Center for Problem-Oriented Policing

To print this guide, click on your web browser's "Print" icon, or go to the menubar and select "File..Print"

Identity Theft

Guide No. 25 (2004)

by Graeme R. Newman

The Problem of Identity Theft

This guide addresses identity theft, describing the problem and reviewing factors that increase the risks of it. It then identifies a series of questions to help you analyze your local problem. Finally, it reviews responses to the problem, and what is known about them from evaluative research and police practice.

† The term identity fraud is sometimes used to include the whole range of identity theft related crimes (Economic Crime Institute 2003).

Identity theft is a new crime, facilitated through established, underlying crimes such as forgery, counterfeiting, check and credit card fraud, computer fraud, impersonation, pickpocketing, and even terrorism. It became a federal crime in the United States in 1998, with the passage of the Identity Theft Assumption and Deterrence Act.1 This act identifies offenders as anyone who

…knowingly transfers or uses, without lawful authority, any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.

A significant feature of identity theft is the offender’s repeated victimization of a single person. This may include repeatedly using a stolen credit card, taking over a card account, or using stolen personal information to open new accounts.

† A victimization survey conducted by the Federal Trade Commission (FTC) found that 16 percent of victims whose credit cards were misused said the people responsible had also tried to “take over” the accounts by doing such things as changing the billing address or adding themselves to the card as an authorized user (Federal Trade Commission 2003a).[Full Text]

Congressional hearings on identity theft in the 1990s revealed that police generally did not regard those whose identities had been stolen as the true victims, since the credit card companies took the financial loss. In addition, the companies typically did not report their losses to local police (or to anyone else, for that matter). Studies also showed that victims rarely reported the loss or theft of a card to the police, since they believed that the card company would cover the loss. However, because the repeated use of a victim’s identity caused serious disruption and emotional damage, more victims began to report the offense.

It is likely that your initial exposure to identity theft will be the request of a victim for a police report about the incident. Credit-reporting agencies now require that victims do so as part of the an “identity theft affidavit.” that the victim submit a police report. Until recently, victims had a hard time getting such reports from the police. However, in response to growing media coverage and congressional testimony concerning identity theft, the International Association of Chiefs of Police (IACP) adopted a resolution in 2000 urging all police departments to provide incident reports and other assistance to identity theft victims. It is also possible that people you have stopped or questioned have given you a fake ID—or a legitimate ID acquired with a false or forged document.

† WHEREAS, reports of identity theft to local law enforcement agencies are often handled with the response ‘please contact your credit card company,’ and often no official report is created or maintained, causing great difficulty in accounting for and tracing these crimes, and leaving the public with the impression their local police department does not care…. RESOLVED, that the International Association of Chiefs of Police calls upon all law enforcement agencies in the United States to take more positive actions in recording all incidents of identity theft and referring the victims to the Federal Trade Commission…” (International Association of Chiefs of Police 2000).

It is difficult, though not impossible, for local police to influence some important factors that contribute to identity theft. These concern

That said, this guide will help you determine what you can do to prevent identity theft and help victims in your jurisdiction.

Related Problems

The following problems are closely related to identity theft, but not specifically addressed in this guide:

Harms Caused by Identity Theft

Sources of Identity Theft Data

Data sources vary in quality and often provide conflicting or different estimates, especially concerning the extent and cost of identity theft. A recent problem is the tendency of businesses to exaggerate the threat of identity theft to sell products tailored to prevent it, such as insurance or software. Several sources supply data on identity theft:

The FTC’s 2003 victimization survey provides the most reliable information to date.13

Factors Contributing to Identity Theft

Understanding the factors that contribute to your problem will help you frame your own local analysis questions, determine good effectiveness measures, recognize key intervention points, and select appropriate responses. There are few scientific studies on identity theft victims, offenders, or incidents, though there are studies on some identity theft-related crimes such as check and credit card fraud.

† See the POP Guide on Check and Card Fraud.

Regarding victims, the most important findings concern the time taken to discover the theft:

Victim characteristics are probably not related to identity theft vulnerability, though more research is needed in this area. The average age of victims is 42. They most often live in a large metropolitan area, and typically don’t notice the crime for 14 months. Evidence suggests that seniors are less victimized by identity theft than the rest of the population, though they can be targeted in specific financial scams that may or may not involve identity theft. African Americans may suffer more from non-credit card identity theft, especially theft of telephone and other utility services, and check fraud.16

† See the POP Guide on Financial Crimes Against the Elderly.

Regarding offenders, data from the above sources suggest they are attracted to identity theft for two important reasons:

Familiarity between victim and offender provides opportunities for identity theft because of the availability of personal information among relatives, coworkers, and others. According to the 1999–2001 FTC complaint files (see figure below), close to 11 percent of the complainants knew the offender. The FTC’s 2003 survey found that 86 percent of victims had no relationship with the thief.17 However, other sources claim closer to 60 percent of victims knew or had some information about the offender.18

Offenders’ opportunities to commit identity theft may be classified under two broad categories: place and guardianship.The trouble is that committed offenders know very well where to find personal information, and the guardianship is not too effective.

