Nothing Special   »   [go: up one dir, main page]
Wikipedia

Identity theft: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Hyperlinked U.S. Government Accountability Office. Changed US to U.S. to align with U.K. to align to the Wikipedia Style. Hyperlinked Carnegie Mellon University. Hyperlinked Microsoft. Removed Zeus hyperlink as it was already linked on the page. Unlinked Carnegie Mellon later on the page as it was already mentioned further up the page. Fixed spelling of bureau.
Monkbot (talk | contribs)
Bots
3,428,737 edits
m Task 20: replace {lang-??} templates with {langx|??} ‹See Tfd› (Replaced 1);
 
(87 intermediate revisions by 48 users not shown)
Line 1:
{{Short description|Deliberate use of someone else's identity, usually as a method to gain a financial advantage}}
{{About|the concept of identity theft|the 2004 film|Identity Theft (film)|the 2013 film|Identity Thief|the 1953 film|Stolen Identity}}
 
{{Multiple issues|
{{Cleanup|reason=Odd wording/grammar in places.|date=September 2018}}
Line 6 ⟶ 7:
}}
[[File:Figure 2 Example of a Successful Identity Theft Refund Fraud Attempt (28356288536).jpg|thumb|upright=1.3|Example of an identity theft crime: 1. The fraudster files tax return paperwork in the victim's name, claiming a refund. 2. The IRS issues a refund to the fraudster. 3. The victim submits their legitimate tax return. 4. The IRS rejects the return as a duplicate.]]
'''Identity theft''', '''identity piracy''' or '''identity infringement''' occurs when someone uses another person's personal identifying information, like their name, identifying number, or [[credit card number]], without their permission, to commit fraud or other crimes. The term ''identity theft'' was coined in 1964.<ref>{{cite web|date=September 2007|title=Oxford English Dictionary online|url=http://dictionary.oed.com/cgi/entry/50111220/50111220se23|access-date=27 September 2010|publisher=Oxford University Press}}</ref> Since that time, the definition of identity theft has been statutorilylegally defined throughout both the U.K. and the [[United States|U.S.]] as the theft of personally identifiable information. '''Identity theft''' deliberately uses someone else's [[personally identifiable information|identity]] as a method to gain financial advantages or obtain credit and other benefits,.<ref>Synthetic ID Theft [http://www.unc.edu/~dubal/idtheft/synthetic.htm Cyber Space Times] {{webarchive |url=https://web.archive.org/web/20151009122632/http://www.unc.edu/~dubal/idtheft/synthetic.htm |date=9 October 2015 }}</ref><ref>{{Cite documentSSRN |title=Identity Theft: Making the Known Unknowns Known |last=Hoofnagle|first=Chris Jay |date=13 March 2007 |ssrn = 969441}}</ref> and perhaps to cause other person's disadvantages or loss. The person whose identity has been stolen may suffer adverse consequences,<ref name="BloombergIdentityTheftEssay">{{cite news |author=Drew Armstrong | url=https://www.bloomberg.com/news/articles/2017-09-13/my-three-years-in-identity-theft-hell | title=My Three Years in Identity Theft Hell | newspaper=Bloomberg.com | publisher=Bloomberg | date=13 September 2017 | archive-url=https://web.archive.org/web/20170919142519/https://www.bloomberg.com/news/articles/2017-09-13/my-three-years-in-identity-theft-hell | archive-date=19 September 2017 | access-date=20 September 2017 }}</ref> especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, [[Personal identification number|PINs]], [[electronic signature]]s, fingerprints, [[password]]s, or any other information that can be used to access a person's financial resources.<ref>See, e.g., {{cite web|title=Wisconsin Statutes, Sec. 943.201. Unauthorized use of an individual's personal identifying information or documents.|url=https://docs.legis.wisconsin.gov/statutes/statutes/943/III/201|website=Wisconsin State Legislature|access-date=19 July 2017}}</ref>
 
