Responses to the Problem of Identity Theft
Your analysis of your local problem should give you a better understanding of the factors contributing to it. Once you have analyzed your local problem and established a baseline for measuring effectiveness, you should consider possible responses to address the problem. As noted at the beginning of this guide, some of the risk factors relating to identity theft may lie beyond the immediate influence of local police, or they may appear to lie beyond the usual scope of local police responsibility. These include
- Preventive measures businesses should take to safeguard their records from employee misuse or from outside intrusion
- Marketing or authentication practices of credit card or retail companies that make it easier for identity thieves to open card accounts or make fraudulent purchases
- Preventive measures government agencies should take to safeguard their records from employee misuse or from outside intrusion
- Technologies that make counterfeiting cards, checks, or other forms of identity easier for offenders
- Preventive measures people should take to safeguard their personal information
- Opportunities the Internet provides for purchase or theft of personal information
- Actions credit-reporting agencies take in response to victims' requests for help in repairing their credit records
However, studies of successful interventions to reduce or prevent check and credit card fraud have shown that there are things local police can do to impact some of the above factors. It requires the development of various partnerships with local and state government agencies and with businesses.†
† See the POP Guide on Check and Card Fraud.
The following response strategies provide a foundation of ideas for addressing your particular problem. These strategies are drawn from a variety of research studies and police reports. Several of these strategies may apply to your community's problem. It is critical that you tailor responses to local circumstances, and that you can justify each response based on reliable analysis. In most cases, an effective strategy will involve implementing several different responses. Law enforcement responses alone are seldom effective in reducing or solving the problem. Do not limit yourself to considering what police can do: give careful consideration to who else in your community shares responsibility for the problem and can help police better respond to it. In the case of identity theft, there are clear implications for businesses, other government agencies, and consumer advocacy groups.
General Considerations for an Effective Response Strategy
As we have seen, identity theft is a complex crime, composed of many sub-crimes and related to many other problems. Thus,identity theft crimes fall under the authority of many different agencies, including the local police, Secret Service, Postal Inspection Service, FBI, Homeland Security, local government offices, and motor vehicle departments, to name just a few.Regional and state law enforcement agencies may have established multi-agency task forces to combat identity fraud. For example, the Financial Crimes Task Force of Southwestern Pennsylvania consists of local law enforcement, Secret Service agents, and postal inspectors. At a minimum, multi-agency task forces should include motor vehicle departments and local and state government agencies that keep public records. These multi-agency task forces fulfill an important need because, at present, the Secret Service, which has primary responsibility for investigating identity theft, does not accept cases unless there is a financial loss of over $200,000 and a multi-state fraud ring is involved. This leaves many victims in the lurch.
Thus, it will be important for you to work with local agencies to coordinate responses, so that you can participate more fully in designing and implementing preventive strategies. In addition, if local police have the first official contact with the victim, they can be an important investigative resource. FTC data indicate that the victim often knows who the offender is, or has significant amounts of information about the offender. In 2003, 62 percent of the complaints in the FTC identity theft database contained information about the offender.
However, because of the complexity—and expense—of developing multi-agency task forces, your initial efforts should focus on local factors that will help reduce or prevent identity theft and mitigate the harm done to victims. Thus, the responses listed below are divided into two sections:
- Prevention: What to do to prevent identity theft from occurring in your jurisdiction.
- Victim assistance: How to respond to victims who come to you for help.
It should be emphasized that these two stages are closely related, and that collecting information in one stage helps in addressing the other. For example, obtaining information in the victim assistance stage will help you develop prevention strategies.†
† The costs to the victim—in terms of both out-of-pocket expense and time spent resolving problems—are substantially smaller if the misuse is discovered quickly. No out-of-pocket expenses were incurred by 67 percent of those who discovered misuse of their personal information within five months (Federal Trade Commission 2003b). [Full Text]
Finally, since identity theft occurs in conjunction with a variety of other crimes, and given the limited resources that may be available to you, it may not be feasible to address all such crimes at once. It may be more effective to be on the lookout for rashes of specific types of identity theft, such as credit card fraud or immigration fraud (if your jurisdiction is near an entry point). Focusing on a specific crime will make it easier to collect relevant information and to measure response effectiveness.
