Nearly ten million people were victims of identity (ID) theft in 2003, according to the US Federal Trade Commission (FTC). In fact, these crimes have reached such worrying proportions that president George W Bush in July signed a bill that holds identity theft criminals accountable. The Identity Theft Penalty Enhancement Act adds two years to sentences for criminals convicted of using stolen credit cards and other personal data to commit crimes.
It’s not a new threat, but began in the early 1990s when this new variety of criminals, the so-called identity thieves, emerged. Their stock in trade? Everyday transactions of consumers as well as businesses that reveal all kinds of personal and confidential details, ranging from names, addresses and phone numbers, to bank and credit card numbers, income information and US social security numbers (SSN). An identity thief obtains this type of confidential information and uses it without the owner’s knowledge to commit fraud or theft. ID theft can lead to ruined credit ratings, tarnished reputations or even wrongful imprisonment. It is believed that the average victim can spend more than 175 hours of personal time and more than $800 to clear his/her name and restore good credit ratings.
As the US’ chief consumer protection agency, the FTC has had an ID theft programme since 1998. It provides guidance to businesses and consumers on how to resolve the problems, offers law enforcement training, maintains a nationwide database of ID theft complaints and refers complaints to criminal law enforcement agencies.
Over the past few years, the problems have escalated and ID theft now tops the FTC’s list of complaints. In September 2003, the agency revealed in its survey report that the previous year’s ID theft losses to businesses and financial institutions totalled nearly $48 billion while consumer victims reported $5 billion in out-of-pocket expenses. In total, over 27 million Americans have incurred some kind of ID theft since the FTC’s programme began.
"These numbers are the real thing," says Howard Beales, director of the FTC’s bureau of consumer protection. "For several years, we have been seeing anecdotal evidence that ID theft is a significant problem that is on the rise. Now we know. It is affecting millions of consumers and costing billions of dollars. This information can serve to galvanise federal, state, and local law enforcers, the business community, and consumers to work together to combat this menace."
John Fellowes, product manager for OP and shredder manufacturer Fellowes, agrees: "Identity theft is our nation’s fastest growing crime and as a result, the demand for shredders has increased dramatically."
Company fraud tends to be less common than consumer ID fraud, but the scale of the losses are far higher and are therefore a significant threat to businesses.
Skilled identity thieves use a variety of methods to gain access to confidential and personal information. They may steal records from their employer, bribe an employee who has access to these records, or hack into the organisation’s computers.
Fraudsters may change the registered address and directors of a company by submitting false forms. In other cases they simply trade as the company they are impersonating from an alternate trading address. They also re-use genuine company logos and similar website domain names to masquerade as genuine well-known businesses. Credit reports are another goldmine for ID thieves. They obtain these reports by abusing an employer’s authorised access to credit reports or by posing as a landlord, employer, or someone else who may have a legal right to the information.
The list of fraud opportunities is endless. UK credit reference agency Experian conducted a survey, entitled ‘Closing the Lid on ID Fraud’, in collaboration with the London borough of Camden in November of last year to assess the risk of ID fraud through bin raiding – or dumpster diving in the US – both to companies and consumers. A waste analysis of the 71 commercial organisations surveyed makes for sobering reading:
• 20 per cent threw away a whole debit or credit card number
• 24 per cent threw
away a director’s sig
nature
• 20 per cent threw
away their bank
account number
with no attempt
made at destruction
• 11 per cent threw
away whole bank
statements
• one company threw
away an uncashed
cheque
• 44 per cent threw
away whole invoices
• 21 per cent threw
away details of their
customers without
making any attempt
at destruction.
Feedback from a previous survey in a different part of the country suggests that bin raiding is a problem throughout the UK and is rising at the same significant rate as cases of ID fraud (there were 75,000 reported instances in 2002 in the UK, up from 20,000 instances in 1999).
But while instances of both consumer and company ID fraud have recorded massive increases, it appears that certainly on the consumer side, people have started to change their attitudes towards discarding personal information in the bin. Numbers, compared to the previous survey, have gone marginally down.
Once identity thieves have someone’s personal information, there’s an abundance of fraud opportunities. They include:
• spending sprees using credit and debit card account numbers to buy big-ticket items like computers that sell easily;
• the opening of new credit card accounts, using somebody else’s name, date of birth and, in the US, SSNs;
• changing the mailing address on a credit card account. The imposter then runs up charges on the account and because the bills are being sent to the new address, it may take some time before the problem is detected;
• taking out loans in somebody else’s name;
• counterfeiteing cheques or debit cards and using another person’s bank account.
There are several things that consumers and businesses can do to reduce and eliminate the risk of ID fraud. The National Crime Prevention Council (NCPC) in the US urges consumers to shred personal documents such as paid bills, pre-approved credit cards, ATM receipts, and bank and credit card statements before throwing them away.
John Fellowes says: "Five years ago, shredders were used primarily by businesses but today paper shredders are becoming as commonplace as personal computers in the home."
Darryl Jones, VP for NCPC, adds: "A paper shredder, along with prudent protective actions such as storing personal reocords in a safe place or using a password protected electronic storage medium, can be an invaluable tool in ensuring personal records don’t end up in the wrong hands."
Everyday diligence also helps in making sure that unauthorised people do not gain access to personal and confidential information. Don’t give out personal information on the phone, through the post or over the internet unless you have initiated the contact or you know who you are dealing with. When putting passwords on credit cards, bank and phone accounts, do not use obvious ones such as your child’s or pet’s name. Ask about information security procedures in your workplace and about who has access to your personal information. Once you have verified that your records are kept in a secure location, ask about the disposal procedures for those records as well.
If all this fails and you still become a victim of ID theft, the FTC recommends four actions to be taken immediately.
• Place a fraud alert on your credit reports and review your credit reports
• Close any accounts that have been tampered with or opened fraudulently
• File a report with your local police or the police in the community where the identity theft took place
• If you’re based in the US, file a complaint with the FTC.
