Identity Theft

Professor Thomas Anastasia

ACT-520-A

4/26/18

Connor Marshall, Genevieve Fennell, Jamie King, Matthew Gibney,

Romina Santoro, Devin Kelly

 As time passes and technology gives way to information being readily available from

anywhere in the world, the increasing risk of fraud is something that people have to start taking

into consideration. Given that almost any person on earth can log onto a computer, implant a

virus on another person’s device through an email, and take sensitive information essential for

financial activities, the likelihood of someone being a victim to any type of fraudulent crime

increases exponentially. Among those white collar crimes that have seen a rise in activity over

recent years, identity theft looks as though it is the most popular. Unlike traditional theft, this

is a nonviolent crime which really requires little effort to pull off. Going into a neighbor’s

garbage can could easily provide the necessary documents to go take out a new mortgage on a

new home. If the criminal did want to get his or her hand’s dirty, just pick up a phone call

pretending to be an agent from the IRS. Jot down a few numbers on a notepad and the path to

potentially ruining another person’s financial existence is well on its way. Preventing and

stopping identity theft is almost impossible as it is as though the people with the leg up are

those committing the crime. However, understanding the crime itself, along with

precautionary measures is an essential step in making sure that the negative impact is at least

less severe.

Identity theft has become a serious issue for individuals and businesses. According to

Javelin Research’s 2016 Identity Theft Study, $15 billion was stolen from 13.1 million individuals

in 2015 (Kess, Grimaldi, & Revels 67). There are two major phases of combating identity theft:

prevention and recovery. Prevention is the focus of minimizing exposure. On the other hand,

recovery helps minimize the pain in terms of time and money. Identity theft and related

fraudulent activities affect approximately one in twenty-five adults each year across western
societies (Anderson, “Identity Theft Growing”). The Internet provides a new avenue for

obtaining identity tokens. Multiple programs, hacks, and deceptive techniques can be used to

access an individual’s personal information and increases the scale on which identity theft can

be perpetrated.

Over the years, identity theft, and fraud in general, is seemingly surpassing traditional

theft. According to author J. Craig Anderson, “identity theft is expected to surpass traditional

theft as the leading form of property crime. Security analysts say everyone should prepare to

become a victim at some point” (Anderson, “Identity Theft Growing”). The number of malicious

programs written to steal personal information has increased significantly to an estimated 130

million from about 1 million in 2007 (Anderson, “Identity Theft Growing”). Perpetrators have

learned that in order to be successful in their scams they need to expand the horizons. Hacking

larger companies and taking personal information from a wide pool of customers virtually

guarantees success on at least one occasion. When the fraud occurs, companies incur losses

such as legal costs and consulting fees. Ultimately, when the companies pay, the consumers

pay as well; in the form of higher retail costs or credit card fees. Unless the insurance policy

covers a vast majority of the losses, in most instances that is not the case, “most merchants are

content to clean up the damage from an attack, rather than pay for better preventive

measures” (Carrns et al., “Your Money”).

Identity theft and identity fraud are “terms used to refer to all types of crime in which

someone wrongfully obtains and uses another person's personal data in some way that involves

fraud or deception, typically for economic gain” (“Fraud Section, FRD”). One of the most

common ways that identity theft occurs is through “shoulder surfing”. This entails watching the
victim from a nearby place as they are providing credit card information over the phone

(Roberts, Indermaur, & Spiranovic 318). Most people receive pre-approved credit card

applications in the mail that get thrown in the trash without tearing it up. Fraud perpetrators

may retrieve the document and activate the card for their own use without the victim’s

knowledge. Criminals have utilized computer technology to steal extensive amounts of

personal data which includes social security numbers, place of residence, amount of income,

date of birth, and much more highly sensitive information (Roberts, Indermaur, & Spiranovic

318). With this material, fraudsters can commit crimes such as false applications on loans and

credit cards, fraudulent withdrawals from bank accounts, and unauthentic use of online

accounts.

