 |
|
|
|
|
|
Identity Theft
Identity theft or identity fraud is not considered a technically correct term to be used by the media to describe this type of a crime, tort or other harmful act by deliberately
While identity theft appears to cover the entire spectrum of crimes committed while pretending to be someone else, it is only used to describe those situations where the person being impersonated has no knowledge of the person pretending to be them, or else does not approve of their actions. Hence for example cheating on an exam or at a driving test is not considered to be a case of identity theft.
Since identity theft is so broad a concept, any discussion of it must quickly narrow down to the more specific cases like credit card fraud. Likewise any proposed remedy of identity theft is in actuality only a remedy for a specific case of identity theft, with the rather unachievable exception of 100% perfect verification. Biometrics is considered to be such a technology, but in reality risk worsening the situation leading to reverse burden of proof problems in courtrooms as biometrics can also be tampered with as part of an attack. Techniques for obtaining identification information range from the crude means like stealing mail or rummaging through rubbish (referred to also as dumpster diving in the United States of America) or stealing personal information in computer databases, to infiltration of organizations, via their websites or otherwise, that store large amounts of personal information.
Identity theft is generally committed as the result of a serious breach of privacy. Except for the simplest credit-related cases, it is usually not possible without breakdowns in
o customer
privacy, in which case the consequences may be limited to fraud on only
one corporation or so, typically the one that leaked the data in the first
place, for example account numbers.
o consumer privacy, which
is more serious a matter, where credit card numbers or other
generally-useful identity data are stolen and used widely.
o client confidentiality and political privacy, making it very easy to effectively impersonate someone, by using confidential information that an ordinary impersonator would not normally have access to.
How Accurate is the term Identity Theft?
The term identity theft is regarded inaccurate by many since it is merely a relatively new term for fraud where an individual is impersonated. This is based on the reasoning that clearly, a person's identity is not something that can be stolen, and individuals subject to fraud do not cease being who they are. Further, the use of this term suggests that the victim of such crime should usually be the individual who is being impersonated. While it may certainly be true that this individual may be caused a certain amount of trouble, like being pursued by debt collectors, the real victim is actually the creditor who is being defrauded. It should be hence be strongly emphasized that the impersonated individual does not have the liability for any crimes fraudulently carried out under their name.
Some creditors may well attempt to put pressure on that person, claiming that they are liable and merely attempting to claim that their identity has been stolen as a ruse to get out of paying the creditors what they owe them. In such cases it should be strongly borne in mind that it is for the creditor to prove that the debt is owed by the impersonated individual - and not the individual themselves and they have no right what so ever to penalize the victim unduly.
The Consequences of Identity Theft
In many parts of the world, identity theft has earned the dubious distinction of being the fastest growing offence. However, in the United States of America, a longitudinal 2005 study by Javelin Strategy & Research has shown that the crime had leveled off since a 2003 study from the Federal Trade Commission was released in the year 2003. The most recent U.S.A. Javelin data also showed that a shocking 9.3 million individuals or 4.25% of all adults are victims of identity fraud on an annual basis. In the United Kingdom in the year 2005 the consumer group which issued a report claiming that one in four people had been victimized by identity theft, or knew someone who had been so. This misleading claim linking victims with those who know victims in a single statistic had achieved wide publicity. The Home Office in Britain which does not collate data on identity theft nonetheless claims that the activity is reaching epidemic proportions.
It is difficult to efficiently quantify the extent of real personal privacy breaches, since the laws requiring disclosure of such instances are only coming into existence.
Factors attributing to the Crime
Instances of identity theft have been seen to increase as the willingness of lenders like issuers of credit cards to extend credit without physical human contact, the ability to transact sales and other business at a distance (over the internet and via telephone), and the availability of personal information, and its huge volume held by third parties, has increased.
In the United States of America for instance, extremely personal information like mortgage details, social security numbers, and driving license details are publicly available. Such sensitive information is far harder to obtain in most other countries, instead it is typically held by numerous government and private sector bodies, and is consequently available to their many employees and other associate organizations. One of the matters of particular concern is the comprehensive personal financial information and other related data held by credit reference agencies. The proliferation of junk mail from many of these organizations often includes name and address, and this has aggravated the situation.