Place

Offenders can generally find people’s personal information in three places:

These all can offer opportunities to thieves, depending on how well they are protected.

Guardianship

Personal Guardianship

People are generally casual about protecting their personal information, even though they indicate in opinion polls that they are very concerned about doing so.19

Agency Guardianship

There is an enormous amount of personal information available, and it is incredibly easy to obtain. Government agencies and businesses keep computerized records of their clients. They may sell or freely provide that information to other organizations. Often, all that is needed is one form of identification, such as a driver’s license, and an offender can obtain the victim’s mother’s maiden name, social security number, etc. Many identity theft crimes are committed by employees of organizations that maintain client databases. For example, a widely publicized Detroit case involved an identity theft ring in which employees of a major credit card company stole customer information.20 Procedures for authenticating individual identities are often inadequate. Establishing a given person’s “true identity” is a complex task. It requires the careful assessment of

† U.S. residents do not own personal information contained in agency databases, so they have little control over how that information is used. Recent “opt-out” laws allow people to prevent their information from being provided to others, but these laws are not widely publicized.

†† Social security numbers are not so secure. A recent study estimated that 4.2 million people have managed to acquire alternative numbers (Finch 2003) [Full Text]

Many agencies and businesses make only a cursory attempt—if any—to assess these.


How Offenders Steal Identities

The notoriety of identity theft rose with media coverage of the dangers of buying and selling on the Internet. However, the ways offenders steal identities are decidedly low-tech. Computer hackers aren’t necessarily geniuses; sometimes they simply obtain a password by trickery or from a dishonest insider. Some methods are more popular than others, as is clear from Figure 1, which is based on data collected by the FTC and reported by the General Accounting Office. In general, these data indicate that offenders make the most of the easiest available opportunities:

† Available data indicate that Internet-related identity theft constitutes a small proportion of all identity theft, probably less than 20 percent. However, there are many definitional problems here. For example, just one act of hacking into a database may reap thousands of credit card numbers and other personal data. These are then used to commit thousands of identity thefts offline. So it is wise to reserve judgment on this issue for now.

How Offenders Use Stolen Identities

Offenders use victims’ personal information in countless ways. Some of the most common examples follow:

Types of Identity Theft

Classifying identity theft into types is difficult, as it involves a wide variety of crimes and related problems. However, the acknowledged motives for identity theft can be used to construct a simple typology. Research indicates that the two dominant motives for identity theft are financial gain and concealment (either of true identity or of a crime). These motives are mediated by the offenders’ level of commitment to the task and the extent to which offenders are simply opportunists taking advantage of the moment.

† The FTC survey reported that 15 percent of ID theft victims in the past five years had their personal information misused in nonfinancial ways. The most common such misuse was for the offender to give the victim’s name and identifying information when stopped by law enforcement or charged with a crime (Federal Trade Commission 2003a).[Full Text]

Professionals who seek out targets and create their own opportunities—usually in gangs—have a high level of commitment. A lot of planning and organization is involved. Some lone offenders also display considerable commitment and planning, especially in regard to concealing personal history. Offenders with low commitment take advantage of opportunities in which ID theft appears to solve an immediate problem; thus their identity thefts are “opportunistic.”

As seen in Table 1, there are four types of identity theft, based on the combinations of commitment and motive. Of course, any single case could reflect aspects of more than one type.

 

Financial gain

Concealment

High commitment (lots of planning)

Organized. A fraud ring systematically steals personal information and uses it to generate bank accounts, obtain credit cards, etc. (See box below.)

Individual. The offender sets up a look-alike Internet website for a major company; spams consumers, luring them to the site by saying their account information is needed to clear up a serious problem; steals the personal/financial information the consumer provides; and uses it to commit identity theft.

Organized. Terrorists obtain false visas and passports to avoid being traced after committing terrorist acts.

† An Algerian national facing U.S. charges of identity theft allegedly stole the identities of 21members of a Cambridge, Mass., health club and transferred the identities to one of the people convicted in the failed 1999 plot to bomb Los Angeles International Airport (Willox 2002). [Full Text]

Individual. The offender assumes another’s name to cover up past crimes and avoid capture over many years.

Opportunistic (low commitment)

An apartment manager uses personal information from rental applications to open credit card accounts.

The offender uses another’s name and ID when stopped or arrested by police.

