Identity Theft

They could have been anybody's grandparents: a sweet couple in their 70s happily enjoying their golden years. Instead, this retired Air Force officer and his wife spent at least part of 1999 sitting in front of the Maryland legislature, testifying about a crime so traumatic that they refused to pro

They could have been anybody's grandparents: a sweet couple in their 70s happily enjoying their golden years. Instead, this retired Air Force officer and his wife spent at least part of 1999 sitting in front of the Maryland legislature, testifying about a crime so traumatic that they refused to provide their real names to the lawmakers before them trying to decide whether to limit the use of the Social Security number as an all-purpose identification number.

Their nightmare began when someone spotted a Social Security number and other personal information on the woman's Air Force dependent card. The information was used to open credit card accounts, apply for car loans, access information about her husband and obtain a Texas driver's license under his identity. By the time the couple realized that an imposter was using and abusing their good names, 33 fraudulent accounts had been opened to the tune of $113,000.

Despite their stellar financial record in the years before this larceny began, the couple cannot get a home mortgage and have been turned down for credit at Kmart and Sam's Club. "We have been through hell for the past three years," the man stated, "and don't see an end to it."

Identity theft is to the Information Age what rum-running and gangland murders were to the Prohibition era. Few formal statistics are kept, but there is little doubt that this type of fraud-which in many states is not even recognized as a punishable offense-already is the country's fastest-growing financial crime.

Trans Union LLC, one of the country's three major credit reporting agencies, reported hearing about approximately 350,000 cases of identity theft through 1998, and Visa reported to the General Accounting Office that U.S. fraud losses among its member banks topped $497 million in fiscal 1997.

Sgt. D.J. Nesel, a detective with the King County Sheriff's Office in Washington, said the crime is overwhelming local police departments. "We could devote our entire sheriff's department to investigating this one crime, and we still

wouldn't have enough resources," he said. "I call it the crime that keeps on giving, because victims are victimized and revictimized over and over and over again."

The causes are numerous: Although the federal government's lax regulation of the Social Security number has jump-started opportunities for criminals, state and local policies have fueled the crime. Nineteen states use the Social Security number for driver's licenses, and local birth record departments often supply birth certificates without any real identity verification, mailing the documents to a requester based on little more than a notarized letter.

"It used to be that when forgers were arrested, the police would find a stack of counterfeit driver's licenses in their briefcases," said Frank Abagnale, a former con man gone straight who advises states on high-tech security measures and combating this crime. "Now they find 10 to 20 legitimate driver's licenses with their pictures and somebody else's names. It's way too easy to defraud the system."

Meanwhile, victim complaints are stacking up in police departments and legislative offices, and alarmed bystanders note that if something effective is not done soon to stop the free flow of personal information and easy credit, the country will be asking one simple question: How can you prove that you really are who you say you are?

Fighting Fire With Fire

Many people in the law enforcement community believe that the only way for states to curb this new brand of information swindling is through the use of information technology.

"The privacy people don't want to hear this, but the key to it is biometrics," Nesel said. "Take a thumbprint, a fingerprint, something to secure that document. I can create or forge anything I want, but I can't steal a piece of you. It's cost-effective, it's efficient, and if you cross-match those prints in the driver's license database, you will just about cut out all this identity theft."

However, many proposed solutions are themselves controversial, particularly when it comes to setting up databases.

Nesel's proposal and others like it have created a firestorm among privacy advocates, who worry that any collection of identity data housed in a database will be used as a national identity system to track and monitor people. "We regard it as a frightening proposal, and we're opposed to it," said Barry Steinhardt, associate director of the American Civil Liberties Union.

Beth Givens, executive director of the Privacy Rights Clearinghouse, has spoken with more than 4,000 victims of identity theft, and she understands law enforcement's frustration with the current system.

"On the one hand, I can agree that the use of some kind of biometrics would be pretty much a foolproof way of determining the authenticity of credit applicants, driver's license applicants and the like, but the cure could well be worse than the disease," she said. "Because in order to get a fully functioning biometrics system in place, you're going to have to have a massive database of everyone's thumbprints, and when you've got that in place, I think we can count on that being used for other purposes, like social control."

The protests have had an impact. Washington state voters defeated a measure that would have required fingerprinting of licensed drivers, and the New York State Assembly didn't even consider the prospect when it put together a landmark identity theft legislative package of 14 bills this summer.

But despite the political danger, New York now takes fingerprints of welfare recipients to cut down on welfare fraud, and some states are implementing biometric measures at their driver's license bureaus. California, Texas, Colorado and Georgia all require drivers to give a thumbprint or fingerprint when they come in to request a new license or renew an old one.

Georgia, which began taking an index fingerprint on all its drivers three years ago, has seen a decline in the number of fraudulent licenses obtained. Texas, on the other hand, has been taking thumbprints for years, but with no database and no ability to cross-match the thumbprints, the system is not good at catching imposters.

Frank Elder, assistant chief of the Driver's License Division of the Texas Department of Public Safety, said the number of cases of identity theft has been rising, but that fingerprinting is helping investigators locate perpetrators at least some of the time.

"Unfortunately, by the time we get involved, it's after the fact," he said. "We can backtrack the file, look at the photo of the suspect and cross-match [his] fingerprint with law enforcement files, but we're dealing with such a paper trail that it's very difficult to catch the perpetrator."

Many imposters are able to flout the system with decidedly low-tech solutions, such as covering their fingers with airplane glue, which when dry covers the skin's ridges and makes fingerprints useless. Abagnale noted that driver's license attendants are not law enforcement agents. "It takes some know-how to get a good print," he said. "You've got to roll it from left to right and if you don't do it just right, you're going to end up with something unreadable."

Many states try to stop fraud by asking for additional pieces of identification, such as a Social Security number and an original birth certificate. Both measures, however, are easily stymied. The driver's license system is not integrated with the Social Security database, so there's no way to determine whether the number given is valid, and even if it is, the imposter likely got the number by stealing it along with other personal information.

In addition, most crooks can easily obtain birth certificates by applying for one and doing their own notarizing or by obtaining information from death records and using that information to obtain birth records. There's no computerized integration between the birth and death records departments.

Birth records departments are aware of the problem, but their solution focuses on the trees rather than the forest, said Abagnale, who has designed high-tech birth certificates for a number of states to guard against counterfeiting and alterations. The documents include high-tech mechanisms that void the document if someone tries to copy it or chemically alter it with bleach, acetone, hydrochlorides or some other substance. Nonetheless, "I tell them, 'This isn't going to stop an imposter from getting someone else's birth certificate,' " he said. "And their response is, 'Well, we know that, but that's another issue.' They don't seem to care about it."

In fact, many crooks-armed with high-tech computers, laser printers and scanners-avoid the whole fraud issue by moving directly to counterfeiting. In response, a large number of driver's license departments have designed high-tech digital documents bearing such security features as holograms, digital photos, magnetic stripes and encryption.

"Unfortunately, though, counterfeiting of driver's licenses is on the rise," said Sgt. Doug Richardson, who heads the Driver's License Fraud Unit at the Georgia State Patrol. He said the bureau has implemented secure digital licenses. "Unfortunately, technology has gotten so good that the crooks can create a pretty reasonable copy. They start out one step behind whatever we've implemented, but they catch up pretty quickly and move ahead of us."

Washington state, after watching its fingerprinting measure get defeated, compromised on the issue by funding a new digital license. The $3 million system, though, will not be built and implemented until 2001.

Nesel and other law enforcement officials have publicly criticized the measure as a huge waste of money. "As soon as someone comes in with an out-of-state license that's been obtained fraudulently or they come in with an original birth certificate in someone else's name, you've automatically crippled the system," Nesel said. "All you're doing is giving a false sense of protection."

Opposing Views, Same Goal

Privacy advocates say that the solution to preventing identity theft is a simple, three-step process: Curb the use of the Social Security number as a unique identifier for business use, a measure that has been introduced in Congress and defeated several times over the past decade; force credit-granting agencies to require more identifiers and shore up their credit card policies; and restrict all selling of personal information by credit bureaus, state and federal agencies, and marketing firms.

But few state officials believe that the federal government is going to get involved. Ultimately, the solution that keeps coming to the fore is a full-scale database with cross-matching capability.