Identity theft is especially prevalent in Arizona, which had more victims per capita than

any other state in 2010, with about 149 victims for every 100,000 residents (Anderson,

“Identity Theft Growing”). According to the Federal Trade Commission, identity theft also

occurs frequently in California, Florida, Texas and Nevada. (“Fraud Section, FRD”). Once a

stolen identity is used to apply for additional lines of credit, the victim can spend years trying to

resolve debt that is caused by thieves in their names. For an identity theft victim who needs to

borrow money, it can be a huge struggle because of their damaged credit scores. Others have

been forced to file bankruptcy and lose their homes.

A red flag is raised once an individual receives a letter stating that their personal data

was compromised in a corporate data breach (Kess, Grimaldi, & Revels 66). At that point, one

should become very vigilant about the situation. Based on an annual report provided by Javelin

Strategy & Research, the percentage of incident related to identity theft keeps on increasing
from year to year and some of the contributing factors to this increase are “new account” and

“account takeover” frauds (Anderson “Identity Theft Growing”). New account fraud means that

either an authorized credit card account or an entirely new bank account has been opened via

appropriate means. Account takeover fraud is when perpetrators have changed the victims’

contact information, such as a mailing address, in order to transfer money into their own

pockets so to speak. Data breaches that involve social security numbers are the most harmful

since new accounts can be easily opened and old accounts can be authenticated. Once another

individual has access to a person’s social security number, it is potentially catastrophic for the

victim as most financial endeavors can be started with just knowing that form of identification.

When a person receives a letter warning that their personal data was breached, it is

important to follow the appropriate steps. First, contact the company to make sure the letter

that was received is legitimate (“Fraud Section, FRD”). When validated, proactive steps should

be taken to ensure the damage is as minimal as possible. If the company reporting the breach

offers free credit monitoring, the consumer should take advantage of it (“Fraud Section, FDR”).

Other times, individuals who are victims of identity theft, will not be aware. Some of the

warning signs include receiving credit cards for which one did not apply, being denied of credit

for no apparent reason, or receiving calls from debt collectors about merchandise or services

one did not purchase (“Fraud Section, FDR”). Therefore, it is important to monitor balances of

financial accounts and look for unexplained charges or withdrawals. It is also important to

notice if you have stopped receiving bills, bank statements, or emails.

Unfortunately, many people do not even realize that they are victims of theft until the

damage is permanently done. Once the individual realizes they have been victimized, the first
step to take is to obtain a copy of the credit report from at least one of the three nationwide

credit bureaus (Carrns et al., “Your Money”). People should contact the credit bureaus by

phone but follow up the request in writing. A fraud alert is posted on the credit report which

initially lasts 90 days. After the 90 days, an extension is available and requires a copy of an I.D.

theft report to law enforcement (Carrns et al., “Your Money”). The fraud alert notifies lenders

to be more aware when reviewing credit. Individuals can request reports periodically from

Equifax, Experian, and Trans Union agencies to maximize their coverage. People should

thoroughly review their credit report so they can look for new unauthorized accounts, or

unexplained debts and inquiries. After the review is complete, disputed charges need to be

communicated to the reporting agency through a written letter. The letter should request the

agencies to correct the disputed charges (Carrns et al., “Your Money”). It is important to close

or renumber all business/creditors accounts by asking the issuer to promptly clear credit

records, then follow-up this request in writing (Carrns et al., “Your Money”). Speak directly

with the security or fraud department, not a customer service representative. In order to avoid

the liability of these false charges, one needs to communicate with creditors within 30-60 days.

Consider a credit freeze which requires a written request to credit reporting agencies. Placing a

freeze on the credit report prevents the fraudulent opening of new accounts without the

consumer’s consent.