In the United Kingdom, companies such as those engaging in car hire services, car dealerships, solicitors and banks now make it a point to routinely take a copy of identity documents as a mandatory condition before doing business. Such actions are restricted by the fifth principle, in particular of the Data Protection Act passed in the year 1984 and as per this, data subjects namely consumers in this context may demand that any copies made be destroyed after a reasonable amount of time, in this example once the vehicle has been returned, and accepted back as being in the same condition it was supplied in. As a result of the data protection legislation in the United Kingdom many organizations now require telephone callers to disclose personal details such as date of birth and mother's maiden name as a means of identification before they will enter into discussion of personal effects. This provides eavesdroppers an easy opportunity to collect this vital data.
As a consequence, more people are now giving password responses on being asked for such information, for instance, by telling the bank that their mother's maiden name is a password rather than 'Smith'. Though this makes no big difference while being eavesdropped, by using different passwords with different companies, the value of information gained though eavesdropping can be compartmentalized and restricted in that sense.
According to the Javelin study, identity fraud crimes in the United States of America now total a whopping $52.6B annually which is up 2.3% from the previous survey, with a per-individual total of $5,686 per victim. The Javelin random-sample study also showed that individual victims in the U.S.A. spend an average of about 28 hours restoring their affairs, while the majority of their costs are reimbursed by financial providers, who in turn pass much of the cost on to merchants or other service providers.
Contrary to popular belief, illegal access to personal information is usually gained through traditional means such as paper financial statements, checks or credit cards, and the perpetrator is often someone previously known to the victim, such as a friend, family member, or acquaintance. It is rumored that some of the local authorities in England have their rubbish sorted for recycling by convicts or jail inmates, which represents an additional risk. This type of identity theft suggests that privacy guard strategies will not solve the problem and that it is the promiscuous nature of transactions at a distance without actual physical human contact, that enables the fraud to e committed. However, if we ban all business from being done online or by phone, then the economy will be seriously harmed, so the solution must lie in serious unbreakable encryption with randomly generated codes and a dual key system. Either this, or a secure line in conjunction with biometric verification and a secured un-hackable database of such biometric data in a central site.
Country Dependence
It does seem at times, that the prevalence of identity theft and the seriousness of typical cases are quite dependent on the country and the legal system and commercial habits existing there. Most countries in Continental Europe, for instance, require their citizens to own ID cards which are needed to prove one's identity on numerous occasions, like opening or even accessing bank accounts, renting cars, checking in at hotels etc. As ID cards are in general hard to counterfeit just like currency, and one usually has to physically show the card, it requires substantial criminal effort to commit fraud. Being used to this standard, businesses are less likely to accept an identity verification by means of a semi-secret personal information such as social security numbers to ascertain one's identity. It could be owing to this that it is also less common to do business by phone as it is in the United States of America for instance.
Hence, the threat posed by relatively simple identity theft, which relies on obtaining semi-secret information such as social security or credit card numbers then depends on how much can be done with this information. Is it, for example, possible to open an account using false ID in the form of a stolen Social Security Number, and by doing so wreck the victim's credit record? Do banks accept credit card payments without signature or a numeric Personal Identification Number? Differences in this kind of legal framework may explain the large differences in damages due to identity theft in different countries.
Rigorous research has shown that there are some methods that have been proven to be most effective at preventing identity theft or fraud. Here are a few precautions one can take against identity theft:
o Freeze your credit, if such a facility is available in your state, since with a credit that is freeze, no one can succeed in opening any form of credit in your name.
o Request your own credit report systematically, say each year or at shorter intervals, and check the reports for inaccuracies and new lines of credit issued that you did not request. If you have been the target of identity fraud in the past, check the data every six months or interval shorter than that. In the United States of America for instance, you are permitted a free copy of your credit report once a year from each credit reference agency, in a bid to help the cause of victims of identity theft.
o Minimize the use of the postal service to send or receive financial documents, checks, and have your name removed from junk mail lists; it has been found that almost 8% of identity fraud results from stolen mail. Try and mail letters personally from the post office. In a bid to minimize pilferage of valuable documents, the Postal Service of the United States of America requires mails heavier than 16 ounces or 454 grams to be presented face-to-face but never dropped off in collection boxes. As a rule, one must never pass your mails to strangers not in postal uniforms even if they have postal identifications. In America, where standalone mailboxes are common, it would be a good idea to install a lock on the box and regularly collect delivered mails as soon as possible.
