General security

Identity Theft: The Means, Methods and Recourse

Daniel Dimov
January 14, 2013 by
Daniel Dimov

Introduction

Identity theft occurs when a person uses the identity of another person with the intent to obtain benefits illegally. The victim of the identity theft may not only suffer financial loses but also other adverse consequences, such as reputation harm. For example, in 2000, Michelle Brown, a victim of identity theft, testified before a U.S. Senate Committee Hearing on Identity Theft that the thief not only damaged her credit, but also used her name to conduct drug trafficking. This resulted in a warrant for her arrest.

This article aims to provide the reader with knowledge which is important for understanding identity theft. In particular, the present contribution describes critical data to commit identity theft (Section 2), the methods used for committing identity theft (Section 3), and the institutions to which a victim of identity theft needs to complain (Section 4). Finally, a conclusion is drawn.

Critical data to commit identity theft

In order to commit identity theft, the thief needs to obtain personally identifying information from the victim including: name, date of birth, and common knowledge information about the victim (Section 3.1); social security number (SSN) driver's license (Section 3.2); credit card information (Section 3.3), personal identification numbers (PINs) and passwords (Section 3.4); photo (Section 3.5). Then, the thief uses personal information of the victim to commit fraud or other crimes.

Name, date of birth and mother's maiden name

Name and date of birth

A person's name and his date of birth (DOB) can be used by a thief in conjunction with other information, such as SSN, to conduct identity theft. In this regard, it should be noted that the name, birth date and Social Security Number (SSN) are often termed "The Holy Trinity." The reason is that the combination of these three elements is sufficient to personally identify a person.

In the Internet, there are many freely available birthday databases. For example, at

http://www.birthdatabase.com/, you can easily reveal the DOB, the state, and city of a person. The information comes from official US government records. If your name and DOB is listed on one of these birthday databases, you can request for the removal of that information.

Common knowledge information about the victim

In some cases, information about the victim, such as their mother's maiden name, may be used by the thieves to access financial records and open new accounts in name of the victim. The reason is that various financial institutions may require such information to verify an identity of person when accessing financial information.

Social security number (SSN) and driver's license

Social Security Number (SSN)

The SSN is a nine-digit personal identification number that is used by people to pay taxes and apply for credit. The identity thieves may use SSN numbers to apply for credit, file false tax returns, and open bank accounts in the victims' name.

It should be mentioned that in the US, the public sector, particularly state and local governments, have become infamous for publishing SSNs on public records accessible through the Web or by visiting the local office of the agency. In 2006, the U.S. Government Accounting Office (GAO), the investigative arm of Congress, published a report discussing the potential for identity theft posed by SSNs included in public records. According to the GAO, 85 percent of the largest, most populated counties surveyed published records that may contain SSNs. In most cases, SSNs can be found in state and local court files as well as local property ownership records.

Driver's license

A driving license contains an identification number. This identification number can be used by the thief for the creation of a fake driver's license number containing the thief's picture.

2.3 Credit card information

Credit card information can be used by the identity thieves to commit credit card fraud allowing them to buy goods or withdraw funds on behalf of the victim. In order to obtain credit card information, the identity thieves may steal a physical card or obtain it electronically through a hacking attack.

It is worth mentioning that, according to Unisys Security Index in March 2012, identity theft and credit and debit card fraud is the number one fear of Americans. The fear of credit card fraud supersedes that of terrorism, computer and health viruses and personal safety.

Personal Identification Numbers (PINs) and Passwords

Personal Identification Numbers

A Personal Identification Number (PIN) is a four- (or more) digit number used to access a bank account when using an ATM card. In order to capture the PIN of a victim, criminals install a hidden camera near the ATM, secretly filming what the victim enters on the keypad. These cameras normally look like a genuine part of the ATM, which is why the victim may not recognize the danger.

Criminals may also use devices to copy the details from a credit card until the person uses it at an ATM. The stolen data can be used to clone the credit card and make a copy of it. If they know the PIN number, they may use the cloned card to withdraw funds at an ATM or order products and services through the Internet.

Passwords

The term password refers to a secret word or string of characters used for authentication of a user. By obtaining the passwords of a victim, an identity thief may access her email accounts, online bill paying services, and more.

2.5 Photo

An identity thief may use a photo of another person in order to obtain benefits. For example, in 2011, State Representative Kim Hunter Rose found out that another person created a second Facebook account in her name. The identity thief used her real picture. It should be noted that identity thieves stealing Facebook accounts often send messages containing requests for money.


3. The methods used for committing identity theft

Below, I will mention 15 of the most commonly used methods for identity theft.

