why Tricare didn’t run a background check on Mason—the employee who had access to so much personal financial information—remained an unan-swered question.
Federal law enforcement agencies are particularly aware of medical ID theft issues. The
Department
of Health and Human Services
, cooperating with the FBI, uses a sophisticated
software data mining
tool
to analyze all claims submitted by medical providers and pharmacies and compare them against member enrollment data and other information.
Unusual billing practices are targeted for an in-depth audit or investigation.
Such schemes include: submitting altered medical
bills; billing for services never received; doctor-shopping to obtain multiple prescriptions for controlled substances; and stealing a physician’s pre-103
T H E M E C H A N I C S O F I D T H E F T
scriptions pad and submitting forged prescriptions
for controlled substances to pharmacists.
The software data mining tool helped the FBI build a case against Richard J. Farina and his business, Pennsylvania-based Inner Health Lifestyle Center.
Farina and Inner Health each pled guilty to two federal felony counts of health care fraud for submitting fraudulent bills to the local Blue Cross and its subsidiary, Keystone Health Plan East. The bills claimed that Farina had provided patients with chiropractic services, when they actually had received weight loss and exercise treatments.
The data mining software tool determined that Farina and his business had submitted claims that
alleged he had rendered in excess of 49 hours of
care to patients on a given day.
Following their federal indictment and subsequent plea agreement, Farina and Inner Health were ordered to pay $109,000 restitution to the local Blue Cross. Inner Health was ordered to stop doing business; Farina was sentenced to
six months home confinement
, five years probation and forced to surrender his New Jersey and Pennsylvania chiropractic licenses for 10
years.
Other medical ID theft takes a simpler—and more vulgar—form than complex insurance scams. For
104
C H A P T E R 4
example: In September 2002, the wife of a California optometrist was facing criminal charges of stealing credit card numbers from her husband’s patient files and using them to order merchandise on the Internet.
Kim Yasuda, who did office work for her husband, had access to credit card numbers in the files of his patients. Authorities said she used credit card numbers belonging to three patients of her husband, Dr.
Jerry Yasuda. She was charged with three counts of identity theft, two counts of grand theft and one count of computer fraud.
Visalia police reports said Kim Yasuda ordered merchandise in her victims’ names over the Internet, then had the packages
delivered to the home of a neighbor who traveled a lot
. If the neighbor wasn’t home when a package arrived, she would pick it up.
The items the woman ordered showed a depress-ingly banal taste in ill-gotten goods. They included women’s and children’s clothes, Disney videos, items from
Amazon.com
and items from
www.statelinetack.com
, an Internet site selling horse-riding apparel.
C O N C L U S I O N
The mechanical details of ID theft change with circumstances, technology advances and the perverse creativity of crooks. But, in this chapter, we’ve dealt with the
basic building blocks
of most ID theft schemes:
•
Improper and illegal use of checks and credit cards;
105
T H E M E C H A N I C S O F I D T H E F T
•
Inattentiveness of
the victims; •
Trusted or insider status of someone involved in the scheme; •
Quick use
of the ill-gotten ID information; •
Smart ID thieves move around a lot; •
Bold ID thieves will contact banks and credit card companies to alter account information;
•
ID thieves are aggressive about
using
technology
; •
Internet and online merchants create exposure by emphasizing convenience; •
All merchants may share your information more than you realize; and •
Medical information
is an overlooked exposure.
106
C H A P T E R 5
5
IMMIGRATION,
TERRORISM, DRUGS
AND OTHER CRIMES
Identity theft has long been a side effect of other, more ambitious crimes. Dapper con men may use fake IDs; but so do violent gangbangers, sleazy drug dealers and hungry immigrants desperate for work.
In calendar year 2000, the Social Security Administration (SSA) issued approximately
1.2 million SSNs
to non-citizens
. While SSNs issued to non-citizens represent only about 20 percent of the total, the volume is significant.
In 2002, the Census Bureau estimated that 8.7 million people resided in the United States illegally. The Immigration and Naturalization Service (INS) has estimated that approximately 40 percent of illegal immigrants are
visa overstayers
while 60 percent entered illegally. Although most illegal immigrants simply want better lives for their families and themselves, their pres-ence has spawned widespread document and identity fraud throughout the U.S.
The immense demand for documents “proving” the right to work in the United States has led to the
ex-107