…and more - all in the victim's name.

In many cases, depending upon an organization's employee training and security policies and procedures, and the thief's own skills as a smooth-talking con artist, only one or two pieces of information may be all that is needed to begin. Victims of Identity Theft typically do not find out that they have been victimized until long after the fact. Initial discovery is often the result of the victim being unexpectedly denied credit or turned down for a loan, through the receipt of telephone calls or collection notices from creditors, suddenly having checks declined or bank accounts drained, the discovery of numerous unexplained charges on credit card statements, or even through their arrest for crimes that they did not commit.

We have become a "right now" society. We want information, services, financial transactions, food, and everything else "right now", and improvements in technology continue to improve the speed at which these can be provided. We want it fast, but we also want it secure. However, there is always a certain degree of trade-off that is required -- a matter of speed and convenience versus security. As the security of any service is increased, the maximum speed at which it can be delivered is proportionately reduced, and vice-versa. On a regular basis, consumers make a willing choice to trade the privacy, and often the security, of their personal information for a faster and more convenient service.

While Identity Theft is frequently a crime of opportunity (i.e. - a consumer's personal information is readily accessible or non-secure), clever thieves and con artists have devised many new ways to create their own opportunities by taking advantage of consumers' own haste, carelessness, or general lack of awareness. With the ever-increasing demand for immediate satisfaction and dependence upon technology also comes new ways for consumers to become victims of fraud by thieves and scam artists, more quickly, more often, and in larger numbers. Though there is no question that technology improves our lives with greater conveniences and new services, it also makes committing fraud easier and more convenient for those who are so inclined. Each time that a new system is introduced or a new service is developed, it is a safe bet that clever fraud artists are already a step ahead in identifying the system's weaknesses and devising a scheme to circumvent it or use it to their advantage.

Identity Theft is a crime that can never be completely prevented, even by the most cautious consumer. This is a fact made pointedly clear on a regular basis through the hundreds of reported serious data breaches, whether through loss or theft, at major financial institutions, corporations, universities, retailers, and even government agencies such as state DMVs, the I.R.S., the Social Security Administration, the Veterans Administration, and the military.

As a consumer in today's world, our personal information is readily accessible and available from countless sources and contained within thousands of databases, some within our control, but most of them beyond our control. Add to this the tremendous proliferation of hi-tech fraud and consumer scams such as "phishing", "pharming", skimming, spyware and crimeware, and modern twists on old low-tech confidence scams such as the infamous Nigerian 419 letter, bogus contests, surveys, and lotteries, and hundreds of others. Consumers are literally under siege from nearly every direction as thieves employ new tricks and strategies to steal their information, wherever and however it may be available, for their own personal gain. Education, vigilance, and proactive, effective personal risk management are essential requirements for any consumer who hopes to protect themselves from being victimized.

The purpose of this article is not to scare you, but to provide factual, unbiased information intended to raise your awareness, educate, and empower you to understand and manage your risks.

Identity Theft as a Crime of Choice: Identity Theft is Less Risky, Incredibly Easy, and Highly Profitable

As little as ten years ago, information such as this may have been viewed as an in-depth review of a relatively obscure topic. In today's world, however, it is now critical information that is virtually required knowledge for consumers, professionals, and business owners alike. Identity Theft has exploded in recent years into a type of crime epidemic.

Did you know? According to the U.S. Department of Justice, Identity Theft has officially surpassed drug trafficking as the #1 crime in America.

Our relationship-less, easy access, technology-driven environment, combined with "slap-on-the-wrist" consequences for white-collar criminals, has spawned and encouraged the incredible proliferation of Identity Theft as a crime of choice for many criminals, opportunists, gangs, and organized crime syndicates. Simply put, a thief who robs you of your wallet or purse at gunpoint and is caught is likely to be sentenced to 5 to 10 years in prison for armed robbery. In comparison, an identity thief who steals your identity, opens 20 accounts in your name, and accrues tens of thousands of dollars in fraudulent debt will likely receive probation. Why is this? First, white collar crime is not considered a violent offense. No weapons were used in its commission, and no one's life was threatened. Prison over-population mandates that what little space is available be reserved for violent offenders.

Next, the crime is incredibly simple to commit with minimal risk, and it is very lucrative. Identity thieves do not need to break into your home or vehicle. In fact, they do not even need to reside in the same state or country as you. Many of the identity thieves who have been caught have been tech-savvy teenagers using their home computers, and some of the most prolific thieves have ties to organized crime groups located outside the United States, yet they easily have a global reach.