Table 1 The Four Types of Identity Theft

High Commitment, for Financial Gain

Organized. In this type of identity theft, a group or gang carefully plans and orchestrates the crimes. Indeed, while it is widely believed that committing identity theft is easy because of the numerous opportunities described above, carrying out a truly successful identity theft requires considerable organization and preparation:

Research has shown that organized criminal gangs in Southeast Asia manufacture plastic cards using stolen identities. These are then marketed on the street in large U.S. and European cities. Street fraudsters tend to specialize in particular types of card fraud. They use highly sophisticated techniques to avoid detection either when using the card in a retail store or when converting purchased goods into cash. They tend to work in small gangs, deal in high volume, and operate in high-population areas, usually 50 miles or more away from where they live.

A Classic Case of Organized Identity Theft for Financial Gain

Jane Sprayberry handed over her driver’s license to an American Express customer service representative who had asked for it in order to replace Jane’s lost credit card. True to the Amex promise, she received the replacement card without delay. The only trouble was that the recipient was not the real Jane Sprayberry. The driver’s license had her name on it, but the photograph was not of her. In no time, the imposter ran up a big bill on high-priced jewelry, clothing, and appliances. Just a week before, Jane’s husband’s bank account had been emptied and his credit card cloned. A coincidence? Not at all. A ring of fraudsters in Detroit had gotten jobs at large businesses and had collected reams of personal information: personnel records, credit records, old rental-car agreements. Those offenders who were eventually caught had bags and books full of such records—records they had used over several years. They had run up an average of $18,000 in credit card charges per victim. And they had sold identities on the street for around $25 each. It took the real Jane Sprayberry and her husband more than six months to clean up the mess.23

Individual. Individuals may become strongly committed to the crime once they discover, after casually using someone’s identity, how easy it is to get away with doing so. For example, someone with a drug habit may regularly buy stolen credit cards on the street (stolen cards are cheaper if others have used them), to raise money to buy drugs.

Opportunistic, for Financial Gain

The second type of identity theft occurs when the offender takes advantage of the access he or she has to the personal information of friends, family, or others. Examples include the following:

High Commitment, for Concealment

Organized. Terrorism is the most recently cited instance of organized groups’ stealing identities to conceal illegal activities, and to make tracking their true identities much more difficult after they’ve committed crimes. Authorities claim that all 19 of the September 11 terrorists were involved in identity theft in some way.24 This resulted in the mistaken arrest of people whose identities had been stolen.

Individual. Covering up past crimes is a major reason for individuals to steal or assume another’s identity. Kathleen Soliah, wanted for various bombings and attempted murder in relation to her activities in the Symbionese Liberation Front in the late 1960s, assumed the identity of Sara Jones Olson (a common Scandinavian surname in Minnesota). She evaded capture for 23 years, and in the meantime became a doctor’s wife, mother of three, community volunteer, veteran of charity work in Africa, and practicing Methodist living in an upscale neighborhood in St. Paul, Minn.

Text Box: http://www.ariza-research.com/new-id/

Sources on the web make it easy for people to hide their identities.

Opportunistic, for Concealment

The most common type of opportunistic identity theft for concealment occurs when an offender gives the name of an acquaintance, friend, or family member when stopped, questioned, or arrested by police. Examples include the following:

UnderstandingYour Local Problem

The information provided above is only a generalized description of identity theft. You must combine the basic facts with a more specific understanding of your local problem. Analyzing the local problem carefully will help you design a more effective response strategy.

Asking the Right Questions

The following are some critical questions you should ask in analyzing your particular problem of identity theft, even if the answers are not always readily available. Your answers to these and other questions will help you choose the most appropriate set of responses later on. In some cases, the questions you should ask will be similar to those recommended regarding check and credit card fraud. If you find that such fraud figures heavily in the identity thefts you confront, you should also consult Check and Card Fraud, Guide No. 21 in this series.

Incidents

Offenders

Victims

Locations/Times

Current Practices

Measuring Your Effectiveness

Measurement allows you to determine to what degree your efforts have succeeded, and suggests how you might modify your responses if they are not producing the intended results. You should take measures of your problem before you implement responses, to determine how serious the problem is, and after you implement them, to determine whether they have been effective. All measures should be taken in both the target area and the surrounding area. (For more detailed guidance on measuring effectiveness, see the companion guide to this series, Assessing Responses to Problems: An Introductory Guide for Police Problem-Solvers.)

The following are potentially useful measures of the effectiveness of responses to identity theft:

Responses to the Problem of Identity Theft

Your analysis of your local problem should give you a better understanding of the factors contributing to it. Once you have analyzed your local problem and established a baseline for measuring effectiveness, you should consider possible responses to address the problem. As noted at the beginning of this guide, some of the risk factors relating to identity theft may lie beyond the immediate influence of local police, or they may appear to lie beyond the usual scope of local police responsibility. These include

However, studies of successful interventions to reduce or prevent check and credit card fraud have shown that there are things local police can do to impact some of the above factors. It requires the development of various partnerships with local and state government agencies and with businesses.

† See the POP Guide on Check and Card Fraud.