The next step to take is to report the crime to the Federal Trade Commission & Local

Law Enforcement (Carrns et al., “Your Money”). Making an online report to the Federal Trade

Commission and completing an ID Theft Affidavit are necessary processes people must take.
FTC is a resource for I.D. theft recovery, protection, and fraud. Local police should be

contacted, and a report should be filed.

If the credit reporting company accepts the identity theft report, it must block the

fraudulent information from the credit report within 4 business days (Carrns et al., “Your

Money”). If the credit reporting agency rejects the identity theft report, it can then take

additional days since the victim will be asked to provide additional proof of the identity theft.

Once the identity is stolen it is imperative to repair the damage caused by the perpetrator. On

average it takes 18 months to two years to clear credit, according the Department of Justice

(“Fraud Section, FDR”). An impostor can use personal information to obtain credit,

employment, social security, medical services, IRS refunds or even avoid criminal arrest or

action.

The Department of Justice prosecutes cases of identity theft and fraud under various

federal statutes. In 1998, Congress passed the Identity Theft and Assumption Deterrence Act

(“Fraud Section, FDR”). This legislation created a new offense of identity theft, which prohibits

"knowingly transfer [ring] or us[ing], without lawful authority, a means of identification of

another person with the intent to commit, or to aid or abet, any unlawful activity that

constitutes a violation of Federal law, or that constitutes a felony under any applicable State or

local law." 18 U.S.C. § 1028(a) (7) (“Fraud Section, FDR”). If found guilty this offense carries a

maximum of 15 years’ imprisonment, a fine, and a criminal forfeiture of any personal property

used or intended to be used to commit the crime. Schemes to commit identity theft or fraud

may also involve violations of other statutes such as identification fraud (18 U.S.C. § 1028),

credit card fraud (18 U.S.C. § 1029), computer fraud (18 U.S.C. § 1344) (“Fraud Section, FDR”).
Each of these federal offenses are felonies that carry substantial penalties, in some instances,

as high as 30 years' imprisonment, fines, and criminal forfeiture. Federal prosecutors work with

investigative agencies such as the Federal Bureau of Investigation, the United States Secret

Service, and the United States Postal Inspection Service to prosecute identity theft and fraud

cases.

It is key to protect personal information in order to avoid identity theft. Sensitive

paperwork such as financial documentation should be stored in a secure place. One should

limit what is carried out when going out, it should be a form of identification and only

debit/credit cards one plans to utilize. Social Security and Medicare cards should remain at

home or in a secure place. Promptly remove all mail from the mailbox as someone may take

the chance to steal the packages or letters in hopes of obtaining something valuable for his or

her cause. Shredding sensitive documents, receipts, credit offers, credit applications, insurance

forms, physician statements, checks, bank statements, expired charge cards, and similar

documents before placing them in the trash. One should consider opting out of prescreened

offers of credit and insurance by mail. Protect medical information by destroying labels on

prescription bottles before throwing them out, be aware not to share any health plan

information with anyone who offers free health services or products. Before any personal

information is shared anywhere, one needs to ask who will access to view it, how it will be

stored, and how it will be disposed of.

Common advice from various sources is to never provide the full nine digit Social

Security number unless it’s absolutely a necessity (Roberts, Indermaur, & Spiranovic 318). Once

asked to validate identity, provide other form of identification. Consumers can ask service
providers such as utility companies to replace the four digits of the Social Security number with

a different four digit code to authenticate identity when needed (Roberts, Indemaur, &

Spiranovic 321). At times one must provide the number to the employer and financial

institutions for wage and tax reporting purposes. A business may ask for Social Security

number so they can check credit when applying for a loan, or rental of a property. It is key to

know when it is absolutely necessary to share this information with a second party.

One needs to be alert about online activity. Due to how advance most technology is,

any online platform is a populated watering hole for fraudsters. Knowing who is obtaining

one’s personal information online is key. Granted that it is nearly impossible to determine who

has or is getting personal information on the internet, once in doubt one should always contact

the company’s customer service and validate various online requests that being sent through

an email (Roberts, Indermaur, & Spiranovic 317). It is also helpful to protect one’s computer by

using an anti-virus software, anti-spy software, and a firewall. Protect against intrusions and

infections that can compromise the computer files or passwords by installing security patches

for the operating system and other software programs. Without knowing who the source of an

email is, one should not click on links, or download programs that are from unknown sources.

