Imagine discovering that someone has opened credit card accounts or secured a home equity or car loan under an assumed name: yours. Consider receiving an IRS W-2 form reporting wages earned by someone else who has used your name and social security number.
Unfortunately, incidents just like these happen to consumers—now identity theft victims—all over the country, every day. A 2003 study commissioned by the Federal Trade Commission (FTC) found that identity theft affected almost 10 million consumers in 2002.
ID theft can be devastating and recurring
The initial impact of identity theft can be devastating, in part because it’s a crime that can revisit the victim again and again, taking the same or different forms. An identity thief may first use a consumer’s personal information to open new credit card accounts. Even if the thief is apprehended and convicted, he or she may have sold the victim’s information. Then another thief uses the victim’s information, and the cycle of fraud begins again.
Victims often need help dealing with the recurring fallout of this crime each time they dispute a new fraudulent tradeline on a credit report or take a call from a debt collector for debts incurred by the identity thief. Fortunately they can turn to industry, law enforcement organizations, and regulatory agencies for meaningful assistance.
FTC’s identity theft program
In 1998, when Congress passed the ID Theft Act, it criminalized identity theft and directed the FTC to establish a national program to centralize complaints and provide education for victims of ID Theft. In response to the mandate, the FTC established the Identity Theft Data Clearinghouse—the nation’s centralized repository of consumer complaints involving identity theft—which today houses about 750,000 identity theft complaints.
VICTIMS FILING IDENTITY THEFT COMPLAINTS WITH THE FTC MOST COMMONLY REPORT CREDIT CARD FRAUD, UTILITIES OR TELEPHONE FRAUD, AND BANK FRAUD.
The FTC’s ID Theft Program is designed to help consumers on three fronts by: 1) coordinating ID theft victim assistance and education efforts, 2) facilitating information sharing and outreach training for law enforcement, and 3) promoting prevention efforts and best practices through industry outreach. Through the ID Theft Program,
- Victims can file ID theft complaints with the FTC online at www.consumer.gov/idtheft or by contacting the toll-free hotline 1-877-IDTHEFT. Whether filing online or by phone, victims are introduced to resources that explain what steps to take to recover from identity theft and how to minimize the risk of its occurrence.
- Law enforcement officers can use the complaints filed with the FTC to investigate cases. Each complaint entered into the FTC’s database can be retrieved by any of the 1,100 law enforcement agencies authorized to access the ID theft data through the FTC’s Consumer Sentinel Network.
- Financial institutions can help consumers by promoting policies and business practices designed to thwart this crime, and by providing assistance to victims once it happens. Businesses should consider five key steps:
1. Minimize risk of fraud through responsible information-handling practices;
2. Train front-line staff regarding security goals and techniques for keeping information safe;
3. Utilize proper methods to dispose of customer information;
4. Institute measures to respond to security breaches and have personnel in place; and
5. Provide personnel trained to assist victims as they work to clear their financial records.
Financial institution and business resources to help combat identity theft
Financial institutions can also direct victims to the FTC’s educational resources and self-help materials, including the FTC’s ID Theft Affidavit. Victims can use this document to dispute multiple fraudulent accounts opened in their names by the ID thief rather than filling out a separate form for each creditor. The Affidavit is available at the ID theft website and is also included at the back of both the English and Spanish editions of the ID theft book, Take Charge: Fighting Back Against Identity Theft.
The FTC has also prepared a guide for businesses to use in the wake of an information security breach. The FTC’s Information Compromise and the Risk of Identity Theft: Guidance for Your Business, available at the website, provides advice on contacting consumers, law enforcement agencies, and credit bureaus. It also includes information about how to contact the FTC for assistance and explains what individuals need to know to protect themselves.
ID theft: many forms, many faces
Victims filing identity theft complaints with the FTC most commonly report credit card fraud, utilities or telephone fraud (especially involving cell phone accounts), and bank fraud, which involves deposit and savings accounts as well as electronic fund transfers (see graphs).
Fraudulent Use of Personal Information
Credit card, loan, and bank fraud as a percent of identity theft complaints, 2002–20041
1Percentages are based on the total number of complaints in the Identity Theft Data Clearinghouse for each calendar year: CY 2002=161,896; CY 2003=215,093 CY 2004=246,570.
2Includes fraud involving checking and savings accounts and electronic fund transfers.
ID theft can be perpetrated through low-tech or high-tech means. Low-tech methods include stealing mail or rifling through garbage for bank statements and other information that enables the thief to obtain credit in someone else’s name.
One high-tech way of stealing personal data is online “phishing.” A fraudster uses spam e-mail or an Internet pop-up message to trick consumers into disclosing a credit card account number, Social Security number, password, or other sensitive personal information.
Here’s how it works. You receive an e-mail that claims to be from your bank, Internet service provider (ISP) or some other organization. The message typically tells you that you need to update your account information and may include a warning that something undesirable will happen if you don’t respond. The message directs you to a website that looks like the legitimate site. However, the site is bogus, designed to “phish” your information so that the perpetrators can steal your identity and run up bills in your name.
For more information about how phishing works, see How Not To Get Hooked by a ‘Phishing’ Scam, at www.ftc.gov.
Legislative changes: the FACT Act
Important new rights and remedies are available to ID theft victims through the Fair Credit Reporting Act (FCRA), which was recently amended by the Fair and Accurate Credit Transactions (FACT) Act.
New laws took effect in 2004 to help victims remedy the effects of identity theft. Now, when ID theft victims contact any one of the three nationwide credit reporting agencies (Equifax, Experian, TransUnion), the agencies must provide them with a summary of their new identity theft rights. These new rights include the victim’s ability to block fraudulent tradelines on credit reports and to obtain transaction records related to ID theft (such as the thief’s fraudulent credit application) from the business that extended credit to the impostor.