Specific Responses to Identity Theft
Prevention1. Raising businesses' awareness of their responsibility to protect employee and client records. Offenders steal many identities from inadequately protected business records. There are many common-sense, low-tech ways to protect databases. You may work through local business associations, or establish working relationships with local businesses. Do not assume that all, or even most, businesses are aware of the opportunities afforded identity thieves by poor protection of their records. Many businesses do not institute security procedures because they do not consider them cost-effective. Mindful of businesses' reasonable concern for profits, you should try to convince businesses that the costs of losing data, in terms of both their reputation with clients and possible lawsuits by victims, are much higher than those of following the many simple procedures to protect private information. State and/or federal laws such as GLB (Gramm-Leach-Bliley Act), HIPAA (Health Insurance Portability and Accountability Act of 1996), and FACTA (Fair and Accurate Credit Transactions Act) require certain businesses or institutions to protect information better. The Internet provides considerable information on how businesses should protect their records. The Privacy Rights Clearinghouse recommends the following practices:
- Conduct regular staff training, new-employee orientations, and spot checks on proper information care.
- Support and participate in multi-agency financial-crimes task forces.
- Limit data collection to the minimum of information needed; for example, limit requests for social security numbers.
- Put limits on data disclosure. For example, must social security numbers be printed on paychecks, parking permits, staff badges, time sheets, training program rosters, staff promotion lists, monthly account statements, client reports, etc.?
- Restrict data access to only those employees with a legitimate need to know. Audit electronic trails. Impose strict penalties for browsing and illegitimate access.
- Conduct employee background checks. Screen cleaning services, temp services, etc.
- Include responsible information-handling practices in business school courses, and even in elementary schools, if children have access to computers.
- Keep social security numbers out of general circulation.
- Prohibit the use of social security numbers to obtain a driver's license, health insurance ID, or other forms of identification.
- Prohibit the sale of social security numbers, available now on information-broker websites.
- Maintain central clearinghouses in each state for lost and stolen driver's licenses.
- Conduct better photo—and ID—checking for new, duplicate, and replacement IDs.
- Restrict access to birth certificates in states where they are now publicly accessible.
- Remove social security numbers and other sensitive information from public records, especially when accessible on the Internet.
- Conduct better identity verification, especially when the person's address is reported as changed or differs from what his or her credit report indicates.
- Conduct better identity verification for those using pre-approved credit cards. Don't rely solely on social security numbers. Have the person provide his or her utility bills, tax record address, etc.
- Improve identity checking procedures for "instant" credit, favored by identity thieves.
- Put photographs on credit cards, or other authentication indicators such as smart chips or PINs.
- Request additional ID when verifying credit card purchases at the point of sale.
- Enable customers to put passwords on credit accounts.
- Truncate digits on account numbers printed on receipts at the point of sale.
- Use account-profiling systems to detect unusual activity. Notify the consumer of possible fraud.
- Check if there is an existing account in the applicant's name.
- Check the social security master-death index.
- Reduce the number of pre-approved credit applications mailed to consumers. Don't mail such offers to anyone under 18. Print an opt-out phone number prominently on all such offers (1-888-5OPTOUT).
- Prohibit convenience checks, or at least provide an opt-out to credit card and bank customers.
- Take note of deliveries to houses that are vacant or up for sale
- Spot driver's license renewals and credit card statements that go to unfamiliar addresses
- Maintain records of applications to forward mail or packages (the Postal Service now requires people to show ID to submit a change-of-address or mail-forwarding application)
Victim Assistance6. Working with the victim. Victims have many protections under federal and state law that prevent them from being liable for unauthorized charges, withdrawals, or other unlawful activities of identity thieves. They also have rights regarding the accuracy of their credit reports. Police need to understand how consumers are protected, and provide victims with educational resources that explain their rights and the steps they need to take to assert them. The FTC's comprehensive guide, When Bad Things Happen to Your Good Name, and its website, www.consumer.gov/idtheft, provide consumers with the information they need to deal with fraudulent debts and any negative credit-report information resulting from identity theft.
