BOX 4.1

Identity Theft

Identity theft or fraud is a major and growing concern in the information age. In 1998, it was made a federal crime under the Identity Theft and Assumption Deterrence Act. The crime consists of stealing key pieces of another’s personal information such as Social Security, credit card, or bank account numbers, and using that information to obtain credit or purchase goods or services.

In the typical case, the thief uses the personal information to open a new credit card account, cellular phone service, or new checking account (with new blank checks). Or the thief uses a stolen account number to gain access to the account, and then changes the address on the account and runs up a huge bill before the account owner discovers what has happened.

The injury to consumers is considerable, even though much of the ultimate financial loss falls on financial institutions. The injury to consumer victims takes many forms, including the significant amount of time and frustration involved in tracking down the extent of the theft, and reporting it to all the various institutions that must be notified, such as credit card issuers, banks, lenders, credit reporting agencies, and so on. Injury can also take the form of lost credit, insurance, and even jobs and driver’s licenses, before victims are able to correct their financial records.

Identity theft also has implications for national security. For example, Dennis M. Lormel, chief of the FBI’s Terrorist Financial Review Group, testified on July 9, 2002, before the Senate Judiciary Committee Subcommittee on Technology, Terrorism and Government Information:1

The threat [of identity theft] is made graver by the fact that terrorists have long utilized identity theft as well as Social Security Number fraud to enable them to obtain such things as cover employment and access to secure locations. These and similar means can be utilized by terrorists to obtain Driver’s Licenses, and bank and credit card accounts through which terrorism financing is facilitated. Terrorists and terrorist groups require funding to perpetrate their terrorist agendas. The methods used to finance terrorism range from the highly sophisticated to the most basic. There is virtually no financing method that has not at some level been exploited by these groups. Identity theft is a key catalyst fueling many of these methods.

For example, an Al-Qaeda terrorist cell in Spain used stolen credit cards in fictitious sales scams and for numerous other purchases for the cell. They kept purchases below amounts where identification would be presented. They also used stolen telephone and credit cards for communications back to Pakistan, Afghanistan, Lebanon, etc. Extensive use of false passports and travel documents were used to open bank accounts where money for the Mujahadin movement was sent to and from countries such as Pakistan, Afghanistan, etc.

Identity thieves obtain information in a variety of ways. Often old-fashioned techniques are used, e.g., retrieving numbers from paperwork in trash bins (“dumpster diving”) and observing numbers entered by consumers at ATMs, pay telephones, or on forms at bank counters (“shoulder surfing”). These techniques seem more common than more sophisticated methods, such as hacking into databases on the Internet.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement