ID theft bigger threat offline
When Gina Titus became a victim of identity theft after her wallet was stolen, she expected to have her credit cards used for some unauthorized purchases. What Titus didn’t expect was to get hit with a maternity bill.
“They used the checking account and credit cards before I could cancel them,” said Titus, a 28-year-old public relations account executive from San Francisco. “Then several months later I get a letter from a collection agency and found they had opened a checking account in my name. I had a Discover card I never opened. The extent of what they were able to do was astounding.”
The biggest surprise came when Titus started getting maternity bills for the baby born to a woman who was using her identity.
“I’m blonde. She has brown, curly hair. She had checked into the hospital with my insurance card. It just seemed like things kept coming. I’m definitely more vigilant now,” said Titus, who eventually was able to reclaim her financial life after spending hours on the phone with creditors.
The physical manner in which Titus had her identity stolen nine years ago — her wallet was stolen from a car that was broken into — did not involve the sophisticated techniques used by identity thieves who turn to cyberspace.
And while identity theft can involve the Internet and computers, more often than not it involves physical methods such as a stolen or lost wallet, a burglarized mailbox or someone you know ripping you off.
Many people worry that using a credit card for an online purchase can lead to identity theft. But it’s a stolen or lost wallet that provides a far more likely scenario for that happening, according to a survey released earlier this year by Pleasanton-based Javelin Strategy & Research, a consulting firm for the financial services and payments industries.
Among other things, the 2008 survey looked at how identity theft is accomplished. For the one out of three identity theft victims who knows how their information was taken, more than three-fourths said it involved a physical method such as a stolen wallet, a phone or mail-order sale, stolen mail, or a theft by someone they knew, compared with 14 percent who reported that it involved online access.
“We are not saying (online access and data breaches) are not significant factors,” said James Van Dyke, Javelin’s president and founder. “But the point is that it has really been overblown. I think it is to the detriment of consumers to focus exclusively on these electronic methods of communication. Criminal don’t have a (bias) toward technology. They will use any channel that works.”
That’s why consumers need to take steps to prevent identity theft, whether it be not mailing paper checks in the offline world or making sure your computer’s anti-virus software is current in the online world, he said. It’s also crucial that consumers monitor their financial account activity to determine it they have become a victim of identity theft.
(See breakouts for more tips on how to prevent identity theft and what to do if your identity is stolen.)
The annual survey continues a five-year trend that shows identity theft dropping in the United States as more online security procedures are put in place and consumers take more preventive measures. Last year, there were an estimated 8.1 million identity theft cases, or 3.58 percent of adults, resulting in $45 billion in fraud, compared to 8.4 million cases, or 3.84 percent of adults, resulting in $51 billion in fraud the previous year. But it’s not all good news for consumers. Fewer people who were victims of identity theft could say how their information was stolen: 35 percent in the 2008 survey compared to 42 percent in 2007.
Just what’s responsible for the decline in knowing how the crime happened is not clear, said Van Dyke.
“We could speculate but we just can’t know for certain,” he said. “Certainly we are getting increases in reports of data breaches but there are still a lot of data breaches that never get reported.”
The low-tech means through which Titus became a victim of identity theft has a much lower profile than the high-tech online methods such as phishing, or a computer data breach. Phishing is when identity thieves trick consumers into revealing financial information by sending a fake e-mail reporting there is a problem with a financial account.
Unlike Titus, most identity theft victims don’t know how their personal information was stolen.
“If you lose your purse one day and the next day someone uses your credit card, you pretty much figure out that (someone stole your identity by taking) your purse. If you’ve got your credit card in your wallet, and suddenly unauthorized charges appear on your credit card account, you have no idea how it happened,” said Claudia Bourne Farrell, a spokeswoman for the Federal Trade Commission. “Most people don’t know how someone gets their information.”
Last year, identity theft topped the commission’s list of fraud-related complaints reported by consumers, according to an annual report released in February. Nationwide, the commission received 258,427 complaints about identity theft, or 32 percent of all fraud-related complaints.
On a statewide basis, California had the highest number of identity theft complaints — 43,892 — filed last year. It also had the country’s second highest rate of per-capita identity theft, with 120 complaints filed per 100,000 people.
Arizona, with 137 complaints per 100,000 people topped the statewide list.
A California region better known for its vineyards, Napa County, had the country’s highest level of identity theft complaints among the country’s 50 largest metropolitan areas with 303 complaints filed per 100,000 people. The Vallejo-Fairfield metro area was sixth with 218 complaints per 100,000 while San Joaquin County was 21st with 163 complaints per 100,000.
“Why Napa? We’re Wine Country. This is not supposed to happen,” quipped Andy Lewis, commander of the Napa Police Department’s investigations division.
It’s hard to say why the region was ranked at the top nationwide for identity theft complaints made last year, he said. Lewis did point out that some of the other metropolitan areas with high identity theft rates have significant populations of undocumented workers. To obtain work, employees typically have to provide a Social Security number.
“This is what I’m hearing from other areas that have undocumented workers. It would be a little bit premature to say that about Napa,” he said.
A separate commission survey conducted in 2005 found that only 43 percent of identity theft victims knew how their information was stolen. Of those who did, 16 percent believed their information was stolen by someone they knew.
Another seven percent it happened during a store, online or mail-order transaction, while five percent reported the theft of a wallet or purse. Only one percent said phishing was the culprit.
Stricter online security measures have led to a drop in identity theft involving online transactions while an increasing number of identity thieves are turning to the telephone to obtain personal information, the report said.
Transaction-based identity thefts that stemmed from telephone or mail-based purchases, shot up from three percent in 2007 to 40 percent in 2008.
What exact methods were responsible for the hike are unknown, said Van Dyke.
“Somehow in the process of the transaction their information was compromised. It could be someone who got into the database of the provider, a crooked employee or someone could have overheard the transaction,” he said.
Banking industry executives are also reporting that vishing — where identity thieves try to get consumers to reveal financial information over the phone — is on the rise, said Van Dyke.
Vishing happens when a consumer gets an e-mail or a phone call telling them to call a phone number to straighten out a problem with a financial account. Once the fake phone number is called, consumers are told to enter account information to resolve the problem.
“The upsurge in identity theft through the telephone reflects fraudsters’ preference for unprotected channels,” the Javelin survey said.