Identity Theft: What It Is, How It Happens & the Best Protection
Identity theft occurs when someone gains unauthorized access to your personally identifying information – such as your name, Social Security Number (SSN), or bank account information – and uses it to commit fraud or other crimes.
The crimes that an identity thief is able to commit with your personal information range from applying for a credit card under your name before subsequently racking up prodigious charges to poaching your tax refund. In some cases, identity thieves are even able to assume an unsuspecting person’s identity entirely, obtaining identification bearing their name and often committing crimes “as that person.”
Those are terrifying prospects, to say the least. It’s clear that identity theft can cost you a lot of money as well as create confusion across the breadth of your life, but despite the horror stories, you have to wonder how prevalent identity theft actually is as well as what you can do to prevent it.
We’ll answer those questions and more below.
The Federal Trade Commission estimates that as many as 9 million Americans experience some form of identity theft each year. However, that number is subject to fluctuation as both crime fighting tactics and the methods that criminals use to steal identities evolve over time. A single statistic can’t really convey the full scope of the issue either.
You may therefore be interested to know that:
- The FTC’s Consumer Sentinel Network received roughly 360,000 identity-theft related complains in 2012 – 18% of all the complaints made that year.
Most Common Identity Theft Complaints
Identity Theft Complaints by Year
- 8.6 million households (8.6%) experienced some form of identity theft in 2010, according to the FTC.
- 5% of people age 16+ (1.7 million) fell victim to identity theft in 2006 and 2007, leading to $17 billion in financial losses, according to the U.S. Bureau of Justice Statistics. In other words, each instance of identity theft carried a $10,000 price tag.
What can you infer from these statistics? Well, it’s clear that a large number of Americans are victims of identity theft each year. However, when you consider the total number of people in the U.S., it’s also obvious that identity theft isn’t all too common.
In addition, while identity theft leads to billions of dollars in losses each year, we consumers aren’t necessarily on the hook for the full tab. In fact, financial institutions assume most of the liability for spending-related fraud.
"The human imagination and creativity are endless when it comes to stealing things," says Peter Keane, dean emeritus and professor at the Golden Gate University College of Law. In other words, while the following list represents the most common means that criminals use to gain access to victims’ personal information, according to the FTC, it’s certainly not exhaustive.
- Your Trash: Dumpster divers may be able to piece together enough information from old bills, financial statements, etc. to get your name, address, account number, bank name, etc. They can then use this information to open new accounts in your name or even assume your identity entirely.
- Your Mail: By stealing your mail, criminals may be able to take advantage of a pre-approved credit card offer, open account in your name, and go on a spending spree.
- Phishing: We’ve all received those e-mails from phony financial institutions asking that you provide certain information for their records or from friends asking for help out of a financial pickle. That’s phishing in action. More specifically, cyber criminals try to deceive unsuspecting consumers into opening and/or responding to e-mails designed to capture your personal information for fraudulent purposes.
- Skimming: Thieves are sometimes able to manipulate credit card processing machines and ATMs by inserting a device that captures the account information of whoever uses it.
- Straightforward Theft: Less sophisticated criminals make take a smash-and-grab approach to identity theft, stealing purses, pickpocketing people in crowded places, or even stealing personnel records from companies.
- Conning: Anyone who has ever called a bank or retailer’s customer service number knows that you must go through certain steps to verify your identity before the person on the other end will discuss the particulars of your account. Smooth-talking criminals can sometimes charm or explain their way around these safeguards and get the company representative to provide them with the information needed to fill out financial account applications, a change-of-address form, or the paperwork needed to get a replacement driver’s license in your name.
- Address Manipulation: While you have to “verify” your identity when you change your address by providing a valid credit card or debit card that the USPS will charge $1 to as a test, that’s not an insurmountable task for identity thieves who already have access to one of your credit cards or debit cards. They might therefore be able to divert your mail and gain access to other aspects of your life.
As you might guess based on the ways in which identity thieves access your personal information, there are some commonsense steps that you can take to protect yourself. There are also a few measures that might not seem so obvious, so we’ll lay them all out below:
Mail & Other Documents
- Shred Documents: If you make it a practice to shred financial documents and other correspondence that may contain personal information, dumpster-diving identity thieves won’t find much to use in your trash.
- Put a Lock on Your Mailbox: Restricting access to your mailbox – especially when you’re out of town – will reduce the likelihood that someone is able to open pre-approved credit card offers or glean personal information from letters and account statements. Forty percent of identity thieves glean personal information from people’s mail, according to Good Housekeeping magazine.