Other rights include the ability to stop those furnishing information to consumer reporting agencies from providing inaccurate information resulting from ID theft to the credit bureaus, along with the right to obtain fraud alerts and several free credit reports.
The new law makes police reports more important than ever as a tool to help victims recover. Many of the new FCRA ID theft rights and remedies are available only if the victim provides appropriate documentation, including a law enforcement report. For more information on these new rights and remedies, read the two-page summary entitled Remedying the Effects of Identity Theft at www.consumer.gov/idtheft.
FTC consumer resources
FTC resources can help consumers learn how to minimize their risk of becoming an identity theft victim and explain what steps to take to undo the effects of this crime. Two FTC publications are key resources for consumers: Take Charge: Fighting Back Against Identity Theft, and ID Theft: What’s It All About, along with the ID Theft Affidavit.
Victims can use the Affidavit when disputing fraudulent accounts with nationwide credit reporting agencies or with businesses that extended credit to a suspect who used the victim’s name. These materials—available in both English and Spanish—are free at www.consumer.gov/idtheft. Victims without web access can obtain these materials by calling the FTC’s ID Theft Hotline at 1-877-IDTHEFT, Monday-Friday, between 9am and 8pm, Eastern Time.
This article was written by Monique F. Einhorn, attorney with the Identity Theft Program at the Federal Trade Commission. The views expressed in this article are my own and do not necessarily reflect those of the Commission or any individual Commissioner.
|Identity Theft: A Case History
On July 15, 2004, I received a call from a frantic county resident. She had just learned, to her surprise, that she had recently secured a personal loan for $7,999 from CitiFinancial Services. A woman using her name and Social Security number had picked up the check the week before and deposited it at the local Teachers Credit Union. When credit union security personnel pulled all the paperwork for the account, sure enough—the photo on the driver’s license used by the suspect was not the victim’s, though the address listed by the impostor was just down the street from the victim’s residence.
On a hunch I drove to the victim’s street. I found the suspect standing in a doorway three houses away from the victim, placed her under arrest for identity theft, and conducted a routine search of her residence. Little did I know I would soon find the “jackpot.”
Inside the residence a team of ten agents located personal information, names, social security numbers, credit card numbers, and home addresses for approximately 150 different individuals. The suspect had worked for a limousine service that catered to business travelers, and she had combed the contracts for personal information. We found multiple additional accounts opened in the victim’s name, along with the victim’s stolen mail. The suspect appeared to be breaking into her neighbor’s mailbox and stealing her bank and credit card statements, many of which contained personal information. I also recovered several credit reports issued to a nearby mortgage company on different victims, including one for the original victim.
The suspect was charged with multiple offenses but released from custody, innocent until proven guilty. Over the next several weeks, I tracked down multiple victims, fraudulent credit cards, orders, and stolen property totaling more than $150,000 in fraud generated by this single suspect. I also uncovered apparent accomplices, including a girlfriend who worked at the mortgage company. Another of the suspect’s girlfriends worked in the personnel department of a YMCA branch where several of the victims also worked. This information resulted in new arrest and search warrants for the suspect.
Investigations over the next several months traced more than $50,000 in additional credit card fraud to multiple victims’ accounts. The suspect was purchasing airline tickets with stolen credit card numbers, traveling, and selling tickets. She was indicted on 12 felony charges and another arrest warrant was issued.
On November 23, 2004, I located a rental car being operated by the suspect, and I arrested her once more during a stakeout of the auto. A search of the car identified another 25 victims. In the back seat were packets from a local tax preparation service and mortgage documents from several refinance packages. Investigation into these documents led to another apparent accomplice, one of the suspect’s girlfriends who had recently worked at both businesses. The suspect was again taken into custody and in front of the court, but once more released—innocent until proven guilty.
As I prepare for the upcoming trial, the suspect is out and roaming, who knows where. I have worked with many other identity theft cases that fit the same pattern during this time period. Investigating these cases takes an enormous amount of time and effort. I don’t expect the work to slow down any time soon.
Detective Scott G. Wyne
Montgomery County Police/ Fraud Section
|Phishing – Consumers Beware!
“Phishing” is a growing Internet scam in which criminals use fraudulent e-mails and websites to retrieve personal financial information such as account numbers, passwords, or social security numbers. This confidential information is then used to steal money from your checking account or to run up charges on your credit cards.
E-mails that appear to be from banks or other financial institutions requesting personal information are likely to be fraudulent. Financial institutions typically do not contact customers via e-mail to verify personal information or request it online. The best protection is not to respond to these e-mails.
What if you receive a phishing e-mail?
A brochure released by federal bank, thrift, and credit union agencies offers the following information to help consumers identify and combat phishing schemes.
If you receive a phishing e-mail:
- Do not respond to the e-mail.
- Do not open the link located in the e-mail. The link connects to a false website or form, and it may install a virus or “eavesdropping” software program on your computer to capture personal information.
- Alert the bank or business being used as a front for the scam about the phishing e-mail. Make the contact yourself using an established phone number or Internet address for the business.
If you are an identity theft victim as the result of a phishing scam, contact the following groups:
- Bank or business of the account;
- Local police department;
- Federal Trade Commission’s Identity Theft Clearing-house (www.consumer.gov/idtheft), which contains instructions to help report identity theft;
- Credit bureaus, to place a fraud alert on your credit report and obtain a copy of your credit report for review.
For more information, an interagency brochure on phishing is available at http://www.occ.gov/consumer/phishing.htm. Additional consumer information can be accessed on the Anti-Phishing Work Group’s website at http://www.antiphishing.org/.