Released: April 01, 2000
2000 Identity Theft Issue
Table of Contents
- ID Theft - A rapidly growing crime that scars its victims
- Businesses are in a position to help prevent identity theft - that dumpster holds gold for thieves
- ID Theft horror stories
- Financial privacy law needs more work, say advocates
- California bills target ID theft
- Protect yourself from ID theft
ID Theft - A rapidly growing crime that scars its victims
by Beth Givens
Beth Givens is the director of the Privacy Rights Clearinghouse, a non-profit consumer information and advocacy program based in San Diego, CA. She is the author of several works on privacy, including "The Privacy Rights Handbook." For more information, visit the organization's web site (www.privacyrights.org).
Identity theft is a broad descriptive term for a crime with numerous variations. Essentially, it occurs when someone uses bits and pieces of information about an individual-usually a Social Security number-to represent himself or herself as that person for fraudulent purposes.
The impostor can obtain credit cards and loans in someone else's name and then not pay the bills, open utility accounts, rent an apartment, get a cell phone, purchase a car or a home, and so on. Another type of identity theft-what I call the worst case scenario-is when the perpetrator commits a crime in the victim's name, resulting in the innocent victim having a criminal record.
Anxiety and hassle
Victims are not liable for the bills accumulated by the impostors, thanks to federal law. But they do have the anxiety and hassle of spending months, even years, regaining their financial health and restoring their good credit history.
How many victims of this crime are there? We don't have accurate statistics. But I estimate that there are at least 400,000-500,000 victims a year and rising. The credit reporting bureau Trans Union receives about 1,900 calls a day from victims of identity theft.
The three largest credit bureaus, Trans Union, Equifax and Experian (formerly TRW), have fraud departments. A first step for victims of identity theft is to contact the bureaus and ask to have a fraud alert placed on their file. If the impostor attempts to obtain additional credit in their name, the fraud alert is supposed to stop it. Unfortunately, this measure is not 100% effective.
Why is this crime so rampant today? I place a great deal of the blame on the credit industry. Credit grantors make it all too easy to obtain credit. They do not adequately check the identities of applicants before granting credit. For this reason, instant credit opportunities are especially popular with identity thieves. Credit grantors are all too eager, in their competitive zeal, to get new customers.
All too easy
It's all too easy for criminals to obtain the personal information they need-in particular the Social Security number. Sloppy information handling by businesses is one reason such information is easy to come by-documents tossed in the trash without shredding them, computer files and personnel records easily obtained by dishonest employees, etc.
Law enforcement agencies pay much of their attention to violent crimes such as breaking and entering, mugging, robbery by gun point and bank thefts.Meanwhile, violent criminals and organized crime rings are moving to identity theft.
Identity thieves are rarely apprehended and sentenced. If they are, penalties are minimal and rarely include jail time. Community service and parole are common.
Personal information
Identity thieves have many ways to obtain identifying information about their victims. The key is the Social Security number, which can be used to apply for credit and even give a criminal access to another person's credit report, credit card numbers, date of birth and driver's license numbers.
One way of obtaining this information is by stealing a wallet or purse. The thief either uses the information or provides the contents to a crime ring.
Sometimes, credit card slips and loan or credit applications are fished from the trash. Unfortunately many businesses, banks, mortgage companies and restaurants do not shred these documents.
It can be accomplished by insiders, employees or temporary workers who have access to a computer terminal that is connected to one of the credit reporting bureaus. Going hand in hand with this type of access is the negligence of the company permitting unmonitored access. Insiders have also used access to personnel records to obtain Social Security numbers of identity theft victims.
We learned of a case where a member of a foreign organized crime ring was employed temporarily at a very large corporation. He downloaded the employee list containing Social Security numbers. One by one the employees' identities were used for fraudulent purchases. The employees didn't know about it until they started sharing stories and learned that many of them had been hit.
