Sign In / Sign Out
Navigation for Entire University
- ASU Home
- My ASU
- Colleges and Schools
- Map and Locations
This guide addresses identity theft, describing the problem and reviewing factors that increase the risks of it.† It then identifies a series of questions to help you analyze your local problem. Finally, it reviews responses to the problem, and what is known about them from evaluative research and police practice.
† The term identity fraud is sometimes used to include the whole range of identity theft related crimes (Economic Crime Institute 2003).
Identity theft is a new crime, facilitated through established, underlying crimes such as forgery, counterfeiting, check and credit card fraud, computer fraud, impersonation, pickpocketing, and even terrorism. It became a federal crime in the United States in 1998, with the passage of the Identity Theft Assumption and Deterrence Act.1 This act identifies offenders as anyone who
…knowingly transfers or uses, without lawful authority, any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.
A significant feature of identity theft is the offender's repeated victimization of a single person. This may include repeatedly using a stolen credit card, taking over a card account, or using stolen personal information to open new accounts.‡
‡ A victimization survey conducted by the Federal Trade Commission (FTC) found that 16 percent of victims whose credit cards were misused said the people responsible had also tried to "take over" the accounts by doing such things as changing the billing address or adding themselves to the card as an authorized user (Federal Trade Commission 2003a).[Full Text]
Congressional hearings on identity theft in the 1990s revealed that police generally did not regard those whose identities had been stolen as the true victims, since the credit card companies took the financial loss. In addition, the companies typically did not report their losses to local police (or to anyone else, for that matter). Studies also showed that victims rarely reported the loss or theft of a card to the police, since they believed that the card company would cover the loss. However, because the repeated use of a victim's identity caused serious disruption and emotional damage, more victims began to report the offense.
It is likely that your initial exposure to identity theft will be the request of a victim for a police report about the incident. Credit-reporting agencies now require that victims do so as part of the an "identity theft affidavit." that the victim submit a police report. Until recently, victims had a hard time getting such reports from the police. However, in response to growing media coverage and congressional testimony concerning identity theft, the International Association of Chiefs of Police (IACP) adopted a resolution in 2000 urging all police departments to provide incident reports and other assistance to identity theft victims.† It is also possible that people you have stopped or questioned have given you a fake ID—or a legitimate ID acquired with a false or forged document.
† "WHEREAS, reports of identity theft to local law enforcement agencies are often handled with the response 'please contact your credit card company,' and often no official report is created or maintained, causing great difficulty in accounting for and tracing these crimes, and leaving the public with the impression their local police department does not care.… RESOLVED, that the International Association of Chiefs of Police calls upon all law enforcement agencies in the United States to take more positive actions in recording all incidents of identity theft and referring the victims to the Federal Trade Commission…" (International Association of Chiefs of Police 2000).
It is difficult, though not impossible, for local police to influence some important factors that contribute to identity theft. These concern
That said, this guide will help you determine what you can do to prevent identity theft and help victims in your jurisdiction.
The following problems are closely related to identity theft, but not specifically addressed in this guide:
Data sources vary in quality and often provide conflicting or different estimates, especially concerning the extent and cost of identity theft. A recent problem is the tendency of businesses to exaggerate the threat of identity theft to sell products tailored to prevent it, such as insurance or software. Several sources supply data on identity theft:
The FTC's 2003 victimization survey provides the most reliable information to date.13
Understanding the factors that contribute to your problem will help you frame your own local analysis questions, determine good effectiveness measures, recognize key intervention points, and select appropriate responses. There are few scientific studies on identity theft victims, offenders, or incidents, though there are studies on some identity theft-related crimes such as check and credit card fraud.†
† See the POP Guide on Check and Card Fraud.
Regarding victims, the most important findings concern the time taken to discover the theft:
Victim characteristics are probably not related to identity theft vulnerability, though more research is needed in this area. The average age of victims is 42. They most often live in a large metropolitan area, and typically don't notice the crime for 14 months. Evidence suggests that seniors are less victimized by identity theft than the rest of the population, though they can be targeted in specific financial scams that may or may not involve identity theft.‡ African Americans may suffer more from non-credit card identity theft, especially theft of telephone and other utility services, and check fraud.16
‡ See the POP Guide on Financial Crimes Against the Elderly.
Regarding offenders, data from the above sources suggest they are attracted to identity theft for two important reasons:
† You can find out anyone's social security number for a small fee. Just visit http://www.docusearch.com/, or check out Undercover Press at http://www.aaffordable.com/best-sellers.html, which promotes itself as the "no questions asked source for Birth certificates, social security cards, city IDs, press cards, Diplomas, credentials of almost any kind including badges and police IDs."
Familiarity between victim and offender provides opportunities for identity theft because of the availability of personal information among relatives, coworkers, and others. According to the 19992001 FTC complaint files (see figure below), close to 11 percent of the complainants knew the offender. The FTC's 2003 survey found that 86 percent of victims had no relationship with the thief.17 However, other sources claim closer to 60 percent of victims knew or had some information about the offender.18
Offenders' opportunities to commit identity theft may be classified under two broad categories: place and guardianship.The trouble is that committed offenders know very well where to find personal information, and the guardianship is not too effective.
Offenders can generally find peoples personal information in three places:
These all can offer opportunities to thieves, depending on how well they are protected.
People are generally casual about protecting their personal information, even though they indicate in opinion polls that they are very concerned about doing so.19
† In a study of 400 households in Nottingham, England, 40 percent of trashcans contained documents listing full credit and debit card numbers, as well as names, addresses, and expiration dates (Davis 2002).
There is an enormous amount of personal information available, and it is incredibly easy to obtain. Government agencies and businesses keep computerized records of their clients. They may sell or freely provide that information to other organizations.‡ Often, all that is needed is one form of identification, such as a driver's license, and an offender can obtain the victim's mother's maiden name, social security number, etc.§ Many identity theft crimes are committed by employees of organizations that maintain client databases. For example, a widely publicized Detroit case involved an identity theft ring in which employees of a major credit card company stole customer information.20 Procedures for authenticating individual identities are often inadequate. Establishing a given person's "true identity" is a complex task. It requires the careful assessment of
‡ U.S. residents do not own personal information contained in agency databases, so they have little control over how that information is used. Recent "opt-out" laws allow people to prevent their information from being provided to others, but these laws are not widely publicized.
§ Social security numbers are not so secure. A recent study estimated that 4.2 million people have managed to acquire alternative numbers (Finch 2003) [Full Text]
Many agencies and businesses make only a cursory attempt—if any—to assess these.
The notoriety of identity theft rose with media coverage of the dangers of buying and selling on the Internet.† However, the ways offenders steal identities are decidedly low-tech. Computer hackers aren't necessarily geniuses; sometimes they simply obtain a password by trickery or from a dishonest insider. Some methods are more popular than others, as is clear from Figure 1, which is based on data collected by the FTC and reported by the General Accounting Office. In general, these data indicate that offenders make the most of the easiest available opportunities:
† Available data indicate that Internet-related identity theft constitutes a small proportion of all identity theft, probably less than 20 percent. However, there are many definitional problems here. For example, just one act of hacking into a database may reap thousands of credit card numbers and other personal data. These are then used to commit thousands of identity thefts offline. So it is wise to reserve judgment on this issue for now.
Offenders use victims' personal information in countless ways. Some of the most common examples follow:
Classifying identity theft into types is difficult, as it involves a wide variety of crimes and related problems. However, the acknowledged motives for identity theft can be used to construct a simple typology. Research indicates that the two dominant motives for identity theft are financial gain and concealment (either of true identity or of a crime).† These motives are mediated by the offenders' level of commitment to the task and the extent to which offenders are simply opportunists taking advantage of the moment.
† The FTC survey reported that 15 percent of ID theft victims in the past five years had their personal information misused in nonfinancial ways. The most common such misuse was for the offender to give the victim's name and identifying information when stopped by law enforcement or charged with a crime (Federal Trade Commission 2003a).[Full Text]
Professionals who seek out targets and create their own opportunities—usually in gangs—have a high level of commitment. A lot of planning and organization is involved. Some lone offenders also display considerable commitment and planning, especially in regard to concealing personal history. Offenders with low commitment take advantage of opportunities in which ID theft appears to solve an immediate problem; thus their identity thefts are "opportunistic."
As seen in Table 1, there are four types of identity theft, based on the combinations of commitment and motive. Of course, any single case could reflect aspects of more than one type.
