Globalization and the
world wide use of the Internet have allowed thieves with actual, stolen, or
cyber identities to engage in highly sophisticated crimes involving credit card
fraud, bank fraud, immigration fraud, medical use fraud, and employment fraud.
Identity theft was not a
federal crime prior to 1998. Congress passed the Identity Theft Assumption
Deterrence Act (P.L. 105-318) which made identity theft a crime, established
penalties for those engaging in such fraud or planning to defraud, and confiscation
of property used in the pursuit of identity theft. The FTC established a Theft
Data Clearinghouse in 2000 which recorded all consumer complaints data. (Kristin
Finklea, Identity Theft: Trends and
Issues, CRS R40599, January 16, 2014, p. 4)
The Congressional Research
Service makes a distinction between identity
theft and identity fraud even
though people use the terms interchangeably. Identity fraud is described as an umbrella term referring to crimes
“involving the use of false identification – though not necessarily a means of identification belonging to another person.”
Identity theft is the “specific form
of identity fraud that involves using the personally identifiable information
of someone else.”
Flores-Figueroa v. United States brought clarification to the issue of identity theft vs. aggravated identity theft in the Supreme Court decision. It was
important that “in order to be found guilty of aggravated identity theft, a
defendant must have knowledge that the means of identification he used belonged
to another individual. It is not sufficient to only have knowledge that the
means of identification used was not his own,” the crime had to be executed “knowingly.”
(Congressional Research Service report, R40599, January 16, 2014, p. 3)
The Identity Theft Penalty
Enhancement Act (P.L. 108-275) established penalties for aggravated identity theft with additional penalties of two to five
years’ imprisonment when the fraud was connected to other federal crimes.
Additionally, Congress
passed the Identity Theft Enforcement and Restitution Act of 2008 (Title II of
P.L. 110-326) for restitution to theft victims for time and effort spent
recovering their good name.
To coordinate 17 federal
agencies fighting against identity theft, President Bush signed Executive Order
13402, “Strengthening Federal Efforts to Protect Against Identity Theft,” establishing the President’s Identity
Theft Task Force. (71 Federal Register 93,
May 15, 2006)
Even though the use of
Social Security numbers in government documents and the private sector has been
curtailed, 50 million Medicare cards still use SSN as identification. Changing
to a different Medicare identifier has been estimated to cost between $255
million and $317 million. (U.S. Government Accountability Office, Medicare Information Technology: Centers for
Medicare and Medicaid Services Needs to Pursue a Solution for removing Social
Security Numbers from Cards, GAO-13-761, September 2013, p. 2)
The Intelligence Reform
and Terrorism Prevention Act of 2004 (P.L. 108-458) “prohibited states from
displaying or electronically including SSNs on driver’s licenses, motor vehicle
registration, or personal identification cards.” (CRS Report R40599, p. 24)
Several agencies are
tasked with fighting identity theft:
-
FBI through its
Financial Crimes Section with 20 theft task forces
- United States Postal Inspection Service which identifies thieves who use the postal service for their criminal activities and educates consumer groups
-
Social Security
Administration Office of the Inspector General (stolen or misused SSNs are put
under fraud alert in credit files, earning records are checked and fraud,
waste, and abuse identified)
-
Immigration and
Customs Enforcement (searches for identity theft that involves documents and
benefits fraud via the 2006 ICE created Document and Benefit Fraud Task Forces
located in 19 cities in the U.S.)
-
Department of
Justice (prosecutes identity theft cases found during investigations by various
agencies)
Once a person’s identity
is stolen, criminals use it to commit credit card fraud by changing the billing
address of the victim, opening new accounts in the victim’s name, eventually
destroying their credit rating and emptying their bank accounts. Skimming
devices installed at cash registers steal customers’ account information when
they make purchases. I became such a victim when I used my debit card to pay
for food in Portland, Oregon and in Alexandria, Virginia.
Using a person’s
information, thieves can create fake birth certificates, licenses, and Social
Security cards in order to apply for and receive government benefits in a
victim’s name. Fake identities and passports are created for illegal aliens
traveling to and living in the United States.
Furthermore, using
identity theft, criminals can obtain jobs or medical services for which they
are not entitled. The victim’s credit rating is adversely affected, cannot file
taxes, or cannot find future employment. One method used to empty bank accounts
or find personal information is by email phishing.
Last but not least are the
frequent data breaches by hackers around the world who steal large stores and
companies customers’ credit card and personal information, often including
medical records. Financial services industries are better at guarding their
customer information database, however, information resellers are not bound by
stringent restrictions. Limited research suggests that 12-27 percent of
identity theft results from data breaches.