VII. Identity Theft Legislation
A wide range of federal laws relate to identity theft, including those pertaining to social security fraud, welfare fraud, computer fraud, wire fraud, and financial institution fraud. This review focuses on specific laws designed and enacted to criminalize the act of identity theft. The first federal law to combat identity theft occurred in 1998 with the passage of the Identity Theft Assumption and Deterrence Act (18 USC § 1028).This act has made it easier for law enforcement to investigate the crime and for victims to recover any losses from it. This law made identity theft a separate crime against the person whose identity was stolen, broadened the scope of the offense to include the misuse of information and documents, and provided punishment of up to 15 years of imprisonment and a maximum fine of $250,000. Under U.S. Sentencing Commission guidelines, a sentence of 10 to 16 months of incarceration can be imposed even if there is no monetary loss and the perpetrator has no prior criminal convictions (U.S. GAO, 2002). Violations of this crime are subject to investigations by federal law enforcement agencies, including the U.S. Secret Service, the FBI, the U.S. Postal Inspection Service, and the Social Security Administration’s Office of the Inspector General.
In an effort to protect consumers against identity theft and assist those who have been victimized, Congress passed the Fair and Accurate Credit Transactions Act (FACTA) in 2003. The act grants consumers the right to one credit report free of charge every year; requires merchants to leave all but the last five digits of a credit card number off store receipts; requires a national system of fraud detection to increase the likelihood that thieves will be caught; requires a nationwide system of fraud alerts to be placed on credit files; requires regulators to create a list of red flag indicators of identity theft, drawn from patterns and practices of identity thieves; and requires lenders and credit agencies to take action before a victim knows a crime has occurred. In addition, FACTA created a National Fraud Alert system.
In an effort to stop credit grantors from opening new accounts, FACTA also allows consumers to place three types of fraud alerts on their credit files. Individuals who suspect they are, or are about to become, victims of identity theft, can place an “initial alert” in their file. If individuals have been victims of identity theft, and have filed reports with law enforcement agencies, they can then request an “extended alert.” After an extended alert is activated, it will stay in place for 7 years, and the victims may order two free credit reports within 12 months. For the next 5 years, credit agencies must exclude the consumer’s name from lists used to make prescreened credit or insurance offers. Finally, military officials are able to place an “active duty alert” in their files when they are on active duty or assigned to service away from their usual duty station.
In 2004, the Identity Theft Penalty Enhancement Act (ITPEA) established a new federal crime, aggravated identity theft. This act prohibits the knowing and unlawful transfer, possession, or use of a means of identification of another person during and in relation to any of more than 100 felony offenses, including mail, bank, and wire fraud; immigration and passport fraud; and any unlawful use of a social security number. The law mandates a minimum 2 years in prison consecutive to the sentence for the underlying felony. In addition, if the offense is committed during and in relation to one of the more than 40 federal terrorism- related felonies, the penalty is a minimum mandatory 5 years in prison consecutive to the sentence for the underlying felony.
States have also passed laws in efforts to protect consumers and victims of identity theft. In 2006, states continued to strengthen laws to protect consumers by increasing penalties and expanding law enforcement’s role in investigating cases. Laws were also enacted to assist victims of identity theft, including prohibiting discrimination against an identity theft victim, allowing victims to expunge records related to the theft, and creating programs to help victims in clearing their names and financial records. To date, 39 states and the District of Columbia have enacted laws that allow consumers to freeze their credit files. As of November 1, 2007, the three major credit bureaus, Equifax, Experian, and TransUnion, offer the security freeze to consumers living in the 11 states that have not adopted security freeze laws and to all consumers in the 4 states that limit the option to victims of identity theft.
The effectiveness of legislation pertaining to identity theft has not yet been determined. These laws have provided law enforcement with the tools to fight identity thieves, but whether identity thieves have desisted because of these laws is still unclear. If identity thieves are like other fraudsters, and indicators suggest that they are, then they will adapt to law enforcement strategies aimed at stopping them. Thus, ITADA, FACTA and ITPEA will likely be amended to adjust to changing technology and adaptations of thieves.