Identity Theft: Managing the Risk Management What's New for the Future of Identity Theft Prevention

In this paper I examine the basics of identity theft in today's age of widespread and accessible information. The fundamental problem is that while information technologies continue to make aspects of our lives as simple as "point and click," they tend to make certain forms of crime equally simple. The internet, in particular, makes information not only instantly available but also available to an untold number of faceless strangers. However, the central methods for preventing identity theft remain what they were before personal computers became as common as the television; social security numbers and credit card information must be guarded.

I begin this discussion with an overview and definition of identity theft, including the most common ways it is committed. I identify the fundamental steps towards prevention, as well as the latest laws enacted to combat this threat to individual privacy. Next, I mention a number of the ways the internet has been employed by thieves to obtain personal information. Combating invasions of privacy on the internet involves, largely, secure passwords and selectivity is the dealing out of personal data.

Certainly, some individuals are at a greater risk for having their identities stolen than others -- even if they take the necessary precautions. These people need to be notified of their risks and informed of what steps can be taken. In the future it is likely that laws dealing with identity theft will become stronger, but also that new thieves will find ways around them. They keys to avoid becoming a victim include the simple acts of using a paper shredder, and taking away the identity thief's most powerful ally -- surprise.

I. Introduction

In this emerging age of information, increasingly, the most precious information for consumers and criminals alike is of a personal nature. The handful of numbers, passwords, and identification cards that define who you are and what you purchase in your ordinary everyday life are becoming the most vulnerable avenues by which others can manipulate your monetary transactions. Today, identity theft is far more prevalent, and a much greater threat to personal security than ever in the past. "In the fiscal year 1999 alone, the Social Security Administration Office of Inspector General Fraud Hotline received approximately 62,000 allegations involving Social Security Number (SSN) misuse." (Hammond 20). However, SSN misuse is only one method by which personal information can be manipulated illegally. All together, it is estimated that "somewhere between 500,000 and 750,000 consumers will become victims of identity theft this year -- and the number is growing." (May 1).

Clearly, this form of theft is increasing in magnitude and has become a serious threat for a large portion of the population. Largely, what makes identity theft such a concern for the public is not simply the number of people it happens to, but the fact that it can occur without the victim's knowledge. Unlike the traditional bank robbery, this crime can span thousands of miles, requires no brazen force, and it could happen to anyone, anywhere and without warning. Doubtlessly, such a covert robbery would worry anyone. Often times the victim feels completely helpless and unable to protect themselves or their personal information. In short, it is an impersonal crime, with very personal consequences.

Essentially, "Identity theft occurs when someone uses the identifying information of another person-name, social security number, mother's maiden name, ect. -- to commit fraud or engage in other unlawful activities." (May 2). There exist many variations of this crime, and the thief can use the information he obtains for any number of purposes. A few of the most common acts of fraud that can occur include: opening of new credit card accounts; taking over existing credit card accounts; applying for loans; renting apartments; establishing services with utility companies; writing fraudulent checks; transferring bank money; filing bankruptcy; and obtaining employment in the victim's name (May 2). This is an imposing list; and just as there are numerous ways identity thieves can exploit an individual's information, there are equally many ways in which they can obtain it.

Identity thieves can potentially use both banal and sophisticated methods to acquire your personal information. These tactics include: stealing wallets; stealing mail; filling out "change of address" forms in another's name; rummaging through the trash; fraudulently obtaining credit reports; using personal information shared on the internet; purchasing...

This introduces a problem both for those wishing to protect themselves from this form of crime and those wishing to capture the perpetrators: there are simply too many ways identity theft can be committed to ever possibly defend against them all.
However, to concede defeat or claim helplessness in the face of such threats would be a mistake. There are steps that can be taken to defend against identity theft in its most common and its most disastrous forms. First and most generally, do not readily give out your personal information unless you have cause to trust the individual or organization you are providing with that information. Additionally, "Put passwords on your credit card, bank, and phone accounts. Memorize them, change them regularly, and don't share them, even with family or friends." (Hammond 74). It is also important to protect the avenue by which you transfer your personal information and passwords. "Do not give out personal information on the phone, through the mail, or over the Internet unless you have initiated the contact or know with whom you're dealing." (Hammond 74). Avoid giving out your SSN to institutions other than your employer or banks. "If someone asks for your SSN, you should ask the following questions: Why do you need my SSN? How will my SSN be used? What law requires me to give you my SSN? What will happen if I don't give you my SSN?" (Hammond 75). A useful guideline for any personal information you are uncomfortable with providing is to ask how the information will be used.

It has only been in recent years that the federal government and most states adopted laws that specifically dealt with the crime of identity theft. Largely, this is because of the recent amplification of the threat both in its number of occurrences and in its public perception. "Currently, more than three quarters of the states have passed laws relating to this crime. . . . Meanwhile, at the federal level, Congress passed the Identity Theft and Assumption Deterrence Act of 1998." (May 9). According to this law identity theft is defined as when anyone,

'knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under applicable state or local law." (Hammond 9).

If an individual is suspected of violating this Act they are investigated by several branches of the United States government and subsequently prosecuted by the Department of Justice. Other recent federal acts that are specifically targeted at pursuing identity theft include: the Fair Credit Reporting Act, the Fair Credit Billing Act, and the Electronic Fund Transfer Act. All of these Acts are aimed at increasing consumer awareness and access to their own account information, and well as alerting them if questionable transactions appear. Such precautions are gradually reducing the risks of identity theft, but they can never fully be eliminated.

A large problem with identity theft is the fact that the very information you wish to keep protected is the same information that credit card companies use to conduct their business. "Identity theft is made possible because credit card companies, always on the lookout for new customers, don't have a good way to verify the identity of a person who mails in an application or orders a credit card over the telephone." (Garfinkel 31). The trouble with this is that the credit card companies make the assumption that if you have a few bits of information on an individual, you must in fact be that individual. However, this assumption is almost essential to the manner by which these companies perform their transactions, and makes much of their business possible.

Furthermore, often times when fraud does occur -- traditionally -- there has been little or nothing that the victim can do. Regularly, "When the fraud takes place, the credit issuer simply notes that information in the consumer's credit file and moves on; the consumer is left to pick up the pieces and otherwise deal with the cost of a stolen identity." (Garfinkel 32). This is primarily why many current creditors advertise their policies of credit reimbursement in the event of identity theft; although, it is not yet mandatory for them to do so. Consequently, the laws may bring the criminals to justice, but the victims are regularly left to deal with the effects.

II. Identity Theft on the Internet.

Identity theft in general may not be new, but the ways in which it can be carried out are expanding rapidly. The Internet…