Relatives or friends, roommates, household workers such as health care givers or spouses going through a bitter divorce can easily obtain a victim's Social Security number, driver's license number and credit card numbers. We have found this scenario to be more common than most people would believe.
Mail theft, another way of obtaining identifying information, is accomplished when people leave their paid bills in an unlocked mailbox for the carrier to pick up. It's better to drop them off at the Post Office.
In the change of address routine, a thief fills out a change of address card so the victim's mail is diverted to the thief's drop box. Then the thief obtains bank statements and credit card bills or preapproved offers of credit containing enough information to impersonate the victim. Fortunately, the Postal Service recently has begun to verify change of addresses in order to make this more difficult.
By filling out a credit application, an impostor can change the victim's name and identifying information and have it sent to another address. (Many pre-approved offers of credit are thrown in the trash and retrieved by criminals.) The major credit card issuers say they are now more wary of changes of address, but their efforts are not foolproof.
And there are many more schemes. Unfortunately, many victims with whom we've spoken haven't a clue as to how their identifying information was obtained by the impostor.
The victims
Even though each identity fraud case is different, what happens to the victims is, sadly, all too similar. They get little to no help from any of the authorities who issued the identifying information to them in the first place. This includes the Social Security Administration and the Department of Motor Vehicles.
Law enforcement doesn't investigate many such crimes. There's just too much identity theft for them to handle.
Nationwide, many police and sheriff's departments refuse to issue a police report to the victims. Yet, victims find they need the police report to prove their innocence to creditors.
Many victims report that they do not get effective help from credit grantors, banks and/or credit bureaus. They describe difficulty in reaching the credit bureaus, and tell how some creditors simply refuse to believe them.And they report that flagging their credit report for fraud doesn't always stop the impostor from opening new credit accounts.
Victims also have to put up with abusive collection agencies, who threaten them with having their houses and cars taken away from them.
Victims have to spend a great deal of time cleaning up the mess. Many are forced to take days or weeks off work so they can make the necessary phone calls, write the letters and have affidavits notarized. And this all costs money as well. I've heard of victims being saddled with the problems wrought by identity theft for up to 10 years.
This crime scars its victims emotionally. They report feeling violated, helpless and very angry. Victims have used the word rape to describe how they feel. I've talked to many who are weeping, or close to tears, because they can't stop what's happening to them. I've talked with seniors who are frightened they will lose their life savings and their homes. In one day alone, I talked to two otherwise reasonable women who said they'd like to kill the perpetrators.
It's little wonder that victims feel violated, helpless and angry - they are often unable to rent an apartment, get a job, get a mortgage or buy a car, because someone else's bad credit history is hounding them. The entire burden of this crime is placed on the shoulders of the victims.
In one case, the impostor was a major drug dealer who was using the identity of a high-tech company president. The executive travels out of the country often and has to carry a letter from law enforcement which explains he is not the drug dealer, because he gets pulled in for inspection every time he comes back to the U.S. Recently law enforcement agents from another state entered his bedroom in the early morning hours and tried to arrest him at gun point. He was able to explain, but it took some doing.
Victims have to be savvy consumers. They must be assertive with the credit card, banking and credit reporting industries and officials. Many consumers are not equipped to deal with the challenges that this crime brings-people whose first language is not English and who cannot communicate at the level of complexity that this problem requires. Others are semi-literate or illiterate and can't write the necessary letters. Unfortunately, there isn't enough consumer assistance for victims of identity theft.
Consumer awareness of identity theft has skyrocketed since 1998, primarily because of media coverage. People are more wary of giving out personal information and having it used or passed along without their consent, especially on the Internet. Outcry by consumer advocates and the public has resulted in some legislative and regulatory attention to the issue.
Legislative remedies
Last year Congress passed and the President signed the Identity Theft and Assumption Deterrence Act (18 USC 1028). It makes identity theft a federal felony when someone knowingly uses the identification of another person with the intention to commit any unlawful activity under federal and state law.