The following response strategies provide a foundation of ideas for addressing your particular problem. These strategies are drawn from a variety of research studies and police reports. Several of these strategies may apply to your community’s problem. It is critical that you tailor responses to local circumstances, and that you can justify each response based on reliable analysis. In most cases, an effective strategy will involve implementing several different responses. Law enforcement responses alone are seldom effective in reducing or solving the problem. Do not limit yourself to considering what police can do: give careful consideration to who else in your community shares responsibility for the problem and can help police better respond to it. In the case of identity theft, there are clear implications for businesses, other government agencies, and consumer advocacy groups.

General Considerations for an Effective Response Strategy

As we have seen, identity theft is a complex crime, composed of many sub-crimes and related to many other problems. Thus,identity theft crimes fall under the authority of many different agencies, including the local police, Secret Service, Postal Inspection Service, FBI, Homeland Security, local government offices, and motor vehicle departments, to name just a few.Regional and state law enforcement agencies may have established multi-agency task forces to combat identity fraud. For example, the Financial Crimes Task Force of Southwestern Pennsylvania consists of local law enforcement, Secret Service agents, and postal inspectors. At a minimum, multi-agency task forces should include motor vehicle departments and local and state government agencies that keep public records. These multi-agency task forces fulfill an important need because, at present, the Secret Service, which has primary responsibility for investigating identity theft, does not accept cases unless there is a financial loss of over $200,000 and a multi-state fraud ring is involved. This leaves many victims in the lurch.

Thus, it will be important for you to work with local agencies to coordinate responses, so that you can participate more fully in designing and implementing preventive strategies. In addition, if local police have the first official contact with the victim, they can be an important investigative resource. FTC data indicate that the victim often knows who the offender is, or has significant amounts of information about the offender. In 2003, 62 percent of the complaints in the FTC identity theft database contained information about the offender.

However, because of the complexity—and expense—of developing multi-agency task forces, your initial efforts should focus on local factors that will help reduce or prevent identity theft and mitigate the harm done to victims. Thus, the responses listed below are divided into two sections:

It should be emphasized that these two stages are closely related, and that collecting information in one stage helps in addressing the other. For example, obtaining information in the victim assistance stage will help you develop prevention strategies.

† The costs to the victim—in terms of both out-of-pocket expense and time spent resolving problems—are substantially smaller if the misuse is discovered quickly. No out-of-pocket expenses were incurred by 67 percent of those who discovered misuse of their personal information within five months (Federal Trade Commission 2003b). [Full Text]

Finally, since identity theft occurs in conjunction with a variety of other crimes, and given the limited resources that may be available to you, it may not be feasible to address all such crimes at once. It may be more effective to be on the lookout for rashes of specific types of identity theft, such as credit card fraud or immigration fraud (if your jurisdiction is near an entry point). Focusing on a specific crime will make it easier to collect relevant information and to measure response effectiveness.

