ID Theft and How We Could Stop It
Back in March of 2005, I was the victim of ID theft. Or, at the least, someone other than me had decided to buy a brand new Dell laptop on eBay with my debit card to the tune of around $700. What followed was over a month of trying to get a replacement card as well as watching my credit report like a hawk to make sure no other funny business was going on. I had to change all of my automatic billing, fill out fraud reports… the whole nine yards.
I was rather fortunate. I had caught the transaction while it was still in the authorization stage and canceled the card before any other purchases showed up. I didn't end up with charges on other cards and nothing funny showed up on my credit report. Many other people are not so fortunate, catching the fraud months or years after it's happened with little recourse against the credit bureaus and no way to prove one's innocence. What can we do to keep us from getting taken for a ride like this?
ID has become a valuable thing. We spend painstaking years to build it to a point where creditors know who we are from a 30-second run of the credit report. They can tell us what we buy, who we buy it from and how good we are at paying for it. This determines if we drive off the lot in the fancy new Mercedes with the special 0.9% financing or in a secondhand Tercel being gouged at 18.9% (or higher). Employers may use it to make sure we'll be trustworthy employees. We use it ourselves to figure out how well we're doing compared to everyone else. In short, it's the ironclad promise that we're good people.
The power that a credit score holds has made it valuable to thieves as well. They'd love nothing more than to pilfer tens of thousands of dollars from a victim they never have to meet. They know full well that most law enforcement won't do a thing about it ("it's a civil matter", they love to say) and that banks are too busy to do much more than write it off or stick it on the poor sap they've been milking.
Every week, we hear another high-profile case of lost backups, pilfered credit records and stolen laptops. TJ Maxx was the latest high-profile slip-up, now likely to be sued out of existence by many very VERY unhappy banks. The illegal immigrant raids in December turned up stolen Social Security Numbers used on falsified documentation, a ticket to work in America at many times the going rate in their home countries. News reporters can't keep themselves from the "human interest" stories about people whose lives have been ruined by banks attempting to collect debts they don't owe.
A large problem with ID theft is that we really don't do much of anything to prevent it. Credit bureaus don't have much incentive since they can insist that you owe the money and sell more credit reporting services to you. Banks shrug and write off bad debts or try to collect from you if you notice the error too late. The value of the ID and relative ease with which it can be taken continues to attract more and more thieves. Employers don't bother to use free tools to make sure that "Jimmy" is really a 34-year-old man born in Missouri rather than a 12-year-old girl from Florida because they'd be turning away good labor. We have the tools to seriously cut back on ID theft, yet we never once use them.
Do you remember the last time you requested your credit report? (If you haven't, for the love, DO IT NOW. No, really. Get the REAL free one you're owed from AnnualCreditReport.com immediately.) The credit bureaus are a bunch of untrusting guys. You have to answer five questions about your current and past accounts in order to see the thing. The real question, however, is why they don't ask those questions when someone applies for a new line of credit. It would certainly make it a lot more difficult to rip off someone's identity; this is information you don't exactly talk about all day long and the questions change every time you make a request. In short, you'd have to have a printed copy of the credit report in hand or commit it to memory to pass by this safety measure.
It's probably all coming back to money. As much as credit companies would love to cut back on fraud and look good to current and potential cardholders, they can't bring themselves to make getting into debt more of a hassle than filling out some basic information and waiting 60 seconds for approval. They'd rather let a few of us get totally screwed than take the extra couple of minutes required to virtually eliminate fraudulent credit applications.
Employers are just as complicit. For years, the federal government has offered a free hotline for checking the birth year and gender of the holder of a Social Security Number. It's also pretty common knowledge that the numbers also indicate the area in which you were born. In about a minute, an employer could check out a SSN to make sure the person trying to use it checks out properly by using their company's EIN. With a little work, it could even tell you if wages are being reported from another location. (A common problem with fraudulently used SSNs is that multiple persons are reporting wages on it from several states, sometimes as many as hundreds.) Again, their lack of effort boils down to money. They want to hire the cheap labor and don't care if it's an obvious fraud. Wink-wink, nudge-nudge is the name of the game and all parties involved know it.
Our legislators, in the meantime, do little or nothing of import to address these issues. There's no calls to mandate these simple and readily available checks to cut back on fraudulent use. If anything does happen, it's usually a giant overstep that ends in expensive litigation or Orwellian new regulations. In the quest for the limelight, elected officials tend to go for "big and flashy" over something with substance and merit. After all, these big-money interests are what keep the dollars flowing into campaign war chests.
I'm hoping that there's more than a few legislators out there willing to embrace these simple yet effective steps to cut back on the growing threat of eroded ID credentials. I fear that if left to get worse, it will open the door for truly invasive identification systems involving biometrics and RFID data stored in a central database. That's just building a honeypot for the thieves and could lead to something much more fearsome than paying for a Dell laptop you didn't buy.
I’ve also been the victim of ID theft. Mine was a computer purchased directly from Dell. But I didn’t get it stopped before Dell had already shipped. I reported it to the police and FBI. They filled out reports and I never heard anything from them again. They had the shipping address, but apparently a couple thousand bucks is not enough change to worry about catching the thief. Stakeouts can be expensive, and there are a lot of other fish to fry.
My education came when I asked the agent how they could have gotten my credit card number (as we’re quite careful with our cards, numbers, and charges). He said that my number was likely compromised somewhere down the pipeline. It could have been an unscrupulous employee working for a merchant, bad data security at a transfer shop or bank, a stolen laptop, etc.
In other words, it doesn’t matter how careful you are if someone among the myriad other people that have legitimate access to your data aren’t also careful.
I’m all for avoiding Orwellian responses, but for heck sakes, let’s do something. Apparently consumers don’t find it a major deal because the market is not rapidly evolving to address the matter.
My sister had her wallet stolen when she was 17 years old. We started to get back lash immediately from many local businesses. The thief’s opened new bank accounts, cell phone accounts, you name it. They would use a different name but the address and bank info for her, or her name and address but someone else’s bank info. It was a mess and took her years to try and clean up. We were lucky that the local police actually did help out a lot but even then there is only so much they would do.
Jesse,
Well said. I’ve not been a victim of ID theft. I keep a close eye on my accounts, and anything suspicious, I immediately get a hold of the bank.
One thing extra we should all do is burn our bank statements and credit card monthly payment invoices. Thieves have been known to actually rummage through garbage for this kind of information that we so easily throw in the trash. We’ve got a burn barrel here where we live, and each week we burn outdated valuable info such as these. There are so many ways that we “leak” our private information out that we do risk getting our IDs stolen, but there are good ways we can reduce the leakage.
Today we got a letter at work about fraud. We travel for work, that's what we do and this little tidbit of info really opened our eyes. The information came from the California police department but I'm sure it happens up here in Canada as well as all over your country. Whenever you check into a hotel that uses the swipe cards for room keys there is a little something extra encoded on there. The card is programed and holds your full name, partial address, your full credit card number and expiry date as well as your check in and check out dates. When you check out and return your key they don't delete the information, it's simply overwritten the next time that they issue that particular swipe card. This letter said to make sure that you never return the card to the front desk, that they can not charge you for not returning it (that's illegal) and that you should destroy it or demagnitize it yourself and test it in the door to be sure. If you don't do this then anyone who can get their hands on the cards can take them home and put them through a simple scanner, get all your info and go shopping. I don't think any of us at work knew that kind of information was stored on the cards but it reminds me of how easy identity fraud can be. Don't let it happen to you!!