Wisconsin Congressman Jerry Kleczka, would like to take the law a step further, and has introduced a bill (H.R. 1450) that among other things, prohibits the commercial acquisition or distribution of Social Security numbers without the holders' consent and limits their use as personal identification numbers.
Industry must help
The new law is welcome, but in order to make a dent in identity theft, the practices of the credit industry must change dramatically. This crime is at epidemic proportions primarily because of the careless practices of the credit granting and the credit reporting industries. Until laws create incentives for the credit industry to change how they do business, the crime of identity theft will continue to climb.
For instance, whenever a credit grantor extends credit to an impostor after the victim has placed a fraud alert on the credit file, a stiff penalty should be assessed.
I suggest that the credit industry itself implement the following practices:
- Verify at least three pieces of information, such as the name, address, date of birth, Social Security number, driver's license number and place of employment, with information on the existing credit report. This is especially important in instant credit situations. If the consumer is applying in person, the credit grantor should be required to inspect a photo ID.
- When offering credit via a mailed-in application (a pre-approved offer of credit) the credit grantor should use the consumer's address as it appeared on the original solicitation, not a different address, which could well be the work of an identity thief. If the card issuer receives a change of address notification, it also must send a confirmation notice to the old address it has on file.
- Provide consumers with one free copy of their credit report annually. (Only six states have passed such laws: Colorado, Georgia, Massachusetts, Maryland, New Jersey and Vermont.) If consumers checked their credit reports more frequently, identity theft would be detected earlier and the overall impact minimized.
- Let consumers put a freeze on their credit reports that would prevent their reports from being furnished without specific authorization.
Businesses are in a position to help prevent identity theft - That dumpster holds gold for thieves
by Linda Goldman-Foley
Linda Goldman-Foley is the director of VOICES (Victims of Identity Crimes Extended Services), a non-profit organization that assists victims of identity theft and works to bring a higher public awareness about this crime. She became a victim of identity theft when her employer used her personal data to apply for several credit cards and a cell phone. She was able to identify the impostor, helping the judicial system to convict the perpetrator. For more information, you can e-mail Goldman-Foley at VOICES (.(JavaScript must be enabled to view this email address)) or visit the www.privacyrights.org web site.
Do you know what's in that dumpster in the alley? You might want to look-your own good name could be at stake. It's happening time after time, in store after store, in office after office, throughout the nation. Credit card slips, photocopies of checks, private phone numbers, prescription forms, duplicate receipts and even employees' personal records and histories are being carelessly tossed out, there for the taking.
Identity theft and dumpster diving are hot news topics with investigative reporters who dig into trash cans behind retailers, doctors' offices, video rentals, department stores and even mortgage brokers' offices, bringing up handful after handful of sensitive information. It's all there, all the information an impostor needs to assume an identity and steal thousands of dollars in merchandise, cash and services.
Those men and women rummaging through the garbage are not just looking for aluminum cans or food scraps. Organized criminals are dumpster diving in record numbers. The information they find is a cash cow-to use themselves or sell on the black market, an easy and safe way to make a fast buck.
This year more than 500,000 of your friends, family, neighbors, customers and employees will become victims of identity theft. Their lives will be financially, legally and emotionally impacted for years to come. And if it's a member of your staff, you may lose from 50-500 productive hours while your employee tries to straighten out the mess, over and over, each time a new bill appears for a credit card account they never opened.
Businesses are entrusted with sensitive information by their employees. While we cannot give you a foolproof way to protect yourself, your employees and your customers, there is much that corporations and businesses can do to safeguard confidential information.
Poor document handling often results from lack of awareness-the company in not establishing secure methods of information disposal, and employees who don't realize the serious implications of identity theft. We recommend employers adopt the following document-handling procedures:
- Develop a process to screen employees who have access to personal information, even if they are part-time. This also extends to outsource company employees that may be in your offices unsupervised, such as cleaning crews. I am currently working with two victims whose identities may have been sold or compromised by employees within the human resources department of the company where they work.
- Establish data security procedures for each type of identifying documentation your employees handle. Put together a handbook that each employee must study and sign after reading. Identify each document, the sensitive information it contains and proper handling and disposal procedures. Include pointers about storing and disposing of voided sales slips, credit forms, etc.
- Provide cross-cut paper shredders for all work areas, or a locked, secured area for unwanted sensitive information which will later be disposed of by a document disposal company. If disposal facilities are conveniently located, employees will use them. Make sure any outsource shredding company uses strict security procedures. Use proven "shredding or wipe" software when disposing of computer files, diskettes and hard drives.
- Rethink what type of information you really need from customers and employees vs. the information you currently gather. In this case, less is better. Limit data collection to information necessary to the purpose, not information you might use at a later date. This also limits your liability.
- Limit the number of people who have access to sensitive information whenever possible. Access should be on a need-to-know basis and only handled by those who have completed a training on identity theft and document handling practices. Keep sensitive documents in a locked, secure file cabinet, and make sure stored data files are encrypted.
- Don't use the Social Security number for employee and customer identification.
- Encrypt or lock all personal and confidential information on computers with a password. Make sure your systems administrator checks on a regular basis that your system is hacker-proof. Electronic transmission should only be used to transfer encrypted confidential information, on a need-to-know basis. Do not assume your program is safe and that only the intended eyes will see the transmission.
- Train designated personnel about security procedures in sending sensitive information by fax. Attorney Mari Frank advises that all faxes should have a confidential cover sheet prohibiting re-disclosure. Call the recipient before and after sending faxes with confidential information. Place shredders near fax machines.
- Place photos on business cards, employee identification cards and badges. This avoids the problem of an impostor "borrowing" business cards and using them to pose as the victim.
- E-mail, voicemail, cellular telephones, answering machines and services are not private or secure. These are not reliable ways to transmit sensitive messages. In addition, remember that "deleting" messages does not truly delete the information from a hard drive. Messages people thought were deleted have been retrieved and used as evidence in lawsuits.
- Instruct sales clerks to verify signatures on credit cards and credit card slips. Ask for a second form of identification when in doubt. Scrutinize photos on driver's licenses. When in doubt, make a call to the customer's registered home number, especially on phone orders, if someone tells you they have moved or the information doesn't match what you have on file.
Due to the increase in identity theft crimes and the growing amount of financial loss to the person whose identity has been stolen, it is not unreasonable to expect that legislation compensating victims for improperly handled data will soon become a reality. Already victims have begun to bring lawsuits against companies whose mishandling of sensitive information directly caused their identities to be stolen.
Establishing privacy policies will confirm that your company truly cares about the financial safety of its customers and employees. It is also a way to protect your company and level the playing field with identity thieves.
Apartment application gone awry
Charlie had his identity stolen when a friend of a landlord copied some information from an apartment rental form sitting on a desk. The impostor used that information, which included Charlie's Social Security and driver's license numbers, to get a duplicate driver's license and accumulate more than $50,000 in credit card bills. Then he used the victim's name when arrested by the police for drug smuggling. Charlie was forgiven all the debts but his name still is on a national crime register. He is forced to carry a letter of clearance with him wherever he goes, to prove he is not the felon who used his identification.
Health Insurer helps Identity thief
Mary's purse was stolen while on vacation. When she got home she found several new credit cards in the mail, ones she never applied for. The bills followed several days later. The impostor had found her Social Security number on her health insurance card and used it to secure "instant" creidt at various stores. He maxed out the accounts the day they were opened, leaving Mary to deal with the collection agencies.
Identity theft horror stories
by Mari Frank, Esq.
Mari Frank, an attorney and identity theft expert based in Southern California, created The Identity Theft Prevention Kit. As one of the nation's top advocates for identity theft victims, Frank assisted in the passage of the federal law making identity theft a crime and is often featured in the national broadcast and print media. She is the author of "From Victim To Victor: A Step By Step Guide To Ending The Nightmare of Identity Theft" and co-author with Beth Givens of "Privacy Piracy: A Guide To Protecting Your Identity." For more information, visit Frank's web site (www.identitytheft.org).