Specific Responses to Identity Theft

Prevention

  1. Raising businesses’ awareness of their responsibility to protect employee and client records. Offenders steal many identities from inadequately protected business records. There are many common-sense, low-tech ways to protect databases. You may work through local business associations, or establish working relationships with local businesses. Do not assume that all, or even most, businesses are aware of the opportunities afforded identity thieves by poor protection of their records. Many businesses do not institute security procedures because they do not consider them cost-effective. Mindful of businesses’ reasonable concern for profits, you should try to convince businesses that the costs of losing data, in terms of both their reputation with clients and possible lawsuits by victims, are much higher than those of following the many simple procedures to protect private information. State and/or federal laws such as GLB (Gramm-Leach-Bliley Act), HIPAA (HealthInsurance Portability and Accountability Act of 1996), and FACTA (Fair and Accurate Credit Transactions Act) require certain businesses or institutions to protect information better. The Internet provides considerable information on how businesses should protect their records. The Privacy Rights Clearinghouse recommends the following practices:
    • Develop a comprehensive privacy policy that includes responsible information-handling procedures. Use a shredder or similar document-disposal method.
    • Conduct regular staff training, new-employee orientations, and spot checks on proper information care.
    • Support and participate in multi-agency financial-crimes task forces.
    • Limit data collection to the minimum of information needed; for example, limit requests for social security numbers.
    • Put limits on data disclosure. For example, must social security numbers be printed on paychecks, parking permits, staff badges, time sheets, training program rosters, staff promotion lists, monthly account statements, client reports, etc.?
    • Restrict data access to only those employees with a legitimate need to know. Audit electronic trails. Impose strict penalties for browsing and illegitimate access.
    • Conduct employee background checks. Screen cleaning services, temp services, etc.
    • Include responsible information-handling practices in business school courses, and even in elementary schools, if children have access to computers.
  2. Educating people about protecting their personal information. The Internet has an enormous amount of information on how to avoid becoming an identity theft victim (see Appendix B for a selection of the main sources). Some police departments include special sections on identity theft on their websites, all with information on how to protect one’s identity. To get the message out, you need to work through the community’s main support organizations: schools, consumer advocacy groups, seniors’ community centers and organizations, neighborhood watch meetings, and other community service groups. If your police department has a website, include information sources on protecting identity on the site. If budget permits, print out information brochures to hand out at meetings. The best publication on preventing identity theft is available free on the Internet or from the Federal Trade Commission: Identity Theft: When Bad Things Happen to Your Good Name. [Full Text]It should be emphasized, however, that there have been no scientific evaluations of the effectiveness of the advice given in this document and on many websites. Much of the advice is “common sense” (for example, don’t leave personal information such as credit card statements in your trashcan).
  3. Collaborating with government and other service organizations to protect private information. Social security numbers and driver’s licenses are the two most common forms of identification used in the United States. While identity theft awareness has increased considerably since the Identity Theft Act of 1998, agencies still need support in efforts to reduce the use of social security numbers as identifiers (very common on health insurance cards, for example), and local agency personnel may need to be constantly reminded of the risks involved in lax use of private information. Although some of the following recommendations are probably beyond the scope of local police, it is important that you work with agencies concerned about these issues, since it helps solidify your relationship with those whose help you may need to investigate identity theft cases or help victims resolve the problems they face, such as getting a new driver’s license. The Privacy Rights Clearinghouse recommends the following practices:
    • Keep social security numbers out of general circulation.
    • Prohibit the use of social security numbers to obtain a driver's license, health insurance ID, or other forms of identification.
    • Prohibit the sale of social security numbers, available now on information-broker websites.
    • Maintain central clearinghouses in each state for lost and stolen driver's licenses.
    • Conduct better photo- and ID-checking for new, duplicate, and replacement IDs.
    • Restrict access to birth certificates in states where they are now publicly accessible.
    • Remove social security numbers and other sensitive information from public records, especially when accessible on the Internet.
  4. Working with local banks to encourage credit card issuers to adopt improved security practices. The major credit card companies have national and international reach, so it is unlikely that your local efforts will directly influence their security policies. It is also clear that their marketing policies sometimes contribute to identity theft—such as the massive number of preapproved offers of credit they mail to consumers. However, local banks often have agreements with the major credit card companies, especially as many ATM (or debit) cards also serve as credit cards. Thus, local banks, as customers of credit card companies, may have some influence on their card-issuing policies. In addition, by working closely with local banks, you may make it easier to establish procedures for local identity theft victims to repair the damage done, and get their accounts operating again. Bear in mind that some financial institutions won’t give investigators information about their clients’ accounts unless through a court order or similar legal process (the new Fair and Accurate Credit Transactions Act removes this requirement as of June 2004). However, they will give the information to their client—the victim. Thus, working closely with the victim is vital (see response #6). You should urge your local banks and businesses to pressure credit card companies to do the following:
    • Conduct better identity verification, especially when the person’s address is reported as changed or differs from what his or her credit report indicates.
    • Conduct better identity verification for those using pre-approved credit cards. Don't rely solely on social security numbers. Have the person provide his or her utility bills, tax record address, etc.
    • Improve identity checking procedures for "instant" credit, favored by identity thieves.
    • Put photographs on credit cards, or other authentication indicators such as smart chips or PINS.
    • Request additional ID when verifying credit card purchases at the point of sale.
    • Enable customers to put passwords on credit accounts.
    • Truncate digits on account numbers printed on receipts at the point of sale.
    • Use account-profiling systems to detect unusual activity. Notify the consumer of possible fraud.
    • Check if there is an existing account in the applicant's name.
    • Check the social security master-death index.
    • Reduce the number of pre-approved credit applications mailed to consumers. Don't mail such offers to anyone under 18. Print an opt-out phone number prominently on all such offers (1-888-5OPTOUT).
    • Prohibit convenience checks, or at least provide an opt-out to credit card and bank customers.
  5. Tracking delivery. Much of identity theft depends on the delivery of documents and products.30 Vacant houses or apartments are prime locations for delivery of products or diverted mail. Credit applications or driver’s license renewal forms are at risk in mailboxes; products bought with stolen credit cards on the Internet are delivered to such addresses. Maintaining a close relationship with local postal inspectors and delivery companies such as UPS or FedEx may help you track items back to thieves. You can work with the local post office and delivery companies to train employees to
    • take note of deliveries to houses that are vacant or up for sale;
    • spot driver’s license renewals and credit card statements that go to unfamiliar addresses; and
    • maintain records of applications to forward mail or packages (the Postal Service now requires people to show ID to submit a change-of-address or mail-forwarding application).

Victim Assistance

  1. Working with the victim. Victims have many protections under federal and state law that prevent them from being liable for unauthorized charges, withdrawals, or other unlawful activities of identity thieves. They also have rights regarding the accuracy of their credit reports. Police need to understand how consumers are protected, and provide victims with educational resources that explain their rights and the steps they need to take to assert them. The FTC’s comprehensive guide, When Bad Things Happen to Your Good Name, and its website, www.consumer.gov/idtheft, provide consumers with the information they need to deal with fraudulent debts and any negative credit-report information resulting from identity theft.