  1. Collecting confidential information from employees by employers who have privileged access to the employers' systems.
  2. Collecting data from RFID-enabled passports by using wireless credit card readers.
  3. Communicating with strangers on social networks with the aim of obtaining confidential information.
  4. Observing the people while typing their PINS, Passwords, or other confidential information.
  5. Obtaining common knowledge information about the victim allowing the thief to compromise the account of the victim. For example, common knowledge information may allow the thief to answer questions, such as "What was your first pet's name?" and "What's your mother's maiden name?".
  6. Looking for confidential personal information in a person's trash.
  7. Obtaining confidential information through the publication of bogus jobs.
  8. Obtaining confidential information from electronic devices that are publicly disposed or sold.
  9. Obtaining information from official registers.
  10. Obtaining personal confidential information from online forums, newspapers, and other publications.
  11. Randomly trying to guess weak passwords
  12. Sending messages on behalf of trusted organizations in order to persuade the victims into disclosing their personal information.
  13. Stealing personal information through hacker attacks.
  14. Stealing physical documents, such as passports, by pickpocketing or housebreaking.
  15. Using cameras to capture the information from bank or credit cards or using devices obtaining information about bank or credit cards while the victim uses the card.

The institutions to whom a victim of identity theft should complain

A victim of identity theft should immediately inform local law enforcement officials. Moreover, depending on the country, the victim may have to contact other institutions. For example, in the US, the victim of an identity theft should file a complaint, not only with the local enforcement office, but also with the Federal Trade Commission (the FTC). The information in the complaint submitted to the FTC may be used as part of an Identity Theft Report. The latter is an important tool in recovering from identity theft. Moreover, an ID Theft Complaint submitted to the FTC may help law enforcement agencies catch identity thieves. It would also be wise to contact your bank and credit card issuer to cancel your current cards and order new ones in case they were also compromised.

Conclusion


Identity theft is serious crime. It is punishable by many years in prison, a fine, and restitution for the stolen funds. Nevertheless, every year, millions of people are victims of identity theft. The data stolen through identity theft may include the name of the person, his date of birth, common knowledge about the victim, social security number, driver's license, credit card information, and photos.

As explained above, these data can be obtained in many different ways varying from looking at rubbish to the publication of bogus jobs. To protect against identity theft, consumer need to take many preventive steps. These steps are mentioned in various materials published on the Internet. The publications of the FTC are a good source of information on how to prevent identity theft.

If the identity thief succeeds to commit identity theft, the victim needs to immediately call the local law enforcement office as well as any other institution responsible for receiving identity theft complaints. The quick actions may stop the identity thief from doing more damage.

References

  1. Arata Jr., M., 'Identity Theft for Dummies', John Wiley & Sons, 2010.
  2. Hoffman, S., McGinley, T., 'Identity Theft: A Reference Handbook', ABC-CLIO, 2010.
  3. Loberg, K., 'Identity Theft: How to Protect Your Name, Your Credit and Your Vital Information - And What to Do When Someone Hijacks Any of These', Silver Lake Publishing, 2004.
  4. Strack, J., 'Identity Theft: The Thieves Who Want to Rob Your Future', Thomas Nelson Inc, 2006.
  5. Breaux, M., 'Identity Theft: Reclaiming Who God Created You to Be', Zondervan, 2007.
  6. Stickley, J., 'The Trusth About Identity Theft', FT Press, 2008.
  7. McNally, M., 'Identity Theft in Today's World', ABC-CLIO, 2011.
  8. U.S. Social Security Administration, 'Identity Theft and Your Social Security Number', GPO FCIC, 2007.
  9. Stamp, B., 'Identity Theft: Prevention and Victim Assistance', Credit Reporting Agency, 2007.
  10. Hess, K., Orthmann, C., 'Criminal Investigation', Cengage Learning, 2009.
  11. Morley, D., Parker, C., 'Understanding Computers: Today and Tomorrow, Introductory', Cengage Learning, 2010.
  12. Kelly, D., 'The Official Identity Theft Prevention Handbook: Everyone's identity has already Been Stolen - Learn What You Can Do About It', Sterling & ross Publishers, 2011.
  13. Cullen, T., 'The Wall Street Journal complete identity theft guidebook: how to protect yourself from the most pervasive crime in America', Three Rivers Press, 2007.
  14. Priganc, M., 'Identity Theft: The Personal Guide, Cold Hard Reality', Lulu.com, 2008.
  15. Holtzman, D., 'How to Survive Identity Theft: Regain Your Money, Credit, and Reputation', Adams Media, 2009.
Daniel Dimov
Daniel Dimov

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (www.dimov.pro), a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.