Most of us don't believe that we could become victims of identity theft, but the truth is, it could happen to you-it happened to me. Identity thieves strike baseball stars, homemakers, judges, law enforcement officers, journalists, private investigators, executives, business entities, children and even deceased people.
All an impersonator needs to steal your personal identity is a name and Social Security number. A business identity thief can use desktop publishing products to copy a business card, or a few pieces of information from a brochure or a web site that helps them pose as the victim. For example, using my Social Security number and my business cards, my impostor stole over $50,000 in credit from me and assumed my business identity by parading as a licensed attorney.
No one is immune. A CBS poll in 1998 reported that one out of four adults has experienced some form of identity fraud. Last May the U.S. Government Accounting Office (GAO) issued a report on the skyrocketing number of victims, calling identity theft an epidemic. It is estimated there were more than 500,000 new cases of identity theft in 1998. And the problem is growing.
Why do impostors want to rob your identity? Here are just a few scenarios:
- For financial gain.
John worked as a part-time bookkeeper for Dr. Stone, an ophthalmologist. John's job entailed accepting cash and checks from patients-he began to divert tens of thousands of dollars into a checking account in a neighboring town using Dr. Stone's name. He began to impersonate Dr. Stone and ordered eyeglasses and equipment for a new eye clinic using Dr. Stone's credit profile, license, etc. He hired staff and even continued to work as a part-time bookkeeper while diverting the funds he needed. Dr. Stone only learned of the business identity theft when John's business began to fail and creditors started to harass the doctor. Dr. Stone's reputation was destroyed and his quest to regain his credibility and sanity is ongoing. - Because they don't have any credit of their own. Jane and her husband, both professionals living in Michigan, were about to buy their first home when they were informed by the loan officer that their credit was overextended. Someone in Texas had used Jane's name and Social Security number to obtain numerous credit cards, a BMW, health care and a mortgage. It took two years to clean up the mess and purchase a new home. The nightmare has finally ended, but the fear of future problems is ever present.
- To avoid criminal prosecution.
Mark is a high level executive with a major securities firm. Upon leaving work one afternoon, he was confronted by the police who forced him to the floor, put him in handcuffs and searched for weapons-all in front of his staff. Mark was arrested for a crime committed by someone who used his name.
At the police station he was able to prove it was not him when the police compared him to a photo and fingerprints of the true criminal. Since the real felon had skipped town, the police did not have his real name, so they refused to correct the records. Although Mark now has a certificate of clearance, arrest records (which are transmitted nationwide) still show up with Mark's name and Social Security number. This is a continuing disaster for Mark's career and personal life.
- To ruin your reputation, get revenge or destroy the reputation of business competitors.
Dana and David, married for 25 years, were physicians and business partners. Learning that David was having an affair with their receptionist, Dana asked for a divorce. David vowed that she would never get anything from the business.Her husband had a great reputation and political influence and he began to use it to destroy Dana's life. While the divorce battle raged, Dana began receiving collection calls, money was stolen from her accounts, and she was billed for things she didn't order. Her phone was disconnected "by mistake" and her mail was stolen. One day, the FBI arrived at Dana's medical office and arrested her for painkiller prescriptions she had never authorized.
Dana went to trial with an attorney who didn't allow her to testify and didn't make a case that she had been framed. (She later found out the lawyer was a friend of her ex- husband.) She was convicted on a drug charge and is trying with a new attorney to get a new trial.
We have a lot of work to do to stop this epidemic. Although there are precautions you can take to lower you chances of becoming a victim (for tips, see Protect yourself from ID theft), no one can guarantee that an impostor won't get access to your information and become your evil twin. In our increasingly data-saturated society, where information can be retrieved in a nanosecond, criminals definitely have the advantage.
