•
The District of Columbia has the highest incidence of identity theft, followed by California.
In 2002, there were 123.1 victims per 100,000 people
in D.C., or 704 victims. In California, there were
90.7 victims per 100,000 people, or 30,738 people.
In New York, there were 66.9 victims per 100,000
people, or 12,698 victims.
Most often, identity thieves use the victim’s information to commit credit card fraud. However, more than one in five victims reported their information was used to commit more than one type of fraud.
8
C H A P T E R 1
How Your Information Is Misused1
(Percent of reports)
Credit card fraud
: 42%
Phone or utilities fraud
: 22%
Bank fraud
: 17%
Employment-related fraud
: 9%
Govn’t documents or benefits fraud
: 8%
Loan fraud
: 6%
Other fraud
: 16%
•
About one in six identity theft victims said the thief used their personal information to open at least one new account, such as new credit card accounts, new loans or other new accounts.
•
Over half of identity theft victims are
under age 40
. About 11 percent of victims are age 60 or older.
•
According to the Social Security Administration Inspector General’s analysis of the SSA’s Fraud Hotline data, more than 80 percent of SSN misuse allegations were related to identity theft.
1 Refer to the FTC’s Web site at
www.ftc.gov
for more information. Some of this information was adapted from the site.
9
W H Y I D T H E F T H A S B E C O M E S U C H A P R O B L E M
•
On average, identity thieves misused victims’ information for
about three
months
. However, when the identity thief opens new accounts with the victim’s information, the misuse lasts longer— more than one out of four of these victimizations lasted six months or more.
Despite the FTC’s best efforts, there is no single database in the U.S. that captures all investigations and prosecutions of identity theft cases. Enforcement actions on identity theft law may be undercounted. Because identity theft is usually committed to
facilitate
another crime
, criminals often are charged with those other crimes like bank, wire or mail fraud rather than with identity theft.
Reporting on ID theft is surprisingly low. Victims might first try to clear up the mess through their credit bureaus, credit agencies, DMV and the such. They don’t necessarily run to their local police department or fill out the affidavit provided by the FTC for reporting the crime (more on this later). In 2002, 47
percent of those reporting identity theft to the FTC
said they notified the police department, but only roughly one-third had a report taken; 53 percent of victims had not notified a police department.
Only about one out of four identity theft victims
polled in a FTC-sponsored survey said they reported
the crime to local police. Only about one in five said
they notified one or more credit bureaus about the
identity theft.
1 0
C H A P T E R 1
H O W T H E Y S T E A L
There are so many ways for someone to steal your identity. Only about one in 100 identity thieves is ever caught. Think of all the people who hold they
key to
your identity
via your Social Security number alone: your banks; credit card companies; credit bureaus; insurance companies; brokerage houses; doctors’ offices; dental offices; phone companies; cable companies; fitness gym; local rec center; public library; school; baseball league; tennis club; DMV;
department and
specialty stores
(e.g., Bloomingdale’s, Victoria’s Secret, Eddie Bauer) where you purchase items regularly with their card; apartment building manager; subscriptions that catalogue subscribers by their SSNs; airlines with your
frequent flyer programs
…and all those Internet sites you’ve joined using your SSN as an identifier or username.
This book will detail the How’s, Why’s, When’s and Where’s to ID theft, but here’s a brief list of some of the places where thieves can get your information.
Some are obvious areas of vulnerability; others are not. Become familiar with these things.
•
Mail
: Your mailbox—filled with incoming or outgoing mail—is an easy target.
A thief can look through the mail for bills or bank statements and pilfer the information.
Check washing
is another method; a thief can wash out the ink on a signed check, change the amount and rewrite the check to himself. Watch out for those pre-approved credit cards that come in the mail, too.
1 1
W H Y I D T H E F T H A S B E C O M E S U C H A P R O B L E M
•
Fraudulent change of address
: A thief can fill out a change-of-address form at the post office or with the victim’s credit card company so the mail and bills get redirected to the thief’s address or mail drop.
•
Trash cans and dumpsters
: Business and building dumpsters are attractive items to thieves looking for discarded letters with business and customer account information. A thief can disguise himself as a homeless person digging through garbage.
•
Onlookers
: Whenever you expose your ATM or calling card in a public place, someone might be looking. Criminals lurk around
ATM machines and public phones
in high-traffic areas for victims. They might even look from afar with the help of binoculars, camcorders or a zooming camera.
•
Lost or stolen purse or wallet
: If a thief comes across a lost purse or wallet, or steals it himself, he’ll have a lot of personal information to use. This is when keeping certain things like your Social Security card and health insurance card (which often bears your SSN) out of your purse is key.
•
Inside jobs
: An employee of a business might illegally retrieve information that a business has collected for legitimate reasons. An
entry-level employee
at a financial institution, for example, might be
1 2
C H A P T E R 1
able to access others’ personal information, and sell it to identity thieves.
•
Internet
: Computer-savvy criminals can use the Internet to hunt down victims easily.
Personal Web pages
are targets, and genealogical databases give thieves access to maiden names, which are often used as passwords to bank accounts and the like.
•
Skimmers
: Thieves who carry skimmers, devices that can read the magnetized strip from a credit card, bank card for account numbers, balances, verification codes, are hard to spot because they often work where you’re using your card to make purchases. First your card is run through the regular credit card reader, then through the skimmer without you knowing.
