Introduction to Identity Theft & Identity Fraud

The generic term identity theft has been utilized to describe any use of stolen personal
information. However, such characterization fails to provide a comprehensive picture of the
totality of possibilities surrounding that construct known as identity.

Identity fraud, which covers identity theft within its purview, may be defined as the use of a vast
array of illegal activities based on fraudulent use of identifying information of a real or false
person.

Typologies of Identity Theft/Fraud

a. Assumption of Identity

b. Theft for Employment and/or Border Entry

c. Criminal Record Identity Theft/Fraud

d. Virtual Identity Theft/Fraud

e. Credit Identity Theft/Fraud

a. Assumption of Identity

 This is the rarest form of identity theft/fraud and occurs when an individual simply
assumes the identity of his or her victim, including all aspects of the victim’s lives
 It must be noted that this type of activity is atypical as it is significantly more difficult to
accomplish.
 Even if a thief could identically duplicate the physical characteristics and appearance of
his intended target, the likelihood of mastering personal histories, intimate relationships,
and communication nuances is extremely remote.
 However, it is important to note that this type of identity fraud has occurred even in cases
where the plausibility of such assumption borders on the ridiculous.

b. Theft for Employment and/or Border Entry

 This type of identity theft/fraud is increasingly common due to the growth of illegal
immigration and alien smuggling. It involves the fraudulent use of stolen or fictitious
personal information to obtain employment or to gain entry into the United States.
 The documents most frequently intercepted by officials included alien registration cards,
nonimmigrant visas, passports and citizenship documents, and border crossing cards.
These documents were presented by aliens who were attempting to enter the United
 States in search of employment or other immigration benefits, like naturalization or
permanent residency status.

c. Criminal Record Identity Theft/Fraud

 This type is often overlooked in discussions of identity theft, perhaps because it is not as
common or because the immediate financial repercussions are not significant.
 It has been used historically by individuals attempting to evade capture or criminal
prosecution.
 Reverse criminal record identity theft occurs when a criminal uses a victim’s identity not
to engage in criminal activity but to seek gainful employment. Unfortunately, criminal
record identity theft/fraud is especially insidious as it often remains undiscovered until
the victim is pulled over for a routine traffic violation. Unlike other types of identity
fraud, in this case many victims are horrified to discover that they have been victimized
by a friend or relative.

d. Virtual Identity Theft/Fraud

 A relatively new phenomenon, virtual identity theft/fraud involves the use of personal,
professional, or other dimensions of identity toward the development of a fraudulent virtual
personality.

 As in the previous types discussed, motivations range from the relatively innocuous to
extreme malevolence.

 Unlike physical identities which are tied to social networks, legal documentation, and
biological characteristics, virtual identities are largely personally constructed.

 Indeed, many individuals develop a virtual identity which is antithetical to their

physical one—making themselves taller, richer, younger, more charismatic, and so on

 In other words, virtual identities are often far removed from reality.

 As such, they are inherently less veracious and less trustworthy. They are often used
for online dating, role-playing, and accessing deviant sites or locations containing questionable
content.

 Although many individuals create virtual identities to explore forbidden areas or satisfy
their curiosity behind a veil of anonymity, most do not cross the line between the legal and the
illegal worlds.

e. Credit Identity Theft/Fraud

  It may be defined as the use of stolen personal and financial information to facilitate
the creation of fraudulent accounts.

 This definition, specific by design, requires the affirmative act of securing additional
credit.

 It does not include traditional activities like the illegal use of a stolen credit card, as
that activity is more appropriately situated under statutes concerning credit card fraud.

 It is also not defined under identity theft, as the primary incentive is instant
gratification.

 As credit cards are treated as cash by consumers and merchants alike, the use of a
stolen one may be likened to purse snatching or pick-pocketing without physical contact.

Physical Methods of Identity Theft

a. Mail Theft

b. Dumpster Diving

c. Theft of Computers

d. Bag Operations

e. Child Identity Theft

f. Insiders

g. Fraudulent or Fictitious Companies

h. Card Skimming, ATM Manipulation and Fraudulent Machines

a. Mail Theft

 Although it is hard to identify which method of identity theft/fraud is most commonly

employed, the theft of information from physical mailboxes is certainly one of the most
common. Unfortunately, numerous documents containing personal and financial
information are deposited in unlocked containers on the side of the road until it is
retrieved.
  Oftentimes, such retrieval is conducted by someone other than the intended recipient and
is used to generate illicit profit or to facilitate criminal activities. Physical mailboxes can
contain a plethora of valuable information.
 Even as the government cautions citizens to take measures to protect their personal and
financial information, they themselves are delivering government identification
documents through U.S. Mail. Many times, they even mail breeder documents.

