Identity theft (or identity fraud, iJacking) occurs when someone wrongfully acquires or uses another person's personal data, typically for their own financial gain. What Are Identity Theft and Identity Fraud?, United States Department of Justice, retrieved June 30,2006 Sometimes it is referred to as "identity fraud" since the criminal impersonates rather than 'removes' the victims identity.

Most commonly, this term is used in relation to credit card fraud although mortgage fraud and other kinds of financial fraud are common. Less commonly, it is used to enable illegal immigration, terrorism or espionage. It may also be a means of blackmail if activities undertaken by the thief in the name of the victim would have serious consequences for the victim.

Techniques for obtaining information include :

• stealing mail or rummaging through rubbish (dumpster diving in the USA)
• eavesdropping on public transactions to obtain personal data (shoulder surfing)
• stealing personal information in computer databases
• infiltration of organizations that store large amounts of personal information
• impersonating a trusted organisation in an electronic communication (phishing)
• Spam (electronic): Some, if not all Spam requires you to respond to alleged contests, enter into "Good Deals".

Identity theft is not possible without serious breaches of privacy. If corporate or government organisations do not protect consumer privacy, client confidentiality and political privacy the execution of identity theft becomes much easier for criminals.Internet Identity Theft - A Tragedy for Victims, Software and Information Industry Association, retrieved June 30,2006

Spread and impact of identity theft

Surveys in the USA from 2003 to 2006 showed a decrease in the total number of victims but an increase in the total value of identity fraud to US$56.6 billion in 2006. The average fraud per person rose from $5,249 in 2003 to $6,383 in 2006.Recent Surveys and Studies, Privacy Clearing House, retrieved June 30,2006

The 2003 survey from the Identity Theft Resource Centre found that :

• Only 15% of victims find out about the theft due to a proactive action taken by a business
• The average time spent by victims resolving the problem is about 600 hours
• 73% of respondents indicated the crime involved the thief acquring a credit card
• The emotional impact is similar to that of victims of violent crime.

In a widely publicised account Verbal Testimony by Michelle Brown, July 2000, U.S. Senate Committee Hearing on the Judiciary Subcommittee on Technology, Terrorism and Government Information -- "Identity Theft: How to Protect and Restore Your Good Name", Michelle Brown, a victim of identity fraud, testified before a U.S. Senate Committee Hearing on Identity Theft. Ms. Brown testified that : "over a year and a half from January 1998 through July 1999, one individual impersonated me to procure over $50,000 in goods and services. Not only did she damage my credit, but she escalated her crimes to a level that I never truly expected: she engaged in drug trafficking. The crime resulted in my erroneous arrest record, a warrant out for my arrest, and eventually, a prison record when she was booked under my name as an inmate in the Chicago Federal Prison."

In Australia identity theft was estimated to be worth between AUS$1billion and AUS$4 billion per annum in 2001. Identity Crime Research and Coordination, Australasian Centre for Policing Research, retrieved June 30,2006

In the United Kingdom the Home Office reported that identity fraud costs the UK economy £1.7 billion What is Identity theft?,Home Office,retrieved June 30,2006 although privacy groups object to the validity of these numbers, arguing that they are being used by the government to push for introduction of national ID cards.

Confusion over exactly what constitutes identity theft has lead to claims that statistics may be exaggerated. Identity Theft Over-Reported,Bruce Schneier, retrieved June 30,2006

Legal response

In the United Kingdom personal data is protected by the Data Protection Act. The Act covers all personal data which an organisation may hold, including names, birthday and anniversary dates, addresses, telephone numbers, etc.

Under English law, the deception offences under the Theft Act 1968 increasingly contend with identity theft situations. In R v Seward (2005) EWCA Crim 1941R v Seward (2005) EWCA Crim 1941 the defendant was acting as the "front man" in the use of stolen credit cards and other documents to obtain goods. He obtained goods to the value of £10,000 for others who were unlikely ever to be identified. The Court of Appeal considered sentencing policy for deception offences involving "identity theft" and concluded that a prison sentence was required. Henriques J. said at para 14:"Identity fraud is a particularly pernicious and prevalent form of dishonesty calling for, in our judgment, deterrent sentences."

In Australia privacy law is the responsibility of the Office of the Privacy Commssioner. Privacy Comissioner, retrieved June 30,2006

In the USA dealing with identity theft is the responsiblity of the Federal Trade Commission. Federal Trade Commission, retrieved June 30,2006

Punishments of identity theft in the United States include:

• Class B Felony: 6-20 years in Jail and a fine up to $10,000
• Class C Felony: 2-8 years in Jail and a fine up to $10,000

In popular culture

The public fascination with impostors has long had an effect on popular culture and extends to modern literature.

The story of Michelle Brown has been made into a film. Identity Theft: The Michelle Brown Story (2004)

In Frederick Forsyth's novel The Day of the Jackal the would-be assassin of General de Gaulle steals three identities. Firstly, he assumes the identity of a dead child by obtaining the child's birth certificate and using it to apply for a passport. He also steals the passports of a Danish clergyman and an American tourist, and disguises himself as each of those persons in turn.

In the 1995 movie The Net (film) Sandra Bullock plays a computer consultant whose life is taken over with the help of computer assisted identity theft.

Precautions against identity theft

The following precautions are recommended by the US Federal Trade Commission FIGHTING BACK AGAINST IDENTITY THEFT, Federal Trade Commission, retrieved June 30,2006 :

• Shred documents and paperwork which contain personal information before you discard them.
• Don't give out personal information unless you know who you are dealing with.
• Never click on links in unsolicited emails; instead, type in a web address which you know
• Use firewalls, anti-spyware, and anti-virus software to protect your home computer;
• Don't use obvious passwords like your birth date or your mother's maiden name
• Keep your personal information in a secure place at home
• Be alert for discrepancies in your financial bills and statements and query them immediately
• Report fraud as soon as you detect it

The following have also been recommended :

• Collect delivered postal mail as soon as possible.
• Use reliable ATM's at reputable sites only.
• Look for any suspicious attachments to an ATM and if in doubt, do not use the ATM but report the problem.
• Be aware of your surrounding when using an ATM. Hide what you type on a keypad from others.
• Limit the amount of personal information you publish on the web.
• When shopping online, make sure the company is reputable and displays an approved security symbol.
• When handing over your credit card, do not let it out of your sight.
• If you are traveling, tell the post office to hold your mail until your return or have someone you trust collect it

The following are specific to the USA :

• Protect your Social Security number. Don't carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
• Don't order checks pre-printed with your driver's license or social security number.
• Don't carry your social security card unless absolutely needed. In states where your driver's license number is your social security number, be equally careful about who sees your license.
• Freeze your credit, if available in your state so that no one can open any form of credit in your name.
• Request your own credit report each year and check the reports for inaccuracies and new lines of credit issued that you did not request.

See also

• Anonymous web browsing
• Identity document forgery
• Phishing
• Fair Credit Reporting Act
• Fair and Accurate Credit Transactions Act
• Health Insurance Portability and Accountability Act
• Better Business Bureau Video Series
• Spam (electronic)

References