Monday, June 9, 2008

What Happened to Stealing the Old-fashioned Way? A Look At Identity Theft

by Robin Sax

Technology and modern electronics have forced even the most crotchety people to log on, tune in, and get wired. Shopping online isn’t even new anymore. We have become accustomed to Internet banking, greeting cards, and social networking. And like anything else, with every new development comes a new way for criminals to commit crimes. It seems that criminals stay one step ahead of the unsuspecting, law-abiding citizen, as well as law enforcers.

Stealing the old-fashioned way is plain stupid. Facing the victim can bring high risk and small gain for thieves. For a little bit of cash, jewelry, or perceived valuables, thieves leave witnesses who can identify them, potentially fight back, and notify police. Besides the risk in the crime itself, there are also many punishable consequences, such as gun enhancement--charges that are potentially subject to the “Three Strikes” doctrine, or equivalent repeat offender laws, as well mandatory, long prison sentences.

Stealing by identity theft, on the other hand, offers great profit at very low risk. After all, there is no victim contact, no weapon, it can be done any time of day or night, and best of all, the loot is delivered. Further, the labor involved in investigating these crimes is high. and everyone knows law enforcement agencies are overworked with little resources. Even if and when the perp is apprehended. the sentences are typically low-level slaps on the wrists.

The magnitude of the problem is huge, but what is being done about it? The FTC released its annual report revealing that identity theft is among its top ten complaints. For over six years in a row, identity theft has been the source of much frustration and accounted for approximately 37% of the consumer fraud complaints filed with the FTC last year.

The misuse of other people’s personal information is a huge issue. But is it really identity theft? I argue no. It’s just another version of the old-fashioned crime of fraud, coupled with modern technology that allows for impersonation.

No one is actually becoming another person. Rather, the thief is fraudulently acquiring someone’s personal information and using it to buy items, take out loans, and acquire objects of value.

There is no shortage of ways to get information these days. Whether by “phishing” (setting up Web sites to resemble reputable companies) or by stealing mail or utilizing inside sources, impersonation and fraud is one of the most prolific forms of theft these days.

It’s surprising to me that few people are outraged enough to do something about it. After all, stolen personal information can wreak havoc on a person’s life and particularly on their credit. And then there's the years it can take to rebuild one’s resources and security after being a victim of this crime.

Identity theft can affect millions, but the victims seem to suffer in silence. Is it because credit card companies only hold the credit holder liable for the first $50? Is it because there is so much anonymity to the crime? Or is it because the big financial institutions haven’t shelled out enough of their own money to warrant more protection for consumers?

Whatever the reason, the focus in the real world is just as absurd. Every time I whip out my credit card, the nice cashier asks for ID to make sure that my name matches my picture. Doesn’t it make sense that an impersonator will get an ID that matches the name? Just like many aspects of crime. the focus is all wrong. It’s time to stop focusing on having the innocent validate their identity, and instead work on the preventive aspects.

Just yesterday my friend told me she took out an American Express card in her dog's name by using a phony Social Security number. First it was a joke to see if it was possible. But then it became a scary commentary on how just how bad the state of financial security is.

When my friend showed me the card, I couldn’t help but to imagine some nice clerk asking for ID and validating Fido as the card owner, then finishing the transaction.

While identification checks will probably continue, a better solution can be achieved in how we validate and acquire our cards and information to begin with. Financial institutions are far too eager to make transactions possible and ultimately pass this ease on to merchants and consumers.

"We need to make the entity that is in the best position to mitigate the risk be responsible for that risk," says financial security expert Bruce Schneir. "And that means making the financial institutions liable for fraudulent transactions."


Leah said...

I am thinking that at some point the entire "credit score" thing won't even matter because so many people's credit have been abused by this kind of crime. Back in the 80s I lived in Utah and I knew someone was using my credit but I and the credit bureau could never figure out who is was or how they got my info. But, they never abused it and always kept up payments, etc. For about 15 years this went on [they lived in CA] and after I married and moved to AL in the mid 90s and tried to buy a house that I found out they were delinquent on some things. I had to go through pure hell to prove I never lived in CA, etc before they ever coded my credit report to reflect this. And they still won't remove it from my credit, but they do know it isn't mine. Whoever it was finally stopped using my SSN.I wish I could figure out who was doing it and how they got my info.

Robin Sax said...

It's unbelievable how much weight credit scores still have given the prevalence of fraud, id theft, etc.

Felicia Donovan said...

Great post, Robin, and having some expertise in this area, I can add to the reason why ID Theft remains so understated.

The FTC report you mention repesents just a tiny percentage of actual crime. The FTC study accounted for about 800K total reported complaints of which, 32% or so were ID Theft. That does not nearly represent the scope of this crime. Most crime data is reported under the FBI's NIBRS program, but ask any street cop what the correct NIBRS code for ID Theft is and some will say "impersonation" while others will say "theft" and yet others will say "fraud."

It's hard to get accurate data on the scope of a crime when the reporting sources don't have clear instructions on how to capture it in the first place or when "impersonation," an umbrella category, can represent so many other crimes like "impersonating a police officer."

Another researcher, Javelin Strategy, estimated there were 8.4 million victims of ID theft in 2006 - that equates to 23,000 victims a day. I'm more inclined to put my money on that number.

Felicia Donovan
(Nominated for the Barry Award)