VI. Identity Theft Techniques
To be successful at identity theft requires that the would-be offenders not only secure identifying information but also convert it into goods or cash. Identity thieves have developed a number of techniques and strategies to do just this. Researchers and law enforcement agencies have collected information, primarily from victimization surveys and interviews with offenders, on the techniques identity thieves commonly employ.
A. Acquiring Identifying Information
The first step in the successful commission of identity theft is to obtain personal information on the victim. This task is relatively easy for offenders to do. Offenders obtain this information from wallets, purses, homes, cars, offices, and businesses or institutions that maintain customer, employee, patient, or student records. Social security numbers, which provide instant access to a person’s personal information, are widely used for identification and account numbers by insurance companies, universities, cable television companies, the military, and banks. The thief might steal a wallet or purse; or work at a job that affords him or her access to credit records; or purchase the information from someone who does (e.g., employees who have access to credit reporting databases commonly available in auto dealerships, realtors’ offices, banks, and other businesses that approve loans); or may find victims by stealing mail, sorting through the trash, or searching the Internet.
The most common way that offenders commit identity theft is by obtaining a person’s credit card information. They then use this information to forge credit cards in the victims’ names and use them to make purchases. According to the Privacy &American Business (2003) survey of victims, 34% of victims reported that their information was obtained this way. In addition, 12% reported that someone stole or obtained a paper or computer record with their personal information on it, 11% said someone stole their wallet or purse, 10% said someone opened charge accounts in stores in their name, 7% said someone opened a bank account in their name or forged checks, 7% said someone got to their mail or mailbox, 5% said they lost their wallet or purse, 4% said someone went to a public record, and 3% said someone created false identification to get government benefits or payments.
The FTC data has also shed light on strategies of offending from the victim perspective. This data show that of those who knew how their information was obtained (43%), 16% said their information was stolen by someone they personally knew, 7% during a purchase or financial transaction, 5% reported their information was obtained from a stolen wallet or purse, 5% cited theft from a company that maintained their information, and 2% said the information was obtained from the mail (Synovate, 2007). Other techniques have been identified, such as organized rings in which a person is planted as an employee in a mortgage lender’s office, doctor’s office, or human resources department to more easily access information. Similarly, these groups will simply bribe insiders such as employees of banks, car dealerships, government, and hospitals to get the identifying information. Others have obtained credit card numbers by soliciting information using bogus emails or simply by shoulder-surfing, which involves peering over someone’s shoulder while the person types in a credit card number.
Researchers have also sought the offenders’ perspective in determining how they obtain information (Copes & Vieraitis, 2007, 2008). These interviews indicate that offenders use a variety of methods to procure information and then convert it into cash or goods. According to Copes andVieraitis (2007), most identity thieves used a variety of strategies and seldom specialized in one method. The most common method used to obtain victims’ information was to buy it, although some offenders acquired identities from their place of employment. It was common for offenders to buy identities from employees of various businesses and state agencies that had access to personal information such as name, address, date of birth, and social security number. Offenders also purchased information from persons they knew socially or with whom they were acquainted “on the streets.” In some cases, the identity thieves bought information from other offenders who had obtained it from burglaries, thefts from motor vehicles, prostitution, or pickpocketing.
B. Converting Information
After obtaining a victim’s information, offenders often use it to acquire or produce additional identity-related documents, such as driver’s licenses or state identification cards, in an attempt to gain cash or other goods. Often offenders apply for credit cards in the victims’ names (including major credit cards and department store credit cards), open new bank accounts and deposit counterfeit checks, withdraw money from existing bank accounts, apply for loans, open utility or phone accounts, or apply for public assistance programs.
In 2006, the most common type of identity theft was credit card fraud (25%) followed by “other” identity theft (24%), phone or utilities fraud (16%), bank fraud (16%), employment-related fraud (14%), government documents or benefits fraud (10%), and loan fraud (5%). Although not directly comparable due to differences in methodology, units of analysis, and definition of identity theft, data from the NCVS indicate that of the 6.4 million households reporting that at least one member of the household had been the victim of identity theft, the most common type was unauthorized use of existing credit cards (BJS, 2007).
The most common strategy for converting stolen identities into cash is to apply for credit cards. Most offenders use the information to order new credit cards, but they also use the information to get the credit card agency to issue a duplicate card on an existing account. They use credit cards to buy merchandise for their own personal use, to resell the merchandise to friends or acquaintances, or to return the merchandise for cash. Offenders also use the checks that are routinely sent to credit card holders to deposit in the victim’s account and then withdraw cash or to open new accounts. Offenders have been known to apply for store credit cards such as those of department stores and home improvement stores. Other common strategies for converting information into cash or goods include producing counterfeit checks, which offenders cash at grocery stores, use to purchase merchandise and pay bills, open new bank accounts to deposit checks or to withdraw money from an existing account, and apply for and receive loans.
C. Victim–Offender Relationship
The limitations of currently available data make the relationship between the victim and offender difficult to assess. Research on the topic has produced mixed results regarding whether the offenders knew victims before stealing their information. To date, the available data suggest that the majority of victims do not know their offenders. The FTC reported that 84% of victims were either unaware of the identity of the thief or did not personally know the thief; 6% of victims said a family member or relative was the person responsible for misusing their personal information; 8% reported the thief was a friend, neighbor, or in-home employee; and 2% reported the thief was a coworker (Synovate, 2007). Although the figures are lower than those reported by the FTC study, two additional studies also reported that the majority of victim–offender relationships involved individuals who did not know each other. Both Allison et al. (2005) and Gordon et al. (2007) reported that the majority (59%) of victims did not know the offender. The most recent data from the ITRC (2007) also indicate that 60% of victims did not know the offender. In contrast, in Kresse et al.’s (2007) study of identity thefts reported to the Chicago police department, in over 60% of the cases where the means or method of theft was known (282 of 1,322), the victim’s identity was stolen by a friend, relative, or person otherwise known to the victim. According to a victim survey administered by Javelin Strategy and Research (2005), for those cases where the perpetrator was known, 32% were committed by a family member or relative; 18% were committed by a friend, neighbor, or in-home employee; and 24% were committed by strangers outside of the workplace.