o Check your bank accounts regularly, preferably each week online or at an ATM. It has been seen that over 70% of instances of identity fraud is detected by the victim, and victims who do so through electronic methods suffer losses of less than 1/8th that of those who rely on paper statements for monitoring account activity.
o Stick to using reliable ATM's at reputable sites only. Always scrutinize your surroundings for anything suspicious and watch out for any suspicious attachments to any ATM that may steal information. For instance, if the interior of a bank is closed but an indoor ATM is still accessible with a card, refuse helping any stranger to enter. If in doubt, do not use the ATM but report the problem promptly.
o Watch your surroundings while entering sensitive codes of information at an ATM or on a telephone keypad and ensure you enter sensitive pieces of information with touch-tone and not voice entry; hide what you type on a keypad from others who could look over your shoulder.
o Do not use wireless or cellular phones to talk about sensitive information, instead use a wired phone connected to the ground or encrypted internet access for financial transactions.
o Shred credit-card receipts, used checks, junk mail and other
such documents, as they may contain private information.
o Be careful never to give out
personal information in response to telemarketers and delete all e-mails
that claim to be from your bank or any other financial services provider
asking you to log in using a hyperlink embedded in the e-mail message. If
in doubt as to the legitimacy of such requests, make it a point to use a
telephone to call marketers or financial providers back rather than
directly responding to the telemarketer or company that called or emailed
you. Such theft of crucial identity data is called phishing and is on the
rise in today's internet age.
o While shopping online, make sure the company is one of good repute and displays an approved security symbol. Also, make sure you log out of the site when you are done with the transaction.
o Watch your surroundings while using a credit card at any
checkout counters or similar places as some tech savvy identity thieves
use cell phones with cameras to steal others' credit card numbers and
expiration dates. This is the reason why certain stores now prohibit
taking pictures and videos without consent from the management.
o If you know you already are a
target, keep copies of police reports and records of who you talked to and
when handy, so that you can use these to back up the claim of fraud.
Individuals who consider themselves at higher risk of identity fraud
should consider purchasing commission-based credit monitoring services,
which will notify you of any unsolicited new accounts or credit inquiries
that are being made on your behalf.
o Limit the amount of personal information you publish on the web; small fragments of vital information here and there could be enough for someone to impersonate you in many ways. Be especially careful with information used as security keywords for banks, like your mother's maiden name and give your bank a different word or a password instead of the real maiden name.
o As a rule, do not divulge personal information such as date of birth to organizations that have no requirement of it; nearly all commercial organizations come under this bracket.
o Avoid routinely carrying identity documents unless obliged by law to do so.
o Restrict persons from copying your identification documents. If commercial organizations require you to submit a copy as a condition of doing business either refuse to do business with them, or retrieve the copy when your business ends and a written statement that they have not taken further copies should also be obtained.
o If someone calls you claiming to be from one of the financial institutions you do business with asking for personal information, as a rule do not give it to them. After asking them why they require the information, hang up, and then call the institution back using contact information from a source other than the caller.
o As a general rule, avoid doing business with those that come to you. This could be anything ranging from tele-marketing or tele-charity-donations, to offers in E-mail-which is usually categorized as SPAM, to door-to-door solicitation, and so on. If you want something, its safer if you find the business or company.
o When asked for your mother's maiden name, do not supply your mother's maiden name. Instead supply a different password for each company requesting this information, and make it understood that the information you are supplying is a password, not your mother's maiden name.
In specific, for citizens of the United States of America:
o Avoid ordering checks pre-printed with your driver's license or social security number. If you can keep your address also off them, opt to do so.
o Avoid carrying your social security card unless absolutely required. For instance, certain state motor vehicle offices require first-time applicants for driver licenses to show their social security cards. Don't give out the number unless it is absolutely necessary or legally required by say employers, landlords etc. In states where your driver's license number is your social security number, be equally careful about who sees your license as well.
In today's world, a
good credit score often goes a long way in establishing a good profile of
you and hence it is imperative that one exercises extreme caution while
handling all matters in connection with this. With a little caution,
perpetrators of identity theft can be kept at bay and your interest
protected.