Credit bureau can't sell pitch lists
Early in March, the Federal Trade Commission (FTC) ordered a major consumer credit reporting agency, Trans Union, to stop selling consumer reports in the form of pitch lists to target marketers who lack an authorized purpose for receiving them under the Fair Credit Reporting Act (FCRA).
The FTC charged that target marketers lack a "permissible purpose" to access credit reports, as defined under FCRA, and therefore Trans Union violated the law by selling to marketers lists compiled from its database.
Chicago-based Trans Union handles the credit data of approximately 160 million consumers. It receives detailed information from banks, mortgage companies, credit unions and auto dealers and furnishes it to lenders, employers, insurance companies and landlords for use in checking applicants.
Through a subsidiary company, Performance Data, it also sells marketing lists to companies that want to pitch goods and services.
FCRA regulates credit reporting bureaus and limits the circumstances under which these companies can release information about a consumer's credit report. The law allows credit bureaus to release credit data only for permissable purposes with consumer authorization, including new applications for credit, employment, insurance or rentals as well as a company's review of existing customers' credit.
Financial privacy law needs more work, say advocates
by Linda Sherry
A major banking overhaul passed by Congress last November paved the way for banks to merge with other financial firms such as health insurance companies and stock brokerages.
But Congress "gave away the bank" by making it easier for banks to share and sell confidential customer information at the same time it failed to pass adequate financial privacy protections.
While financial institutions that plan to sell customer information to third parties must at least provide written notice and an opportunity for consumers to opt out of the marketing programs, there are no requirements when companies share customer information with their affiliates.
Privacy intrusions
"Congress listened to Wall Street, not Main Street, even though the legislation legalizes Orwellian privacy intrusions by banks without giving customers privacy protections," said Ed Mierzwinski of the U.S Public Interest Research Group. "We have a stronger law protecting the privacy of the videos you rent than of your financial records."
Consumer Action has joined other consumer groups including U.S. PIRG and the American Civil Liberties Union, in supporting two bills that would offer consumers meaningful control over their personal financial information: H.R. 3320, introduced by Congressmen Ed Markey (D-MA) and Joe Barton (R-TX) and S 1903, introduced by Senators Richard Shelby (R-AL) and Richard H. Bryan (D-NV).
Both bills would require banks to obtain the consent of consumers before selling or sharing information ("opt-in"). If consumers did not respond, the banks would not be free to sell or share their information.
Boilerplate notices
The current law pertaining to financial privacy-the Gramm-Leach-Bliley Act-allows banks to sell or share information unless a consumer responds to a boilerplate notice by writing a letter to opt-out of any marketing programs.
Financial institutions regularly exchange information about customers with other companies in order to sell services. Some of these companies are subsidiaries or affiliates owned by the same parent company, such as the relationship between Citibank and Travelers, the insurance company.
In other cases, financial institutions enter contracts to share information with all kinds of companies (non-affiliated third parties), including marketing firms that make money through telemarketing and direct mail solicitations. Sometimes the information is sold as a commodity in itself, and sometimes the referring company gets a cut when the non-affiliated third party makes a sale.
The Gramm-Leach-Bliley Act requires that financial institutions planning to share information with non-affiliated third parties give consumers, at least once every year, a clear written notice of their plans to sell information as well as a right to opt out of marketing programs. The Federal Trade Commission and other federal agencies that regulate over financial institutions have issued proposed rules in response to the Act.
The law prohibits banks from releasing specific account numbers or access codes for credit card, deposit, loan or securities transaction accounts to any non-affiliated third party for use in marketing. No such restriction exists between affiliated companies. (Financial institutions are allowed to give credit account numbers to credit reporting agencies, such as Equifax, Experian or Trans Union.)
"Banks used to be like priests or psychologists-now they're the biggest blabbermouths in town," said Mierzwinski.