Thieves and con artists have found the crime to be extremely easy and highly lucrative, thus resulting in the formation of sophisticated "identity theft rings". An identity thief, or a ring of such thieves, can easily steal the information of hundreds, thousands, or even millions of victims at once - without a gun and with minimal risk. One can scarcely open a newspaper without finding a new story about such a ring, often cleverly disguised as a janitorial company or some other routine service to which most consumers do not give a second glance. Many crime rings such as these recruit low paid employees to steal sensitive customer information from their place of work. At five to ten dollars per name and Social Security number, this can quickly add up to a very lucrative source of income, particularly if the employee has access to a large database. A single CD-ROM or small USB drive can hold a large volume of information and is easy to conceal.

Furthermore, because of the very nature of the crime, identity thieves are difficult to catch, which means that there is a far greater likelihood they will successfully get away with Identity Theft as opposed to other types of crimes. An Identity Theft case often crosses multiple jurisdictional boundaries, with differing laws and penalties, and differing jurisdictional policies and procedures, making inter-agency cooperation difficult. For example, an identity thief may steal a consumer's information in one state, commit crimes using that information over the Internet and in two additional states, and relocate to a fourth state. This leaves law enforcement with no crime actually committed in the victim's home state, and no crime committed in the state in which the thief currently resides. In the case of fraud committed via the Internet, where did the crimes actually occur and how are they to be investigated? With multiple jurisdictions involved, which would be the lead jurisdiction in the investigation? Issues such as these make it extremely difficult for law enforcement to investigate and prosecute the crimes, or assist the individual victims. Because the crimes also often involve technology, there are many opportunities for the thief to hide and conceal his or her activities, and many law enforcement agencies lack adequate training and resources to adequately investigate cyber-crimes. And of course, at any time the thief can simply stop using the victim's information, or sell it to another thief, thus further confounding the investigation.

Identity Theft is Also a Means to an End

Identity Theft and fraud by itself is a profitable crime, but it is also frequently a means to an end. Identity Theft and fraud cases are regularly linked to other crimes, most notably the illegal drug trade. Individual criminals, street gangs, drug addicts, and organized crime syndicates use these crimes as a way to obtain money to purchase their drugs or fund their operations. They may use the victim's information themselves, or acquire and sell the victim's information to other criminals as a source of revenue. Even after the initial crime is discovered and any resultant fraudulent activity is eventually resolved, victims whose information has been stolen are always in danger of being re-victimized again in the future, as their information may be sold or traded to other criminals over and over.

There are numerous Internet websites operated by criminals, as sophisticated as most legitimate Internet merchant sites, that sell the stolen credit card, financial, and other personal information of millions of consumers on a daily basis. Countless organizations, large and small, have suffered data breaches in the last few years. The standard, inadequate response to the affected consumers has become "Have a breach, send them a letter, and offer them credit monitoring." Consumers who are notified of a serious data breach at a major financial institution or large company are often offered a limited period of free credit monitoring, and a false sense of security. At the end of the free monitoring period they must pay to keep the service, and the financial institution or company that suffered the breach typically profits by splitting a portion of the subscription revenues with the company providing the service. Through media reports and public announcements, the thieves who have stolen the information know what, if any, services are being offered to the affected consumers, and for how long. Whether it is three months, six months, or a year, thieves can simply sit upon the stolen information until the alarm bells stop ringing and the free services expire. With no apparent fraudulent activity having occurred during this time, consumers let down their guard and do not extend the service - and this is when the thieves begin to strike.

A victimized consumer must remain eternally vigilant, closely monitoring their accounts, public records, and personal information on a regular basis for further signs of fraudulent activity. The majority of consumers do not realize that credit monitoring services were developed and offered by the credit bureaus long before Identity Theft became a crime epidemic, and were developed for the purpose of assisting consumers in managing their credit rating based upon the way that the credit reporting system operates (not the way that identity thieves operate) The services were not developed for the purpose of preventing Identity Theft, though that is precisely how they are aggressively marketed. Credit monitoring services have significant limitations which are not disclosed to consumers, and financial account fraud - the type that may show in a credit report - is only one potential outcome of an Identity Theft incident.

A Darker Side of Identity Theft: Global Terrorism

There is also an even darker side to Identity Theft, because the crime is very appealing to international terrorist organizations. For example, in the ensuing law enforcement investigations after the September 11th terrorist attacks, it was determined that the attacks were funded in large part through fraudulently obtained credit cards, and nine of the terrorist operatives reportedly entered the United States using falsified visas and stolen or fraudulent identities.

