Identity theft

Identity theft is essentially the impersonation of someone in order to gain use of their resources or, occasionally, to escape the consequences of previous criminal behavior. The most common motive for identity theft is to gain access to a person’s financial resources, such as credit cards or checking accounts, or to obtain credit or services. (Some-times a distinction is made between identity theft, where the victim’s identity is assumed and effectively becomes the perpetrator’s identity, and identity fraud, where infor-mation is only used long enough to complete particular transactions.)

Identity thieves must first obtain the necessary informa-tion to pose as their victim. This can be done by physically obtaining such items as checks, receipts, credit offers, and so on from the trash or mail. Information such as name, address, account numbers, and the ultimate prize, the Social Security number, can then be used, for example, to apply for credit in the victim’s name, or buy goods and have them shipped to the perpetrator’s address.

People can minimize the risk of physical identity theft by securing their mail and shredding sensitive documents. However, the fastest-growing venue for identity theft is online. The online world presents additional opportunities to the criminals, the necessity of new precautions, and dif-ficult challenges for law enforcement.

Digital information useful for identity theft can be obtained in a variety of ways. It can be physically stolen in the form of laptops or portable storage devices or obtained electronically by breaking into and compromising computer systems (see computer crime and security). Programs can exploit operating-system or software flaws to travel from one networked PC to another and e-mail informa-tion back to the perpetrator (see computer virus). Finally, users can be coerced, enticed, or otherwise tricked into providing the information (such as passwords) themselves, via authentic-looking institutional Web sites (see phishing and spoofing).

Incidence and Prevention

According to various surveys, the incidence of identity theft increased substantially between 2001 and 2003. There are conflicting views of recent trends. Data for 2006 from Jav-elin Strategy and Research suggests a decrease (10.1 mil-lion U.S. adult victims in 2003 and 8.9 million in 2006). However, data from the Federal Trade Commission records 246,035 actual complaints of identity theft in 2006, mak-ing it by far the number one item on its list of consumer fraud complaints. (Of these, 25 percent reflected credit card fraud, and phone/utilities fraud and bank fraud each repre-sented 16 percent.)

To give some further perspective, according to the Inter-net Crime Complaint Center (a joint program of the FBI and the National White Collar Crime Center), identity theft amounted to only 1.6 percent of reported cyber crimes. (Credit card or check fraud without confirmed identity theft added up to 9.7 percent.) Nevertheless, however mea-sured, it is clear that identity theft remains a very serious problem.

Until recent years, response to identity theft complaints by law enforcement tended to be ineffectual and frustrat-ing to victims. This was probably due to a combination of circumstances, including many police officers being unfa-miliar with the nature of the crime or technology involved, unsure about how to proceed, and not even certain they had jurisdiction. This situation has improved considerably, however, with national organizations, greater interagency cooperation (including between federal, state, and local agencies), and strong and explicit laws against identity theft and fraud. (The Identity Theft and Assumption Deterrence Act of 2003 now makes possession of “any means of iden-tification” to “knowingly transfer, possess, or use without lawful authority” a federal crime.)

The main goal for consumers, however, should be pre-vention. Steps that can greatly reduce the chance of becom-ing a victim of online identity theft include:

•  Keep security software (antivirus, antispam, antispyware) up to date.

•  Do not click on links in e-mail that purports to be from a financial institution, government agency, online merchant or auction service. Use the browser’s address box to go directly to the relevant site.

•  Do not post addresses, account numbers, or Social Security numbers online, including chat rooms or social networking sites. Teach children likewise, and consider installing software that can block the post-ing of such information.

•  Make sure that the financial institutions and mer-chants that one uses have acceptable privacy poli-cies and policies for dealing with “data breaches” and other loss of sensitive information.

•  If you suspect you have been victimized, go to a site such as the Identity Theft Resource Center or the Privacy Rights Clearinghouse to learn how to stop further losses and reestablish credit and accounts.