- Limit Prescreened Offers: Limit the number of pre-approved/prescreened credit offers you get in the mail by either calling 1-888-567-8688 or filling out a form online. Keep in mind that you will be asked to provide your Social Security number, which the consumer reporting companies need to match you with your file.
- Protect your Social Security Number (SSN): Your SSN is the most attractive and valuable piece of information to an identity thief, which means you need to safeguard it most carefully. For starters, don’t carry your Social Security card in your wallet, and ask the DMV to use a different number for your driver’s license (if your state generally uses your SSN as a default driver’s license number). In addition, be aware that your SSN may be listed on your insurance card or alternative forms of identification. While organizations are gradually phasing out this practice, be proactive and make sure your cards are switched now.
- Only Enter Financial Information on Official, Secure Websites: You shouldn’t send financial information through e-mail or a website without the “https:” prefix. Those methods of communication are vulnerable to hacking.
- Protect Your PIN: You’re more likely to be held liable for a debit card or ATM transaction if your actual PIN is used. After all, it should be harder to gain access to your PIN than a physical card. It’s your job to keep it safe and make sure that no one knows it.
- Never Respond to Unsolicited Requests for Information: Whether it’s someone showing up at your door, calling you on the phone, or sending you an e-mail asking for personal information, you shouldn’t respond if you didn’t ask to be contacted. It can be difficult to verify that the person is who they say they are, and reputable companies don’t ask you to provide sensitive information.“If someone contacts you claiming to be from your credit card company, do not give out your information, but instead, call the company yourself, making sure to use a legitimate number (such as the one on the back of your credit card),” suggests Steven J. Pilloff, assistant professor of finance at George Mason University.
- Order a Free Credit Report Every Four Months: All consumers are entitled to a free copy of their Experian, Equifax, and TransUnion credit reports once every 12 months. By spacing out your orders for each one, you’ll be able to review your reports for suspicious financial accounts as well as other potential signs of identity theft once every four months.
- Lock Your Credit Reports: Certain states enable consumers to “lock” or “freeze” their credit reports. This prevents anyone that you do not have an existing relationship with – even financial institutions – from accessing your credit report without your express permission, thereby making it more difficult for identity thieves to open new accounts in your name.
Sign Up for Credit Monitoring: Credit monitoring services alert you within 24 hours of any change to your credit report. You’ll therefore know when a credit card or loan application gets submitted under your name. The sooner you know about these potential signs of identity theft, the sooner you can get the situation straightened out.
For your convenience, we've compiled a comparison of all the major credit monitoring companies' costs and services.
- Make a Credit Card Your Primary Spending Vehicle: Visa, MasterCard, Discover, and American Express all offer blanket $0 liability guarantees for unauthorized credit card purchases. In other words, if someone steals your credit card and runs up a bunch of charges, you won’t have to pay for them."I'm a strong proponent of using credit cards vs. debit cards," says John D. Farmer, an adjunct professor of criminology and criminal justice at the University of North Florida. “If your debit card gets compromised, a bad guy can drain your account. Although you’re probably going to get your money back eventually, in the meantime it’s gone. Whereas with a credit card, you don’t have any of your money tied up in the process."
- Sign for Debit Card Purchases: The four major card networks also provide liability protections to debit card users as well. However, you’re only guaranteed to be covered if a signature is used for “verification.”
- Review Your Accounts on a Regular Basis: Checking your monthly account statements for charges that you did not make or any other irregularities and bringing them to the issuer’s attention is a great way to nip fraud in the bud.“The single best practice consumers can adopt to prevent financial fraud is to balance their accounts every month. Know what is coming in and what's going out, and double check it,” says Jill Vihtelic, a professor of business at St. Mary’s College. “Credit monitoring by an outside provider is no replacement for individual due diligence.”
- Mind Your Surroundings: When you’re on the phone in a public place, it’s not hard for a cunning identity thief to figure out whether you’re talking about a Social Security Number, date of birth, credit card number, expiration date, etc. From there, they’ll be able to apply for a new account under your name, change your address, and engage in other forms of crime.
- Leave No Room For Doubt: Never leave the final amount of a transaction open for interpretation. That means, for example, making sure to always fill in the “Tip” field on a bill, even if you’re only going to write “$0.00.”