With increased border security and international efforts to identify and locate known and suspected terrorist operatives, stolen identities also provide terrorists with potential opportunities to travel and enter the U.S. and other countries undetected. By traveling under false and stolen identities, terrorists can avoid detection by "No-Fly" lists that are comprised only of known names and aliases.

In addition to offering a convenient means of concealing their movement and activities, Identity Theft and credit card fraud also provide terrorist organizations with ample sources of funding for their operations, despite the crackdown by the world's financial institutions in the war on terrorism. When an innocent consumer is falsely identified as a suspected terrorist or person of interest and included on "No-Fly" and Watch lists; or, when it is discovered that financial accounts in his or her name and have been used to help fund terrorist activities, the "war on terror" suddenly becomes a very stark and unnerving reality.

Federal Laws: The Identity Theft and Assumption Deterrence Act

The Identity Theft and Assumption Deterrence Act, enacted by Congress in October 1998 (and codified, in part, at 18 U.S.C. 1028(a)(7)), is the federal law that formally established Identity Theft as a crime. The Act established the U.S. Federal Trade Commission as the lead government agency for consumer matters related to Identity Theft, though it has no investigative powers for individual cases of Identity Theft, and mandated that the FTC establish and maintain a centralized source for accepting and tracking reported incidents of Identity Theft. The FTC's centralized repository is known as the "Consumer Sentinel" database, and the FTC subsequently also created the "Military Sentinel" database dedicated to assisting military consumers.

Identity Theft quickly and consistently topped the list of consumer complaints received each year by the FTC, and reported incidents have nearly doubled each year since 1998. Under the Act, it is a federal crime when someone:

"knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law."

It is important to note that the term "means of identification" is defined as:

"any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any - A. name, social security number, date of birth, official State or government issued driver's license or identification number, alien registration number, government passport number, employer or taxpayer identification number; B. unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation; C. unique electronic identification number, address, or routing code; or D. telecommunication identifying information or access device (as defined in section 1029(e)); "

In most instances, a conviction for Identity Theft under federal law carries a maximum penalty of 25 years' imprisonment, a fine, and forfeiture of any personal property used or intended to be used to commit the crime. Schemes to commit Identity Theft or fraud also may involve violations of other statutes, such as credit card fraud; computer fraud; mail fraud; wire fraud; financial institution fraud; or Social Security fraud. Each of these federal offenses is a felony and carries substantial penalties, in some cases as high as 30 years in prison plus fines and criminal forfeiture.

View the Complete Text of the Identity Theft and Assumption Deterrence Act 

Federal Laws: The Identity Theft Penalty Enhancement Act

Signed into law by President George W. Bush on July 15, 2004, the Identity Theft Penalty Enhancement Act further expanded the existing prohibitions against Identity Theft under the Identity Theft and Assumption Deterrence Act, and was intended to provide new tools to law enforcement to combat the crime.

The Identity Theft Penalty Enhancement Act enhanced the penalties for Identity Theft and created the new federal offense of "Aggravated Identity Theft", which is defined in the Act as:

"knowingly transferring, possessing, or using, without lawful authority, a means of identifying another person during and in relation to specified felony violations".

The Act increased the penalties for these types of cases in which Identity Theft is used to commit other crimes when the perpetrator is successfully prosecuted in federal court. The Act also included acts of domestic terrorism within the scope of a prohibition against using identity theft as a means of facilitating an act of international terrorism.

Anyone who is convicted of "Aggravated Identity Theft" under the Act automatically faces a mandatory additional prison sentence of two years. If the crime involved an act of terrorism, the mandatory prison sentence is extended to five years. These enhanced penalties are in addition to any punishment imposed for the crime(s) of Identity Theft, and are required to be served in prison - they may not be served on probation.

State Laws: "Is Identity Theft also a crime at the state level?"

Yes, most states have passed laws specifically related to Identity Theft. Where specific Identity Theft laws do not exist, the underlying criminal activities or actions required to commit Identity Theft are generally prohibited under other state laws. At the time of publication, California is the only state with a specific fraud alert law, which can be reviewed at the California Office of Privacy Protection website at: www.privacyprotection.ca.gov

State level laws addressing Identity Theft and related fraud are constantly changing and evolving in an ongoing effort to keep pace with criminal activities, technology, and new fraud trends.