Opening a file from an unknown source could expose the system to a computer virus or

spyware that captures passwords or other information that is typed in (Roberts, Indermaur, &

Spiranovic 321). Before disposing of a computer, all the personal information in stores should

be wiped.

Personal data should be protected through encryption, browsers should remain secure,

put a lock icon on the status bar of the Internet browser should appear letting one know that
personal information that was transmitted during an online transaction was safely processed.

One should protect data and personal information and be wise about using public Wi-Fi. Before

sending personal information over laptops or smartphones on a public wireless network, check

to see if the information will be protected (Roberts, Indermaur, & Spiranovic 323). If an

encrypted website is used, it protects the transmitted information securely. If a secure wireless

network is utilized, all the information that is sent on that network is protected as well.

Passwords should be kept private. Using strong passwords with laptops, credit, bank and other

accounts is strongly recommended. The longer the password, the harder it is to crack. Create

passwords that mix letters, numbers, and special characters. The same password should not be

used for many accounts. If it’s stolen it can be used to take over multiple accounts.

People don’t usually think about the negative impact of oversharing information on

social networking sites. If one posts too much information about themselves, an identity thief

can find information about one’s personal life, use it to answer ‘challenge’ questions on

accounts, and get access to money and personal information (Roberts, Indermaur, & Spiranovic

327). Limit access to networking page to a small group of people. Things such as a Social

Security number, resident address, or account numbers should never be posted in publicly

accessible sites (Roberts, Indermaur, & Spiranovic 327). Keep financial information on laptops

only when necessary. It is recommended not to use an automatic login feature that saves user

identification name and password, and always to log off when finished. That way, if the laptop

is stolen, it will be harder for a thief to access personal information. Most consumers do not

always read privacy policies. They can be long and complex, but they explain how the site
maintains accuracy, access, security, and control of the personal information it collects; how it

uses the information, and whether it provides information to third parties.

Knowing all of this information is not an assurance that the crime will not happen, but it

will affectively arm those who have fell victim to the crime or believe they are highly vulnerable

to their identity being stolen. Fraud in general is the fastest growing crime around the world.

Why risk life for an advancement in wealth when a computer is the only tool necessary to

become the winner of “Who Wants to be a Millionaire”? Within the realm of white collar

crimes, identity theft is now becoming a daily occurrence for almost every one. It is at the point

that more often than not victims do not even panic about the situation. With that being said,

knowing who to call and when to call in regards to this matter is extremely important in the

prevention, and recovery processes. Being lost in a case of identity theft could leave a victim

completely bankrupt without a trace of remedies in sight for at least years. Rather than being

behind the curve watching the fraudsters speed ahead, people need to educate themselves and

learn about this crime in order to, at minimum, catch up to those willing to benefit from others’

integral hard work.

 Work Cited

Anderson, J. Craig, The Arizona Republic. (2013, April 14). Identity theft growing, costly to

victims. Retrieved February 18, 2018.

Carrns, A., Scheibjer, N., Lieber, R., Sullivan, P., Cohen, P., Sommer, J. Richards, C. (2018,

February 16). Your Money. Retrieved February 18, 2018.

Kess, S., Grimaldi, J. R., & Revels, J. J. (2017). Identity Theft. CPA Journal, 87(1), 66-68.

Roberts, L. D., Indermaur, D., & Spiranovic, C. (2013). Fear of Cyber-Identity Theft and Related

Fraudulent Activity. Psychiatry, Psychology & Law, 20(3), 315-328.

Fraud Section (FRD). www.justice.gov (n.d.). Retrieved February 18, 2018,