The proposed rule defines "financial institutions" broadly to include all banks, insurance companies and brokerages providing consumer accounts for individual, family or household use. Other companies that perform limited financial services are also covered: mortgage lenders and other credit grantors, personal property appraisers, real estate appraisers, retailers, career counselors for employees in financial occupations, real estate settlement services, manufacturers of computer hardware and software and travel agencies.
The disclosure and opt-out requirements cover only "nonpublic personal information"-personally identifiable financial information provided by a consumer to the company. Information from public sources could be disclosed without restriction. Public sources include government records, such as real estate deeds, telephone books, television, radio and newspapers.
If financial institutions provide written disclosures and a way for consumers to opt-out, they are free to retain and sell information provided to them by customers, former customers and even non-customers who gave them information while comparison shopping. Before any nonpublic personal information about the consumer can be shared with or sold to a nonaffiliated third party, the person must be notified. Initial and annual privacy notices are required and must include companies' policies on sharing or selling information about former customers.
The proposed rule also states that information obtained over the Internet will be considered publicly available if it was obtained from a site that is available to the general public without requiring a password or similar restriction.
California bills target ID theft
by Gabriela Castelán
Six bills focusing on identity theft have been introduced in the California Legislature this year.
Assemblyman Bob Hertzberg (D-Van Nuys), who will soon be sworn in as Speaker of the Assembly, believes the crime of identity theft is a serious threat. "Identity thieves don't just take your wallet, they hold your financial life hostage," said Hertzberg. "We owe it to the public to see that law enforcement keeps pace and keeps identity thieves in check."
He authored AB 1949, which would set up a three-year pilot project with special identity theft units in Northern, Central and Southern California. The program would create public awareness about the crime and provide a regional clearinghouse for local law enforcement, the private sector and victims.
Sen. Debra Bowen (D-Redondo Beach) has taken aim at the unnecessary use of Social Security numbers to reduce the incidence of stolen numbers. "Your Social Security number is the ultimate pass key because anyone who has it can unlock information about who you are, where you live and what bank and credit card accounts you have," she said. "If we're serious about preventing identity theft, we need to prevent Social Security numbers from getting into the wrong hands in the first place."
Her bill, SB 1767, would attempt to stop fraud by prohibiting organizations such as banks, hospitals and schools from using Social Security numbers as account access or ID numbers. In screening new credit applications, she proposes that companies require five matching identifiers such as address, phone number and Social Security, driver's license and bank account numbers, instead of the current three.
SB 1365, authored by Sen. Kevin Murray (D-Culver City), would allow victims of identity theft to prohibit companies with which they do business from sharing marketing information about them with affiliates and third parties. If a company disclosed customer information to a felon, it could be held liable for a penalty of $5,000 per disclosure.
AB 1862, authored by Assemblyman Tom Torlakson (D-Martinez), would create a state database about victims of identity theft. It would be used by victims to help prove their innocence in cases where someone else using their identity has committed a crime.
AB 1897, authored by Assemblywoman Susan Davis (D-San Diego), would allow victims of identity theft to file a police report and use it to clear their name by correcting credit reports or getting a new driver's license. Currently, police departments do not always issue a police report in identity theft cases.
AB 2462, authored by Assemblyman Rod Wright (D-Los Angeles), would allow identity theft victims to use the courts to fight efforts to collect money from them for fraudulent debts stemming from identity theft crimes.
Protect yourself from ID theft
by Linda Sherry
Legally, victims of identity theft are not responsible for any money that is lost when crooks make unauthorized use of their credit information—but it can be difficult and time-consuming for victims to prove that fraud occurred. These tips can help you prevent identity theft:
- Tear up personal papers, receipts and junk mail. Most fraud using stolen identities happens when crooks find or steal personal information. They may steal your wallet or take a credit card receipt, billing statement or other financial records such as your bank statement or pay check stubs. Thieves go through your garbage to find banking and insurance paperwork, credit card bills or cancelled checks. Even your unwanted junk mail, such as preapproved offers for credit cards, can be valuable to someone who wants to steal your credit.
