Identity theft is a major concern these days, as it should be. Many legislators seem to think that the problem can be solved by locking up all the birth, marriage, and death records, which, of course, has an impact on genealogists. The legislators apparently have never checked with the security experts who deal with identity theft every day, however. The security experts report that public domain records of birth, marriage, and death are rarely used by identity thieves. Instead, the thieves have easier methods.
First, most ID theft begins at home. A high percentage of identity theft is perpetrated by someone who is personally acquainted with the victim and often is related to the victim. The Better Business Bureau found half of identity thieves caught in 2004 were family members, friends, in-home employees, or neighbors of their victims.
Next, almost no identity theft occurs because of Internet searches. In fact, frequent use of the Internet by consumers can REDUCE identity theft. Javelin Strategy & Research conducted a study by interviewing identity theft victims. The company found that most instances of identity fraud occur through traditional channels and are paper-based, not Internet-based.
The most common method of finding credit card information is by “dumpster diving.” That is, by going through someone else's trash to find credit card bills and offers for new credit cards that were thrown out in the trash. Identity thieves almost never use online sources simply because “dumpster diving” is so much easier.
Among the findings:
Consumers who access accounts online often detect identity theft earlier than people who rely on printed monthly paper credit card and bank statements. Online access to bank accounts and credit card accounts also reduces access to personal information on paper bills, which can be used to obtain credit card information and account numbers.
Most identity thieves find it is much easier to establish their own line of credit in the name of a relative or an acquaintance rather than digging through public records to create credit in the name of a stranger.
Average losses of victims of identity theft who discovered the crime by monitoring online accounts was $551 compared to an average loss of $4,543 for ID theft detected from paper statements.
The most frequent source of information used to commit fraud was a lost or stolen wallet or checkbook. Again, these often were stolen by family members, friends, in-home employees or neighbors of the victims.
Computer crimes were 11.6 percent of all known cases of identity fraud. Half of those were from spyware, surreptitiously installed software that monitors keystrokes on a computer that can be transmitted in something as innocent looking as pop-up ads.
Stealing information online is rare. The Javelin Strategy & Research study shows that computers were involved in only 11.6 percent of all identity thefts. The other 88.4% of identity theft cases were caused by old-fashioned methods.
Clearly, one of the misconceptions is that we should restrict access to the Social Security Death Index (SSDI). The SSDI is a list of Americans who have died and it includes Social Security Numbers. Those who believe that computers are a source of identity theft seem to feel that thieves will access the list. The Javelin Strategy & Research study shows otherwise. Indeed, security experts will tell you that the Social Security Death Index is one of the primary tools to PREVENT identity theft.
In effect, the Social Security Death Index is a frequently-updated list of people who no longer should be eligible for credit. One of the major purposes of distributing the Index with Social Security Numbers is to notify banks, credit card companies, insurance companies, motor vehicle departments, and others that these Social Security numbers are no longer eligible for credit or for identification.
Any well-run bank, credit card company, insurance company, or other company in the credit business subscribes to the SSDI updates and will immediately add the SSDI to its databases to find current problems and to deny credit in the future to anyone who applies by using a now-defunct Social Security number. Indeed, most deceased people have zero credit within hours after the SSDI update is released. The cost of obtaining the latest SSDI updates and adding them to a credit database is trivial when compared to the costs of identity theft.
If your legislator starts to make noise about restricting access to public domain data, please write to him or her and ask that legislator to investigate the REAL causes of identity theft. Numerous studies have been done and the results are available to all.
In the meantime, here are some steps that you can take to reduce the chances of someone stealing your identity and making charges in your name:
- Ask your bank and credit card companies to stop mailing statements to you. (Most banks and credit card companies offer this as an option.) Instead, check your account frequently online.
- Buy a shredder. If a bank or credit card company does send you paper in the mail that has your account number on it, shred the paper before throwing it in the trash. Who knows who will be “dumpster diving” in your trash?
- Several credit card companies will issue one-time credit card numbers. They may be known as "Virtual Account Numbers" or "Virtual Debit Card." PayPal has this as an option and I use it often. PayPal, CitiBank, and others will issue a credit card number that is to be used one time. When you make the purchase, everything works as usual. However, if anyone else saves that number and tries to use it to make a second purchase, the charge will be declined. The number is only useful one time. If you want to use the credit card a second time to make a purchase, you can return to the company's web site at any time to obtain a new one-time number.
- Protect your wallet and checkbook!
- Keep a list of all your credit card numbers and the telephone numbers of the banks that issued them. Those numbers are usually printed on the card. Store that list in a safe place. (Not in your wallet!) If anyone ever steals your credit cards, notify the issuing banks immediately.
- VISA, MasterCard, American Express, and Discover Card all insure online purchases against fraud. If anyone ever uses your credit card to make an online purchase without your permission, you will receive a prompt 100% refund from the credit card company. I had that happen to me twice and both times the reimbursement occurred within minutes after I reported the theft.
- Never, ever send a paper check in the mail! Thousands of checks are stolen from the mail and from mailboxes every year. Unlike credit cards, checks are not insured. If a thief steals your check in the mail and cashes it, you lose the money. Using a credit card online is much, much safer than sending a check in the mail as credit cards are 100% insured against online fraud.
- Avoid debit cards. They may look like credit cards and you use them like credit cards, but debit cards are really checks and are not insured in the same manner as credit cards. (There are a few exceptions; check with the bank that issued your debit card to see if that bank insures the debit cards. My bank does insure debit cards and so do a few other banks. The bank's telephone number should be on the card.)
Identity theft is a real problem, but taking a few simple steps will avoid most of the common methods used by identity thieves. Most of all, never fall into the trap of believing that public domain data is a frequent cause of identity theft. Don't let your legislators fall into that trap either. Refer them to the facts.