High commitment (lots of planning)
Organized. A fraud ring systematically steals personal information and uses it to generate bank accounts, obtain credit cards, etc. (See box below.)
Individual. The offender sets up a look-alike Internet website for a major company; spams consumers, luring them to the site by saying their account information is needed to clear up a serious problem; steals the personal/financial information the consumer provides; and uses it to commit identity theft.
Organized. Terrorists obtain false visas and passports to avoid being traced after committing terrorist acts.†
† An Algerian national facing U.S. charges of identity theft allegedly stole the identities of 21members of a Cambridge, Massachusetts, health club and transferred the identities to one of the people convicted in the failed 1999 plot to bomb Los Angeles International Airport (Willox 2002). [Full Text]
Individual. The offender assumes another's name to cover up past crimes and avoid capture over many years.
Opportunistic (low commitment)
An apartment manager uses personal information from rental applications to open credit card accounts.
The offender uses another's name and ID when stopped or arrested by police.
Organized. In this type of identity theft, a group or gang carefully plans and orchestrates the crimes. Indeed, while it is widely believed that committing identity theft is easy because of the numerous opportunities described above, carrying out a truly successful identity theft requires considerable organization and preparation:
Research has shown that organized criminal gangs in Southeast Asia manufacture plastic cards using stolen identities. These are then marketed on the street in large U.S. and European cities. Street fraudsters tend to specialize in particular types of card fraud. They use highly sophisticated techniques to avoid detection either when using the card in a retail store or when converting purchased goods into cash. They tend to work in small gangs, deal in high volume, and operate in high-population areas, usually 50 miles or more away from where they live.
A Classic Case of Organized Identity Theft for Financial Gain
Jane Sprayberry handed over her driver's license to an American Express customer service representative who had asked for it in order to replace Jane's lost credit card. True to the Amex promise, she received the replacement card without delay. The only trouble was that the recipient was not the real Jane Sprayberry. The driver's license had her name on it, but the photograph was not of her. In no time, the imposter ran up a big bill on high-priced jewelry, clothing, and appliances. Just a week before, Jane's husband's bank account had been emptied and his credit card cloned. A coincidence? Not at all. A ring of fraudsters in Detroit had gotten jobs at large businesses and had collected reams of personal information: personnel records, credit records, old rental-car agreements. Those offenders who were eventually caught had bags and books full of such records—records they had used over several years. They had run up an average of $18,000 in credit card charges per victim. And they had sold identities on the street for around $25 each. It took the real Jane Sprayberry and her husband more than six months to clean up the mess.23
Individual. Individuals may become strongly committed to the crime once they discover, after casually using someone's identity, how easy it is to get away with doing so. For example, someone with a drug habit may regularly buy stolen credit cards on the street (stolen cards are cheaper if others have used them), to raise money to buy drugs.
The second type of identity theft occurs when the offender takes advantage of the access he or she has to the personal information of friends, family, or others. Examples include the following:
Organized. Terrorism is the most recently cited instance of organized groups' stealing identities to conceal illegal activities, and to make tracking their true identities much more difficult after they've committed crimes. Authorities claim that all 19 of the September 11 terrorists were involved in identity theft in some way.24 This resulted in the mistaken arrest of people whose identities had been stolen.
Individual. Covering up past crimes is a major reason for individuals to steal or assume anothers identity. Kathleen Soliah, wanted for various bombings and attempted murder in relation to her activities in the Symbionese Liberation Front in the late 1960s, assumed the identity of Sara Jones Olson (a common Scandinavian surname in Minnesota). She evaded capture for 23 years, and in the meantime became a doctor's wife, mother of three, community volunteer, veteran of charity work in Africa, and practicing Methodist living in an upscale neighborhood in St. Paul, Minnesota.
Sources on the web make it easy for people to hide their identities.
The most common type of opportunistic identity theft for concealment occurs when an offender gives the name of an acquaintance, friend, or family member when stopped, questioned, or arrested by police. Examples include the following:
You may order free bound copies in any of three ways:
Phone: 800-421-6770 or 202-307-1480
Allow several days for delivery.
Send an e-mail with a link to this guide.
Error sending email. Please review your enteries below.
Separate multiple addresses with commas (,)
Please limit your note to 200 characters.