Communicating with victims is important, as well.The most frequent complaint the Identity Theft Resource Center receives is that "the police just don't care." It is important to let victims know that the police do care and do understand. Remember that identity theft victims have been repeatedly victimized. Identity theft is an emotionally harmful crime. Furthermore, you should be aware that victims typically uncover more evidence in a case than do investigators, and more rapidly. Thus you should quickly develop a close working relationship with the victim. The steps you can take to do so are as follows:31
- Assure the victim that you will take a police or incident report and give him or her a copy. This is important because many, if not all, identity theft crimes fall under several jurisdictions. For example, the offender steals the credit card in one state and uses it in another; the card company is located in yet a different state; and the victim lives elsewhere. Even though there may be many cross-jurisdictional issues involved, you should immediately respond to the victim by preparing a police or incident report. Without one, the victim will have difficulty filing an identity theft affidavit. At a minimum, file a report with the FTC Consumer Sentinel database.
- Have available the Identity Theft Victim Guide, which outlines what steps a victim should take, and how the victim should prepare for the investigator's phone call or visit. It should be mailed to the victim, as well as available on your department's website. The guide should list what steps your department takes after receiving a complaint, and exactly what information and documentation the victim needs to provide when interviewed.
- Recommend that, for the initial meeting, the victim prepare a rough written draft of the case. The victim should provide his or her name and contact details; state when he or she discovered the fraud; list any fraudulent activity to date, in chronological order; list the affected accounts; and provide facts about the imposter, if any are known.
- At your initial meeting with the victim, he or she may be frustrated and angry. Inform the victim what it's like "behind the scenes" of a fraud investigation; what the procedures will be from this point forward; how soon it will be before a copy of the police report is available; when he or she will hear from you next; and what the chances are of catching the offender.
- Help victims to understand and exercise their rights under the federal credit laws. They will have to take many steps to restore their accounts, be released from fraudulent debts, and clean up their credit reports. Many of these steps must be followed up in writing. Therefore, direct the victim to Internet resources (such as the FTC website, www.consumer.gov/idtheft), or give the victim written materials that explain how the recovery process works. Help the victim secure the necessary paperwork, such as an identity theft affidavit, and give the victim a copy of the police or incident report regarding his or her case. Also give the victim information on how to contact the credit-reporting companies.
- Enter the victim's complaint information into the FTC's Identity Theft Data Clearinghouse, letting the victim know that you are doing so on his or her behalf, or advise the victim to file a complaint with the FTC, either online at www.consumer.gov/idtheft, or by calling 1-877-ID-THEFT (1-877-438-4338). Explain to the victim that while the individual identity theft complaint may not be enough to bring to a prosecutor, putting it into the national database will enable investigators across the country to combine it with any other complaints about the same offender, making prosecution more likely.
- Toll-free, dedicated phone lines were set up for employees to call the three major credit bureaus to warn of the theft.
- Employees received information packets on what to do to protect their identities and reduce damage, how to read credit reports, how a fraud alert on a credit file works, and so on.
- The state held workshops for employees, distributed videos, and launched a webpage with helpful informati
Free Bound Copies of the Problem Guides
You may order free bound copies in any of three ways:
Phone: 800-421-6770 or 202-307-1480
Allow several days for delivery.
Email sent. Thank you.
Send an e-mail with a link to this guide.
Error sending email. Please review your enteries below.
- To *
Separate multiple addresses with commas (,)
- Your Name *
- Your E-mail *
- Note: (200 character limit; no HTML)
Please limit your note to 200 characters.