A very interesting and well researched novel on this subject in "The Broken Window" by Jeffery Deaver. Once read, you might add a few more items to list like dumping grocery and drug store "discount" cards.
Posted by: A.E. Holmes | July 03, 2009 at 03:49 AM
Again, excellent. Good advice based on fact. However, I don't regard nearly 12% of identity theft online as RARE. Perhaps SELDOM is a better adjective. One or two percent is rare. Besides which, I know several individuals whose identity was stolen online -- not the bulk of my acquaintances to be sure, but not rare.
Our shredder is a hungry little critter, too. Very nice.
Happy Dae·
http://ShoeStringGenealogy.com
Posted by: Dae Powell | July 03, 2009 at 07:31 AM
Speaking as one who issues thousands of retirement benefits monthly, be sure to select direct deposit for ALL income. We have about 20% who insist on a paper check each month. Some enjoy the visit to the bank to cash it (You can still amble down each month to take out some cash). Others don't trust the money will be there on the first of the month (It always is). Our experience has been that ANY issue that the retiree has with a benefit payment is with a paper check.
On the outgoing paper check -- a slight correction to the statement about a thief cashing your check. If that happens, you simply file a notarized statement of forgery with your bank and the money is returned to your account. The entity that cashed the check for the thief is short the money.
Posted by: Virginia B. | July 03, 2009 at 08:42 AM
This would be an excellent article to forward to all of our Senators and Congressmen. Also to our state representatives. They need to understand where the problem actually lies and not just reach for solutions that help no one.
Posted by: conditd | July 03, 2009 at 11:23 AM
Just a comment regarding the advice to dump grocery and drugstore discount cards. I asked my local supermarket for one of their cards and stated that I did not want it personalized. I did not have to fill out an application and was just handed the card. It works fine, and it keeps track of purchases for various rewards programs they have, but it is completely anonymous. It doesn't hurt to ask, and you might still be able to save money.
Posted by: Donna | July 03, 2009 at 12:32 PM
Dick, don't forget to point people to the Massachusetts Genealogical Council's white paper "Framing a Discussion on Vital Records Access." It covers this and more. The FTC "Red Flag" rules are now in effect and require use of the SSDI and many other commonsense procedures. You can find it at www.massgencouncil.org.
Posted by: Barbara Mathews | July 03, 2009 at 01:40 PM
Excellent article. One more "piece of paper" that may put you at risk is a check from your checkbook. I covered this in a blog I just posted--It seems that all a thief really needs is your account number and the bank routing number (This info is printed on your check) and they can take what they want if there is a willing or careless merchant. See "Are You being robbed..." http://frankpetaluma.wordpress.com/2009/07/03/are-you-being-robbed-as-you-read-this/
Posted by: Frank Simpson | July 04, 2009 at 01:29 AM
May we copy your article for forwarding to our elected representatives?
Douglas Burnett
Satellite Beach
FLorida
Posted by: Douglas Burnett | July 04, 2009 at 09:23 AM
Yes. You ALWAYS have permission to forward or republish any article in the Standard Edition of this newsletter. You may send it to anyone or even republish any article in a non-profit publication. For details, look in the menus to the upper right of almost any page on this web site and click on COPYRIGHTS.
Thank you.
- Dick Eastman
Posted by: Dick Eastman | July 04, 2009 at 10:52 AM
http://www.socialsecurity.gov/policy/docs/ssb/v69n2/v69n2p55.html
History of the SSN, thought you'd find it interesting
Posted by: john | July 06, 2009 at 09:56 PM
How do I get that address off of my credit report? I called to ask the Trans Union a question regarding that and I wasn't even able to verify the address on my credit report because I don't know what address that is... I was able to verify my current address but since I didn't know that the representative wouldn't help me always ready to help their clients.
Posted by: Debit Collection Lawyer | July 07, 2009 at 07:55 AM
When trying to get my great grandmothers death certificate, and I knew the date of death and cemetery, for New Jersey. They would not search for it if I did not know her date of birth, which was one of the reasons I requested the certificate. I solved the problem by calling the cemetery and a very nice man looked it up in less than 5 min. Identity theft, she died in 1953!
Posted by: Paul Breit | July 09, 2009 at 11:22 PM
Interesting article! Javilin Research seems to be biased towards proliferating online transactions. Their research generally emphasize that identity theft statistics (which are scarce) show known identity theft cases are accomplished the old fashioned way, not by hacking into online transactions as many low-tech consumers may believe. (Also, you may note that most of their studies are funded by financial institutions).
SSDI and other public records, beneficial for online genealogy work are not great sources of information to identity theives. I have not heard of any substantial government movements to drastically limit access to such information. The SSDI is valuable in preventing ID theft.
There are Federal and State government movements to limit access to certain types of public records, particularly those associated with real estate that may contain SSNs and other personally identifiable information. Many security experts suggest simple redaction of SSNs and account numbers from public records, while others suggest limiting access to such online records to those who have a need to know. There are no statistics or data on how these documents have been used to commit identity theft or to pry into the lives of innocent consumers. They are simply recognized as a high risk because anyone, anywhere, with an internet connection can access sufficient information to commit any of several different types of identity theft from the comfort of their home instead of digging through malodorous trash in an alley.
Access to living consumer's financial information and SSNs should be limited. Just as it is a criminal offense for a bank to post your imaged mortgage document showing your account information and SSN on the web, it should be a offense for the county that you live in to do the same.
Information needs to be available to genealogists, investigators, and newspapers; however, information that can be used to commit identity theft such as a living person's SSN, Driver's License Number, and financial account numbers must be restricted.
Posted by: Dr. Privacy | July 13, 2009 at 06:59 PM