The system, which already has been developed by 3M Corp., would involve a central processing system and a fingerprinting system. When someone wants to renew a driver's license, for example, she would lay her finger on a scanner, and the data would go to the central processing system. If the fingerprint was in the database, it would pull the matching information and a digital photo. If the photo matched the person standing in front of the counter, then a driver's license would be issued. The driver's license would look like a credit card, complete with a magnetic stripe or bar code that contained a digital encryption of the person's thumb print.

But if the person standing at the counter didn't match the digital photo, then that person would be detained on suspicion of fraud.

"Once the system was in place, there would be only one way to fool the system, which would be the first time you applied," Nesel said. "But after that, when you went back to renew under your name or someone else's name, you'd be caught and out of business."

Regardless of how effective such a system would be against fraud, privacy advocates argue fiercely that the information eventually would be misused. They point out that three states-Florida, South Carolina and Colorado-were recently caught selling their databases of digital driver's license photos to Image Data, a company in New Hampshire. The stated use of the photos was to give merchants a way to verify the identity of someone trying to write or cash a personal check. But the ACLU's Steinhardt said that the company's research was funded in part by the Secret Service.

"The real desire there is to create a nationwide photographic database for identification and tracking purposes," he said.

The privacy lobby's strong and united front has sent other states in search of legislative solutions. At least 15 states have introduced legislation that would make identity theft a unique crime with felony-level penalties. Massachusetts passed a sweeping package that provides protections for identity theft victims against having unpaid bills appear on their credit report when the victim has filed a police report and prohibits retailers, credit agencies and the Registry of Motor Vehicles from selling personal information without affirmative consent.

New York also has a number of bills on the table, including ones that would make identity theft a felony, prohibit agencies from selling personal information or digital photos, establish more credit card activation procedures and safeguards, establish new penalties for the misuse of birth and death certificates, and regulate the selling of consumer credit information.

"We are trying to close the loop on certain things that are very obvious," said New York Assemblywoman Audrey Pheffer. "But we'll have to keep adding new laws. Technology is moving so quickly that it's hard for the law to keep up."

Ultimately, privacy advocates and state officials said that states may have to unite and turn up the pressure on the federal government to solve this crime. "It's going to take a federal solution, beginning with changes in the way the Social Security number is used and the free and easy access businesses have to people's credit reports," Abagnale said. "Even with totally secure licenses and biometrics, the best the states can hope for is to Band-Aid the situation. And so the federal government had better take this issue up and soon."

Otherwise, as more and more victims find themselves in the fight of their lives to hang onto and recover their good names, it could end up being too late.

Heather Hayes is a free-lance writer based in Stuarts Draft, Va.

***

Biometrics

Literally, biometrics means "life measurement." It's always been controversial, but as technology continues to march forward, there seems to be no limit to the types of body parts that reveal a person's unique identity. Here are some of the current biometric technologies being considered for use in systems by government agencies, banks and security organizations.

Fingerprinting

Retina scanning

Iris scanning

Voice recognition

Facial recognition

Handwriting analysis

Hand print recognition

Hand vein geometry

***

Educating the Public

New York Attorney General Eliot Spitzer is so concerned about identity theft that a link to a prevention tip sheet holds a prominent position on his office's home page (www.oag.state.ny.us) under "News to Use."

"Unfortunately, public awareness about this crime is very low," an Attorney General's Office spokesperson said. "People just don't realize that it's out there until it happens to them or someone they know. And then, unfortunately, it's too late."

The site (www.oag.state.ny.us/consumer/tips/identity_theft.html) includes a short article that spells out how the crime occurs, how often it happens, what consequences a victim experiences and how to get help. Among the protection tips:

* Be careful who you give personal information to, including such key identifiers as your Social Security number and your mother's maiden name.

* Never provide any personal information, bank account numbers, or credit card information to anyone who contacts you through a telephone solicitation.

* Keep items with personal information in a safe place and keep a list of all credit cards, account numbers, expiration dates, and customer service numbers in a safe but easily accessed place so you can contact creditors if your credit cards are stolen.

* Destroy all ATM and bank receipts, old insurance forms, bank checks, expired credit cards, and any other papers that include personal information-including pre-approved credit card applications.

* Minimize the number of credit cards and items containing personal information that you carry with you.

* Mail letters containing checks, invoices or personal information from the post office mailbox rather than your unsecured home mailbox.

* Give out your Social Security number only when necessary.

* Closely monitor your credit card statements and your credit reports.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.