- Watch what you say on the phone. When you are talking on a pay phone, your conversation may be easily overheard. On some cell phones, your conversations can be overheard by people who use scanning devices. There are people who make money collecting information this way. Don't discuss personal information or give credit card numbers or other sensitive information while using a public payphone or cell phone.
- Know who you are doing business with. Identity fraud sometimes happens when employees of banks, shops and restaurants steal information about customers. It can be difficult to protect yourself from this kind of fraud, but dealing with well-established businesses may help. When shopping on the Internet, make sure the lock or key icon on your browser's screen is whole—a broken icon indicates the site is not secure.
- Check credit card and bank statements immediately. Jot down a list of your credit cards and bank and brokerage accounts and when you expect the statements for those accounts to arrive. Look over your statements as soon as you receive them to make sure no one else is using your accounts. If a statement doesn't arrive on time, or you find unauthorized transactions on your accounts, contact the financial institution immediately.
- Check your credit reports every year. There are three major credit reporting bureaus that keep information about your credit history—loans, credit cards, mortgages, etc.—on file. You can order a copy of your reports from any or all three bureaus at any time by sending a request and your payment (up to $8.50 each). By monitoring your credit report, you can make sure no one else has been using your credit. The three largest credit reporting bureaus are Equifax (1-800-685-1111), Experian (1-888-397-3742) and Trans Union (1-800-916-8800).
- Talk to your employer about identity theft. Employers keep a lot of personal information about their employees—if it's not kept in a secure place and subject only to limited access by key employees, it could be gold mine for an identity thief. In your own office, keep any personal paperwork such as health insurance documentation or pay check stubs in a locked desk drawer and thoroughly tear or shred unwanted bills, receipts and other personal papers.
Unintended uses of Social Security numbers go beyond their real purpose
A number of federal laws and regulations require federal programs and federally funded activities to use Social Security numbers to enforce compliance with laws and determine eligibility for benefits.
The Internal Revenue Service (IRS) uses Social Security numbers as taxpayer identification numbers. Employers and others making payments to individuals must include Social Security numbers in reporting payments to the IRS. Reportable payments include interest payments, employee wages, investor dividends, retirement benefits, cash deposits or purchases of more than $10,000 and annual mortgage interest payments of more than $600.
Taxpayers must include their Social Security numbers on income tax forms as well as the Social Security numbers of their dependents and ex-spouses who receive alimony.
However, federal law neither requires nor prohibits many other uses of Social Security numbers by the public and private sector. These auxiliary uses put consumers at risk of identity theft.
Banks often use the last four digits of Social Security numbers as the default personal identification number for ATM cards and telephone banking access. Many insurance companies use Social Security numbers as account numbers and print them on membership cards that must be carried by the health plan member. Most colleges and universities use Social Security numbers as student IDs, and grades often are posted using Social Security numbers. In some states, Social Security numbers are used as driver's license numbers.
If your financial institution, insurance company, motor vehicles department or school uses your Social Security number to identify you, ask to have it replaced with another account number, personal identification number or secret code. Explain to the agency that you are concerned about identity theft.
More Information
- Federal Trade Commission
Ask for the brochure "ID Theft: When Bad Things Happen To Your Good Name."
600 Pennsylvania Avenue, N.W.
Washington, DC 20580
1-877-382-4357
Web site: www.ftc.gov - Identity Theft Survival Kit
28202 Cabot Road, Suite 215
Laguna Niguel, CA 92677
1-800-725-0807
E-mail: .(JavaScript must be enabled to view this email address)
Web site: www.identitytheft.org - Privacy Rights Clearinghouse
Identity theft information and publications can be found on its web site ([url=http://www.privacyrights.org]http://www.privacyrights.org[/url]).
E-mail: .(JavaScript must be enabled to view this email address)
Web site: www.privacyrights.org - U.S. PIRG (Public Interest Research Group)
Provides a wealth of on-line information (www.pirg.com) on the rights of identity fraud victims, consumer credit and privacy rights.