    Communicating with victims is important, as well.The most frequent complaint the Identity Theft Resource Center receives is that “the police just don’t care.”It is important to let victims know that the police do care and do understand. Remember that identity theft victims have been repeatedly victimized. Identity theft is an emotionally harmful crime. Furthermore, you should be aware that victims typically uncover more evidence in a case than do investigators, and more rapidly. Thus you should quickly develop a close working relationship with the victim. The steps you can take to do so are as follows:31

    • Assure the victim that you will take a police or incident report and give him or her a copy. This is important because many, if not all, identity theft crimes fall under several jurisdictions. For example, the offender steals the credit card in one state and uses it in another; the card company is located in yet a different state; and the victim lives elsewhere. Even though there may be many cross-jurisdictional issues involved, you should immediately respond to the victim by preparing a police or incident report. Without one, the victim will have difficulty filing an identity theft affidavit. At a minimum, file a report with the FTC Consumer Sentinel database.
    • Have available the Identity Theft Victim Guide, which outlines what steps a victim should take, and how the victim should prepare for the investigator’s phone call or visit. It should be mailed to the victim, as well as available on your department’s website. The guide should list what steps your department takes after receiving a complaint, and exactly what information and documentation the victim needs to provide when interviewed.
    • Recommend that, for the initial meeting, the victim prepare a rough written draft of the case. The victim should provide his or her name and contact details; state when he or she discovered the fraud; list any fraudulent activity to date, in chronological order; list the affected accounts; and provide facts about the imposter, if any are known.
    • At your initial meeting with the victim, he or she may be frustrated and angry. Inform the victim what it’s like “behind the scenes” of a fraud investigation; what the procedures will be from this point forward; how soon it will be before a copy of the police report is available; when he or she will hear from you next; and what the chances are of catching the offender.
    • Help victims to understand and exercise their rights under the federal credit laws. They will have to take many steps to restore their accounts, be released from fraudulent debts, and clean up their credit reports. Many of these steps must be followed up in writing. Therefore, direct the victim to Internet resources (such as the FTC website, www.consumer.gov/idtheft), or give the victim written materials that explain how the recovery process works. Help the victim secure the necessary paperwork, such as an identity theft affidavit, and give the victim a copy of the police or incident report regarding his or her case. Also give the victim information on how to contact the credit-reporting companies.
    • Enter the victim’s complaint information into the FTC’s Identity Theft Data Clearinghouse, letting the victim know that you are doing so on his or her behalf, or advise the victim to file a complaint with the FTC, either online at www.consumer.gov/idtheft, or by calling 1-877-ID-THEFT (1-877-438-4338). Explain to the victim that while the individual identity theft complaint may not be enough to bring to a prosecutor, putting it into the national database will enable investigators across the country to combine it with any other complaints about the same offender, making prosecution more likely.
  2. Preparing a plan to prevent or minimize the harm of identity theft when large identity databases have been breached. When a business or government agency reports that its employee records or client databases have been violated, police and others must act quickly to reduce the amount of time the thief has to use the stolen identities. Such a case occurred in California when a thief broke into state government databases and stole personal information of 265,000 employees, including the governor. The following steps were taken:
    • Toll-free, dedicated phone lines were set up for employees to call the three major credit bureaus to warn of the theft.
    • Employees received information packets on what to do to protect their identities and reduce damage, how to read credit reports, how a fraud alert on a credit file works, and so on.
    • The state held workshops for employees, distributed videos, and launched a webpage with helpful informati
    The FTC has published a response guide on what a business should do if files with customers’ personal information have been compromised. It sets out a step-by-step plan and includes a model letter to notify customers whose information was compromised. The guide is available online at http://www.ftc.gov/bcp/conline/pubs/buspubs/idtbizkit.htm.

Selected Identity Theft Resources

Help for Victims and Others

Federal Government Resources

Department of Justice: www.usdoj.gov/criminal/fraud/idtheft.html
FBI: http://www.fbi.gov/contact/fo/fo.htm
FTC: www.consumer.gov/idtheft and www.ftc.gov

Consumer Advocacy

AARP: http://www.aarp.org/money/scams-fraud/
CALPIRG and USPIRG: www.pirg.org
ID Theft Resource Center for Law Enforcement: http://www.idtheftcenter.org/law_enforcement.shtml
Identity Theft Survival Kit: www.identitytheft.org
Privacy Rights Clearinghouse: www.privacyrights.org

Law Enforcement Consortia

International Association of Financial Crime Investigators: http://www.iafci.org/web

Useful Documents

“Coping With Identity Theft: What to Do When an Impostor Strikes,” by Privacy Rights Clearinghouse (Fact Sheet 17). www.privacyrights.org.