- Know Your Wallet: Simply knowing what you have in your wallet and therefore what stands to be compromised should a pickpocket swipe it from you will mitigate the potential for any corresponding fraud.David M. Cordell, a clinical professor of finance and managerial economics at the University of Texas at Dallas, recommends that you “make a photocopy of every relevant item in your wallet: credit cards, driver’s license, insurance card, etc.” That way, he says, “you can be in position to make a faster recovery.”
We’ve already discussed how thieves can steal an identity as well as what you can do to protect yourself, but what about how you should handle things if you indeed discover that you’ve fallen victim to identity theft? Who should you notify? How can you mitigate the damage? And, perhaps most importantly, how can you get both your money and your good name back?
There are established procedures for addressing identity theft, and they typically include notifying the Federal Trade Commission (FTC) as well as other relevant government agencies and financial institutions. Below you can get a general sense of the steps you might need to take, but note that the specifics differ slightly depending on whether you’re dealing with an unauthorized inquiry or an unrecognized account, employer, address, delinquency, bankruptcy, civil judgment or tax lien.
- FTC: The Identity Theft and Assumption Deterrence Act holds the FTC responsible for fielding consumer complaints, providing information to potential victims, and coordinating the response with credit bureaus and law enforcement agencies. You can submit your identity theft complaint to the FTC online, over the phone (1-877-ID THEFT), or through the mail (Consumer Response Center, FTC / 600 Pennsylvania Avenue, N.W., Washington, DC 20580). Since time is of the essence when dealing with identity theft, the best approach is probably to file a complaint online or over the phone.
- USPS Inspection Service: If you believe that an identity thief has changed your mailing address or engaged in other types of mail fraud, you should notify the Postal Inspection Service by filling out this online form.
- IRS: If you believe that your Tax Identification Number has been compromised (as might be the case if your tax refund was claimed by a fraudster), fill out and submit the Internal Revenue Service’s Identity Theft Affidavit.
- Social Security Administration: If you think your SSN has been compromised, notify the Social Security Administration by calling: 800-269-0271.
- Your Bank(s): You should also give the financial institutions that issued your credit cards, debit cards, bank accounts, etc. a heads up that you may be dealing with some identity theft. This will give them the opportunity to apply added safeguards to your accounts as well as examine them for signs of impropriety.
After you’ve notified all of the relevant authorities, you’ll need to take care of some simple logistics. For example, you may want to review all of your financial accounts as well as your personal information for evidence of identity theft, which you can provide to investigators. In addition, you may need to adjust automatic monthly payments, direct deposit procedures, etc., so the potential identity theft does not cause a domino effect of headaches across your financial life. For more tips, make sure to read our guide on what to do in the aftermath of suspected identity theft.
With more and more consumer information readily available via the Internet and criminals engaged in a continuous game of technological one-upmanship with law enforcement, it’s fair to wonder what the future holds for our financial security. Will sophisticated fraudsters be able to overcome advances in voice and fingerprint recognition once the technology ultimately becomes cost-effective for mainstream use? Will financial institutions continue to eat the losses deriving from unauthorized transactions, or will liability shift more to the consumer at some point?
We asked a number of leading personal finance, law enforcement, and information security experts what the next 5-10 years have in store for us from an identity theft standpoint, and their responses offer interesting insights into the future safety of our wallets.
- Is our personal information more or less secure now than say, 5 years ago?
- What does the future hold for the security of our personal information?
- What are the best ways for people to protect themselves?
Identity theft and fraud are terrifying prospects for consumers, as they can lead to financial losses and credit score damage. However, these types of crime are far less common than you might think, and you can further reduce the likelihood of falling victim to them by taking a few commonsense measures to protect your personal information.
While exercising common sense will always be your best defense against identity thieves, the hope is that advances in identity verification will also make life more difficult for criminals in the future. Take credit card transactions, for example. “A credit-card is supposed to identify the person, but it is easy to imagine the deployment of technology which uses a camera to perform facial recognition, a mic to perform voice recognition, etc.,” says Steven Myers, assistant professor of informatics and computing at the Indiana University.
“Right now those technologies are very expensive,” according to Swapnoneel Roy, assistant professor with the University of North Florida’s School of Computing, “but research is going on to bring down the cost of biometric measures, so that should bring down identity theft a lot.”
Still, we can’t expect identity theft to disappear altogether, in part because the potential payoff will always allure criminals and in part because we are increasingly putting more and more of our personal information online for the world to see. “The biggest disturbing trend in identity theft will definitely be social media,” says Vijay Kanabar, associate professor of computer science and administrative services at Boston University. There will be no privacy.”
Image: Brian A Jackson/Shutterstock
Was this article helpful?