The Scoop On Identity Theft

Identity theft is a growing problem. You can hardly turn on the news without hearing another story on identity theft or the importance of protecting personal information. Every day, we are bombarded with ads promising protection from identity theft if the right paper shredder is used or we subscribe to the monthly service that will protect our credit scores.

So, what is the risk from identity theft – is it really so dangerous? Are there steps that can be taken to protect against this type of crime? The answer to both is yes.

Let’s start with a look at the risks. The Federal Trade Commission estimated that total losses to business and financial institutions due to identity theft were $48 billion. The average loss to a business from identity theft was $4,800 per incident. Individuals lost an average of $580 to $800 depending on the type of fraud or identity theft. It may also take 30 to 60 hours to resolve identity theft. In some studies, victims have reported spending 175 hours to clear their names.

Biblical backgrounds

Isaac blessing Jacob in disguise (from WikiCommons)

Identity theft is not new. Perhaps the first documented case of identity theft is found in the bible. Jacob was the younger of twin brothers and wanted the blessing that his father was going to give to the older brother, Esau. Jacob knew that his father, Isaac, was nearly blind so Jacob disguised himself to resemble Esau, approached Isaac and tricked him into giving the blessing to him instead of Esau.

Wax seals were a form of protection from identity theft.
Since that time, kings, popes and other dignitaries have gone to great length to authenticate important papers with the use of wax seals. The seals were stamped with the crest or emblem specific to that individual as a mark to guarantee that the information therein was truly from that individual and to protect the privacy of the contents.

ID Theft in the 21st Century

Modern technology has brought about changes on how identity thieves operate. Contemporary techniques include pharming, phishing and skimming. Pharming involves using the Internet to redirect a victim from a legitimate website to an alternative site that is designed to look like the genuine site, but instead is used to collect personal information. Phishing is more widely known now and involves emails sent from what appears to be a legitimate business, usually citing a problem and asking for personal data to correct the problem. A new twist, called vishing, involves not only emails, but also follow-up phone calls from suspects trying to obtain personal information. Skimming occurs when a person, such as a waiter, takes your credit or debit card for payment. The card is swiped in an electronic reader and the data recorded and later used to create a fake card with the correct account information. This can be the most difficult to trace as consumers hand their debit/credit cards to merchants and their employees routinely.

There are also the cases in which the potential victim has no direct involvement at all. Think of recent news stories where databases have been lost or stolen along with thousands and even millions of individuals’ personal data per incident. More often than not, the data loss was not the real motive and was secondary to any actual crime, such as the theft of a laptop. In those cases, the involved individuals do not become victims of identity theft, but still have to remain vigilant.

People no longer use a personal seal to authenticate documents, but instead use numbers, usually a social security number or even a credit card number. Increasingly, merchants are requesting combinations of personal information in order to complete a transaction. For example, many online merchants request a customer enter a credit card number with the billing address for that card, even if the item is shipped elsewhere in order to verify that the purchase is legitimate. Some gas stations are now requesting the billing address zip code for credit card purchases as well.

The most common form of identity theft in more than ½ of the cases is simply the use of stolen credit cards to go on shopping sprees. This type of fraud is also the easiest to correct. However, about ¼ of the cases involve opening new accounts in the victim’s name and can be much more devastating and the impact can last much longer.

Rights and Responsibilities when Recovering from ID Theft

Everyone should understand their rights and obligations in regards to identity theft before becoming a victim. In general, victims are only liable for $50 for fraudulent debt. However, victims do need to notify their bank or credit card company within 60 days of learning of fraudulent activity. If an ATM or debit card is lost or stolen, victims need to notify the bank or credit union within two business days upon learning of the loss. In the case of fraudulent checks, victims need to notify the bank promptly in order to limit their liability.

Under Federal laws, everyone can obtain a free credit report once a year from each of the following three consumer credit-reporting companies: Equifax, Experian and TransUnion. Check the report for new accounts that you did not open. If you have been a victim of identity theft, you can place a fraud alert, which prevents new accounts from being opened in your name.

Many services offer protection from identity theft for monthly fees. Carefully evaluate the services offered to see if it is truly worthwhile for your situation. As noted, various laws limit the amount that a victim can be held liable for to $50 maximum. Be wary of the sales pitches that provide services already available free.

So what happens if you do become a victim of identity theft? The Federal Trade Commission (FTC) recommends placing a fraud alert with the three consumer credit reporting agencies and closing any accounts that may have been exposed to loss or accounts opened fraudulently. In addition, the victim should file a police report and file a complaint online with the FTC.

Unfortunately, filing a police report could be more difficult than it sounds. Identity theft often crosses numerous jurisdictions or is unclear where it exactly occurred. Police officers may refer victims to other agencies to file their report based on where part of the crime took place. The United States Department of Justice was involved in the development, along with several other organizations, of a national strategy to deal with identity theft. One of the recommendations is that police reports be filed in the jurisdiction where the victim resides. If a police agency is reluctant to take a report let them know about the recommendation. If the officer is still hesitant, ask that an ‘information only’ report be taken. Be sure to get the police report number for your records. Have an outline of the identity theft prepared ahead of time with dates, information on affected accounts, bank addresses and information on any other related police reports that may have been taken, as well as any suspect information, if available. This will make the reporting process easier and will help to make sure that no important information is forgotten or left out of the police report.

Solving ID Theft

Identity theft can be confusing and may happen in many different forms. One thing is clear – identity theft will continue, as the suspects evolve and develop new techniques to counter the steps used to thwart them. The FTC offers a wide-range of information on the Internet about identity theft and what to do if you become a victim. Protect your personal information; monitor your credit reports and review your account statements for any suspicious activity and you will minimize your risks.


Eric Smith, CPP is the leading authority on organizational self-defense. He has extensive experience in law enforcement as well as security management. Eric is available for staff education and security awareness training as well as business coaching to help organizations provide safe workplaces. To learn more email



If you would like to reprint this post, please contact Eric at


No comments:

Post a Comment