“Identity Theft Survival Kit” and “From Victim to Victor: A Step-by-Step Guide for Ending the Nightmare of Identity Theft,” by Mari Frank. Available at www.identitytheft.org

"Identity Theft: When Bad Things Happen to Your Good Name," by Federal Trade Commission (September 2002). Phone: 1-877-ID-THEFT. [Full Text ]

Software

Case Planner. Identity Theft Risk Management and Resolution Software for Consumers. Offers extensive help to organize one's case, from risk reduction to resolution of problems should one be victimized. Find it at: http://www.globalfraudsolutions.com/

Summary of Responses

The table below summarizes the responses to identity theft, the mechanism by which they are intended to work, the conditions under which they ought to work best, and some factors you should consider before implementing a particular response. It is critical that you tailor responses to local circumstances, and that you can justify each response based on reliable analysis. In most cases, an effective strategy will involve implementing several different responses. Law enforcement responses alone are seldom effective in reducing or solving the problem.

Prevention
# Response How It Works Works Best If... Considerations
1 Raising businesses’ awareness of their responsibility to protect employee and client records You work with businesses to ensure that they follow best practices for securing personal records …you have a good working relationship with local businesses You must overcome businesses’ concerns that security practices will affect their bottom line
2 Educating people about protecting their personal information You work with local schools and citizen and consumer groups to teach theft prevention techniques …you use the wealth of information available on the Internet and provided by many federal and state agencies This should be made a part of your department’s regular outreach activities
3 Collaborating with government and other service organizations to protect private information You work with service agencies to reduce the use of social security numbers as identifiers …you have a good working relationship with the agencies, especially those that issue identification documents Your influence may be limited, depending on your reputation for dealing with identity theft, and the size of the government bureaucracy
4 Working with local banks to encourage credit card issuers to adopt improved security practices You urge banks to demand that credit card issuers develop better identity verification techniques …you have a good working relationship with local banks Credit card issuers are often international in scope, so their security practices might be beyond the influence of local financial institutions
5 Tracking delivery You work with the post office and delivery companies to monitor vacant residences and diverted deliveries of mail …you help train delivery employees to spot suspicious deliveries This requires considerable effort to maintain monitoring and training over time
Victim Assistance
# Response How It Works Works Best If... Considerations
6 Working with the victim You adopt the victim as your partner in the investigation …you address victim concerns early and show that you care, provide the victim with a copy of the police or incident report, and direct the victim to resources outlining the self-help steps he or she needs to take Cross-jurisdictional issues may hamper your response and frustrate the victim; the number of identity theft incidents may initially appear to rise after you adopt a policy to write reports for all victims; the victim will still need to make follow-up phone calls and send follow-up documents to resolve their identity theft problems, which may prove burdensome
7 Preparing a plan to prevent or minimize the harm of identity theft when large identity databases have been breached You work with local businesses and service agencies to develop a disaster plan should massive theft of personal records occur …you have a good working relationship with local agencies, so that the plan can be put into effect immediately to reduce the time the thief has to use stolen records This requires coordination and cooperation between local businesses and government, and direct contact with national credit- reporting agencies

Endnotes

  1. U.S. Public Law 105-318 (1998). [Full Text]
  2. Newman and Clarke (2003).
  3. Maxfield and Clarke (in press). [Full Text]
  4. United Nations Interregional Crime and Justice Research Institute (2003). [Full Text]
  5. Federal Trade Commission (2003a).[Full Text]
  6. Federal Trade Commission (2003c). [Full Text]
  7. CALPIRG (2000).[Full Text]
  8. CALPIRG (2000).[Full Text]
  9. Goodwin (2003).
  10. Lease and Burke (2000).
  11. Federal Trade Commission (2003a). [Full Text]
  12. Personal communication, John McCullough, Minnesota Financial Crimes Task Force.
  13. Federal Trade Commission (2003a).[Full Text]
  14. Federal Trade Commission (2003a).[Full Text]
  15. Federal Trade Commission (2003a).[Full Text]
  16. Federal Trade Commission (2003).[Full Text]
  17. Verton (2001)[Full Text]; Federal Trade Commission (2003a).[Full Text]
  18. Burns, Ronni (2004). Citicard presentation to Identity Theft Focus Group, Major Cities Chiefs Association, May 3.
  19. Cullier (2003). [Full Text]
  20. Davis (2001).
  21. Willox (2000). See also Prabwo (2011) [Full text]
  22. Willox (2000).
  23. Davis (2001).
  24. Willox (2002). [Full Text]
  25. Whitlock (1999).
  26. North County Times (2002).
  27. Levi and Handley (n.d.). [Full Text]
  28. Mativat and Tremblay (1997). [Abstract only]
  29. Lacoste and Tremblay (2003).
  30. Newman and Clarke (2003), pp. 117–118, 126.
  31. Foley (2003). [Full Text]

References

CALPIRG (2000). Nowhere to Turn: Victims Speak out on Identity Theft. A CALPIRG/PRC Report – May. Sacramento, Calif.: Privacy Rights Clearinghouse. [Full Text]

Cullier, D. (2003). “WSU Study Shows Washingtonians Fear Identity Theft But Want Government to Operate in the Open.” Washington State University News Service. Feb. 26. [Full Text]

Davis, K. (2002). “Clean up Your Trash: A Home Shredder Is Insurance Against Identity Theft.” Kiplinger Personal Finance 56(6):102.

