Consumer Alert: Identity Theft on the Rise
Jun 19, 2004 1:30 AM PT
Crime is turning from a blue-collar to a white-collar profession. Rather than taking out guns and robbing convenience stores, criminals are performing "virtual robberies" where they use computer technology to steal a person's identity. From a criminal perspective, these crimes are simple to commit, they carry lighter sentences and they can be more lucrative than armed robberies.
As a result, identity theft has become more common. The Federal Trade Commission (FTC) estimates that 9.9 million U.S. residents were victims of identify theft in 2003. During that year, businesses and financial institutions lost US$48 billion and consumers spent $5 billion in out-of-pocket expenses.
Stealing the identity of another person and using his or her credit to obtain goods and services is not a new idea, but the ubiquity of the Internet has enabled criminals to devise clever schemes that make this species of crime more attractive. One technique, called "phishing," consists of generating e-mail messages that ask consumers to click on a link to review their account data.
The message looks like an inquiry from a legitimate company -- AOL, BestBuy and PayPal, for example -- but whisks users away to a bogus Web site and then asks them to input sensitive data, such as social security numbers, credit card information or account data. Criminals use that information to open up new accounts or extend existing services that are never paid.
The Internet has also made it simpler for crooks to get personal information. Another scheme involves asking municipal officials for a dead person's birth certificate -- typically the issuer does not cross-check birth information with local death notices. After obtaining a birth certificate, a thief can use it to obtain a driver's license or credit cards.
Sifting Through the Garbage
While the focus recently has been on high-tech ways of gaining account numbers or social-security data, criminals still rely on traditional methods. "In a person's garbage, there may be an account number, or in a mailbox, there may be information about a current or a new credit card," said Jordana Beebe, communications director at the Privacy Rights Clearinghouse.
The bad guys have become smarter and less conspicuous in using this kind of information. One crime ring took telephone account numbers from Bell South and then routed a few long-distance calls each month through customer numbers.
"It took the company a while to figure out the source of the problem since there didn't seem to be any direct connection among the various customers," said M.E. Kabay, a professor at Norwich University who specializes in security issues. As a result, identity theft can be a lucrative business: The FTC found thieves obtain an average of $4,800 from each victim.
While there has been a growing awareness about identity-theft problems, that hasn't translated into a sense of urgency in trying to prevent it. "Law enforcement officials view identity theft as white-collar crime, and often have not pursued it as aggressively as they should have," said Jay Foley, co-executive director at the Identity Theft Resource Center.
Few Crooks Are Caught
One reason might be that these crimes present challenges to law-enforcement agencies. Because the crime is often committed remotely, the responsibility for tracking down the crooks becomes a bit nebulous. Also, police officers might not have the proper training to identify and then arrest local identity thieves.
As a result, estimates suggest that only one out of every several hundred identity theft criminals are caught. Once the criminals are apprehended, their sentences are much weaker (usually misdemeanors) than individuals who perform armed robbery, which is typically a felony.
Banks and credit card issuers also sometimes turn a blind eye to the problem. They make money when customers fail to pay their bills in full each month. Financial institutions recoup their bad debt by raising customer fees or interest rates. So the rising volume of identity thefts means customers pay more.
A variety of products are available that could help financial institutions reduce the number of identity-theft incidents. Biometric products -- which rely on physical identifiers, such as fingerprints or iris scans to identity individuals -- could help protect personal information.
In addition, firms such as Vericept have developed identity-theft and fraud-management software that can scan traffic flowing over ports on switches and routers. Vericept's software watches for about 60 categories of personal information, including social security numbers, driver's licenses and dates of birth.
If the Vericept software sees suspicious activity in terms of this type of data leaving the organization by HTTP, FTP, e-mail, instant messaging or peer-to-peer file-sharing, it notifies the security manager about it.
Financial Institutions Balk
But the different strategies available for fighting identity theft have not been widely implemented. "Financial companies could take steps, such as putting photos on all credit cards or using fingerprints to verify each transaction, that could help to minimize identity theft," Norwich University's Kabay told TechNewsWorld. "But they appear unwilling to do that because they don't want to increase their operating expenses."
As a result, consumers are victimized long after the robbery has taken place. For example, they are responsible for proving their case to their financial institutions when they discover their identities have been stolen. The FTC found that the average out-of-pocket expense per victim of identity theft was around $500.
"Recently, consumers have gained a better understanding about the impact of identity theft," Identity Theft Resource Center's Foley told TechNewsWorld. "Now they need to take that knowledge and force financial institutions and law enforcement agencies to do a better job of making sure it doesn't occur."