b. Dumpster Diving

 As the name implies, dumpster diving is the practice of sifting through commercial or
residential trash or waste for information deemed valuable. Such information ranges
widely, but may include account numbers, social security or tax payer identification
numbers, and passwords. It may be located on discarded computer media or in paper
form, and may be housed in personnel records, accounting spreadsheets, receipts,
invoices, or the like.
 Fortunately, both consumers and businesses have increasingly taken measures to prevent
the misuse of discarded information. Many now employ paper shredders and disk-wiping
software. Diving for information has been practiced by criminals and law enforcement
alike. Early hackers found the trash to be especially helpful toward their exploitation of
computer vulnerabilities. Passwords, computer systems, and software could be located
there.

c. Theft of Computers

 Physical theft of computers is among the most common techniques employed by identity
thieves, as it alleviates the need to analyze and organize voluminous paper documents. As
the majority of individuals necessarily store personal information on their computer,
identity fraudsters are all but guaranteed a score.
 Even those individuals without technical expertise recognize that the computer as a
warehouse of information has significant value on the black market, even if they
themselves are incapable of retrieving the data. Areas vulnerable to such activity are
limited only by the criminal mind.

d. Bag Operations

 Another tactic historically utilized by intelligence agents which is currently used by

identity thieves and fraudsters is known as a bag operation, and it involves the secret
entry into hotel rooms to steal, photograph, or photocopy documents; steal or copy
magnetic media; or download information from laptop computers.
 Almost routine in many countries, bag operations are typically conducted by the host
government’s security or intelligence services, frequently with the cooperation of the
hotel staff. They are most often committed when guests leave their room.
e. Child Identity Theft

 Increasingly, law enforcement authorities are reporting startling numbers of parents

stealing their children’s identities. According to the Federal Trade Commission, more
than 140,000 children were victims of identity theft in 2011. This represented a marked
increase in numbers released by the same group in 2003. Unfortunately, this type of
identity theft or fraud is especially difficult to recognize and prosecute.
 The primary problem, of course, is the delayed identification of the victimization, as
credit reports are usually not generated until the first application for credit, which usually
occurs after the individual reaches the age of 18. Second, the theft itself is not
characterized as either child abuse or exploitation, so the primary investigative agency for
children

f. Insiders

 Many authorities suggest that corporate and government insiders pose the greatest risk to
identity theft. As in other areas of computer crime, motivations vary and the facilitation
of fraud is not always intentional. In fact, careless employees account for a large amount
of the identity theft in the United States. Such negligence has been committed by both
individual employees and corporate divisions.

In 2005, for example, Bank of America reported that the personal information of 1.2
million U.S. government employees, including U.S. senators, had been compromised
when tapes were lost during shipment. In the same year, CitiGroup reported that UPS had
lost the personal financial information of nearly 4 million Citigroup customers.

g. Fraudulent or Fictitious

 Companies Recently, a more sophisticated method of identity theft/fraud involves the

creation of shell companies.

Almost always conducted by an organized ring of criminals, fake companies are

established which are engaged in the processing or collection of personal financial
information. These fictitious businesses range from debt collection to insurance agents. In
a highly visible case, over 145,000 consumers were put at risk by Choice point, an
Atlanta-based company, which is one of the largest data aggregators and resellers in the
country. Among other things, it compiles, stores, and sells information on the vast
majority of American adults with over 19 billion records.

h. Card Skimming:

 ATM Manipulation, and Fraudulent Machines A more sophisticated method of data theft
involves the reading and recording of Personal information encoded on the magnetic strip
 of an automated teller machine (ATM) or credit card. Once stored, the stolen data is re-
coded onto the magnetic strip of a secondary or dummy card. This process, known as
card skimming, results in a dummy card, which is a fullservice credit or debit card
indistinguishable from the original while purchasing. While card skimming was
traditionally reserved to facilitate credit card fraud, it is increasingly being employed with
the collection of other personal information to create additional accounts. Card skimmers
come in a variety of shapes and sizes (most often miniaturized cameras or copiers and
can be mounted on retail and ATMs).
 In some cases, thieves have actually developed fraudulent ATMs. Thus, consumers are
strongly encouraged to only use those machines that are maintained by financial
institutions, and to be alert for any suspicious equipment or appendage.