——— (2001). “Anatomy of a Fraud.” Kiplinger’s Personal Finance 55(3):90.

Economic Crime Institute (2003). “Identity Fraud: A Critical National and Global Threat.” White Paper. A Joint Project of the Economic Crime Institute of Utica College and LexisNexis. Oct. 28.

Finch, E. (2003). “What a Tangled Web We Weave: Identity Theft and the Internet.” In Y. Jewkes (ed.), Dot.cons: Crime, Deviance, and Identity on the Internet. Cullompton, England: Willan. [Full Text]

Federal Trade Commission (2003a). Identity Theft Report. [Full Text]

——— (2003b). Overview of the Identity Theft Program, October 1998–September 2003.[Full Text]

——— (2003c). National and State Trends in Fraud and Identity Theft, January–December 2003. [Full Text]

Foley, L. (2003). “Enhancing Law Enforcement – Identity Theft Communication.” Identity Theft Resource Center. [Full Text]

Goodwin, B. (2003). “Identity Theft Is Key Cybersecurity Fear.” Computerweekly.com. April 17.

International Association of Chiefs of Police (2000). “Curbing Identity Theft.” Resolutions.

Jackson, J. (1994). “Fraud Masters: Professional Credit Card Offenders and Crime.” Criminal Justice Review 19(1):24–55.

Lacoste, J., and P. Tremblay (2003). “Crime Innovation: A Script Analysis of Patterns in Check Forgery.” Crime Prevention Studies 16:171–198.

Lease, M., and T. Burke (2000). “Identity Theft: A Fast-Growing Crime.” FBI Law Enforcement Bulletin 69(8).

Levi, M., and J. Handley (n.d.). Criminal Justice and the Future of Payment Card Fraud. London: IPPR Criminal Justice Forum. [Full Text]

Mativat, F., and P. Tremblay (1997). “Counterfeiting Credit Cards: Displacement Effects, Suitable Offenders, and Crime Wave Patterns.” British Journal of Criminology 37(2):165–183.[Abstract only]

Maxfield, M., and R. Clarke (eds.) (in press). Understanding and Preventing Auto Theft. Crime Prevention Studies, Vol. 17. Monsey, N.Y.: Criminal Justice Press. [Abstract only]

Newman, G., and R. Clarke (2003). Superhighway Robbery: Preventing E-Commerce Crime. London: Willan.

North County Times(2002). “Woman Hangs Self in Jail.” April 1, Back Page.

Prabwo, Hendi Yogi (2011). Nationwide Credit Card Fraud Prevention. [Full text]

Schrader, A. (2003). “ Colorado's Lax Laws Attract ID Thieves.” Denver Post, Dec.1.

United Nations Interregional Crime and Justice Research Institute (2003). Coalitions Against Trafficking in Human Beings in the Philippines. Research and Action Final Report: Anti-Human Trafficking Unit. Vienna, Austria: United Nations. See also [Full Text]

U.S. General Accounting Office (2002). “Identity Fraud: Prevalence and Links to Illegal Alien Activities.” Statement of Richard M. Stana, Director of Justice Issues. GAO-02-830T. [Full Text]

——— (1998). “Identity Fraud.” Report No. GGD-98-100BR. [Full Text]

U.S. Public Law 105-318 (1998). 105th Cong.112 Stat. 3007, (October 30, 1998).Identity Theft Assumption and Deterrence Act of 1998. [Full Text]

U.S. Sentencing Commission (1999).Identity Theft: Final Report. Economic Crimes Policy Team. Dec. 15.

Verton, D. (2001). “Identity Thefts Skyrocket, but Less Than 1% Occur Online.” Computerworl d 35(7).. [Full Text]

Whitlock, Craig (1999). “The Suspect Really Was Someone Else.” Washington Post, Aug. 18.

Willox, N. (2002). “Identity Fraud: Providing a Solution.” Journal of Economic Crime Management 1(1). [Full Text]

——— (2000). “Identity Theft: Authentication as a Solution.” National Fraud Center March 15–16.

Related POP Projects

Important!

The quality and focus of these submissions vary considerably. With the exception of those submissions selected as winners or finalists, these documents are unedited and are reproduced in the condition in which they were submitted. They may nevertheless contain useful information or may report innovative projects.

"See! It's Me!" Identity Theft Prevention Program, San Angelo Police Department (San Angelo, TX, US), 2006