•
Pretexting
: You might be duped into giving up your personal information over the phone with someone who disguises himself as a representative with a reliable company that you use, like your phone company, local department store or cable company.
In Chapter 4, we’ll consider more details on each of these topics. In that chapter, the mechanics of ID theft get described in detail.
W H Y T H E I N C R E A S E I N T H E F T ?
We live in an age of information and digitization; we’ve
traded privacy for convenience
. We buy gad-1 3
W H Y I D T H E F T H A S B E C O M E S U C H A P R O B L E M
gets to make remote transactions and have greater access to publicly available information.
Although the Internet makes it easier to steal data needed to pass as somebody else, ID theft was becoming a problem before surfing the Web became popular. At the heart of the problem is the issue of Social Security numbers being our sole code for our identity.
It’s very easy to obtain Social Security numbers.
Non-Social Security Administration uses of Social
Security numbers have not been prohibited, so Social Security numbers are used as identification and
account numbers by many entities.
The expanded use of the
SSN as a national identifier
has given rise to individuals using counterfeit SSNs and SSNs belonging to others for illegal purposes.
Stolen SSNs have been used to gain employment, establish credit, obtain benefits and services and hide identity to commit crimes.
Web sites sell individuals’ Social Security numbers, some for as little as $20. Self-regulatory efforts by information brokers have been ineffective in restricting the sale of sensitive personal information to the general public. Creditors, generally, have failed to adopt better policies.
1 4
C H A P T E R 1
ID theft will worsen because there are indications
that organized crime gangs are gravitating toward
identity theft as a low-risk, high-payoff crime.
Stealing a credit card number is the easiest way to commit identity fraud. Thieves can find receipts left on tables in restaurants or in shopping bags, thrown away in a trash can or dumpster, or left behind at the gas pump. Identity theft, however, has gotten more sophisticated than that, which means you can’t simply be super-careful about those receipts to protect yourself. The problem we face today is a result of many things that have been happening (or
not
happening) in the past 40 years.
In the 20th Century, a vast system of
third-party
record keeping
arose. Personal information was collected and maintained by banks, doctors and hospitals, credit reporting agencies, pharmacies, utilities, insurers, employers and government agencies.
In 1976, the U.S. Supreme Court, in U.S. v. Miller,
ruled that Americans do not have a Constitutional
right to privacy in personal data held by third parties. The court reasoned that when you open a bank
account, you surrender your data to the flow of
commerce. Absent statutory protection, the bank is
more or less free to give your financial data to whom-ever it pleases. So, even though the information was
about you, those that collected it and kept it, owned
it. The Supreme Court ultimately extended this reasoning to telephone records and garbage.
1 5
W H Y I D T H E F T H A S B E C O M E S U C H A P R O B L E M
In 1977, a bipartisan commission created by Congress when it enacted the
Privacy Act
recommended a comprehensive legislative package, concluding that protections were needed in such areas as financial, medical, communications and government records and Social Security numbers. It also recommended a national office to oversee and enforce privacy policy.
As you can assume, most of those recommendations were not carried out.
T O O M A N Y B E D M A T E S
By 1990, the U.S. was the only nation with a law to protect the privacy of video rental records, but without a law to protect medical records. What we have today is a system by which each person is linked to one number and that number gets used to do everything, from buying houses and cars, to transferring money, selling on eBay, renting a video, getting a tooth extracted and registering your car.
ID thieves bribe clerks, steal from mailboxes, filch
data from computers and garbage and raid personnel files.
The underworld of “carders”— that is, hackers, who specialize in stealing and selling credit card numbers— is steadily growing. Some are connected to
organized
crime groups
in Russia, Eastern Europe and Nigeria. Victimized Web sites include Western Union, Egg-head, CD Universe and CreditCards.com. Identity thieves are using stolen credit card numbers to buy names, addresses and SSNs from legitimate infor-1 6
C H A P T E R 1
mation brokers, and then use the fraudulently-purchased identifiers to commit identity theft.
The
consolidation of the banking industry
also has contributed to the upsurge in ID theft. As little banks get eaten up by bigger banks, the consolidation pinpoints one’s personal information to huge databases and prevents a spreading-out of information that would help hide or scramble one’s personal information. It also kills personal connections, changing the standard by which you are evaluated financially. Nowadays, people are more attached to their
impersonal FICO2 score
than their reputation in town. You become a number rather than a face to which your identity is attached. The growing importance of consumer credit makes every Social Security number a potential charge account.
Financial institutions largely have
ignored federal
regulators’ recommendations
that they guard against would-be privacy invaders by asking customers for personal identification numbers (PINs) or passwords before giving out their personal data. Moreover, the government isn’t pushing credit bureaus and credit issuers who gather and use private information to stamp out fraud. Until that happens, consumers’
finances remain vulnerable.
2FICO stands for Fair, Isaac & Company, which develops the mathematical formulas used to obtain snapshots of your credit risk at any given point in time. These scores are the most widely used and recognized credit ratings, and they are used by the three largest credit reporting agencies (Equifax, Experian and TransUnion).
1 7
W H Y I D T H E F T H A S B E C O M E S U C H A P R O B L E M
Financial institutions continue to participate in
telemarketing schemes in which customers are solicited for 30-day free trials and memberships, and
then the telemarketer either charges it to the
customer’s credit card or adds a monthly charge to
his or her mortgage statement.