Determining the link between [[data breach]]es and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained. According to a report done for the FTC, identity theft is not always detectable by the individual victims.<ref>Federal Trade Commission – 2006 Identity Theft Survey Report, p. 4</ref> [[Identity fraud]] is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A [[Government Accountability Office|U.S. Government Accountability Office]] study determined that "most breaches have not resulted in detected incidents of identity theft".<ref>{{cite web |url=http://www.gao.gov/new.items/d07737.pdf |title=Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown |work=Highlights of GAO-07-737, a report to congressional requesters |publisher=gao.gov |access-date=22 September 2010}}</ref> The report also warned that "the full extent is unknown". A later unpublished study by [[Carnegie Mellon University]] noted that "Most often, the causes of identity theft is not known", but reported that someone else concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%".<ref>{{cite web |url=http://www.heinz.cmu.edu/research/241full.pdf |title=Do Data Breach Disclosure Laws Reduce Identity Theft? |author=Sasha Romanosky |work=Heinz First Research Paper |publisher=heinz.cmu.edu |access-date=2009-05-27 |archive-date=2012-01-20 |archive-url=https://web.archive.org/web/20120120001255/http://www.heinz.cmu.edu/research/241full.pdf |url-status=dead }}</ref> For example, in one of the largest data breaches which affected over four million records, it resulted in only about 1,800 instances of identity theft, according to the company whose systems were breached.{{citation needed|date=May 2021}}
 
An October 2010 article entitled "Cyber Crime Made Easy" explained the level to which hackers are using [[malicious software]].<ref name="Giles2010">{{cite journal | last=Giles | first=Jim | title=Cyber crime made easy | journal=New Scientist | publisher=Elsevier BV | volume=205 | issue=2752 | year=2010 | issn=0262-4079 | doi=10.1016/s0262-4079(10)60647-1 | pages=20–21}}</ref> As Gunter Ollmann,
Chief Technology Officer of security at [[Microsoft]], said, "Interested in credit card theft? There's an app for that."<ref>{{Cite web|last=Giles|first=Jim|title='Credit card theft? There's an app for that'|url=https://www.newscientist.com/article/mg20527524-300-credit-card-theft-theres-an-app-for-that/|access-date=2021-03-19|website=New Scientist|language=en-US}}</ref> This statement summed up the ease with which these hackers are accessing all kinds of information online. The new program for infecting users' computers was called [[Zeus (malware)|Zeus]], and the program is so hacker-friendly that even an inexperienced hacker can operate it. Although the hacking program is easy to use, that fact does not diminish the devastating effects that Zeus (or other software like Zeus) can do on a computer and the user. For example, programs like Zeus can steal credit card information, important documents, and even documents necessary for [[homeland security]]. If a hacker were to gain this information, it would mean nationwide identity theft or even a possible terrorist attack. The [[Integrated Threat Assessment Centre|ITAC]] sayssaid that about 15 million Americans had their identity stolen in 2012.<ref>[https://www.bjs.gov/content/pub/pdf/vit12.pdf {{BareVictims URLof PDF|date=MarchIdentity Theft, 2012] 2022}}BJS</ref>
 
== Types ==
{{Further|Levels of identity security}}
Sources such as the [[Non-profit]] [[Identity Theft Resource Center]]<ref>{{cite web |url=http://www.idtheftcenter.org/ |title=Identity Theft Resource Center website |publisher=idtheftcenter.org }}</ref> sub-divide identity theft into five categories:
* Criminal identity theft (posing as another person when apprehended for a crime)
Line 21 ⟶ 23:
* Child identity theft.
 
Identity theft may be used to facilitate or fund other crimes including [[Illegalillegal immigration]], [[terrorism]], [[phishing]] and [[espionage]]. There are cases of identity cloning to attack [[payment system]]s, including online credit card processing and [[medical insurance]].<ref>{{cite web |url=http://www.worldprivacyforum.org/medidtheft_consumertips.html |title=Medical Identity Theft: What to Do if You are a Victim (or are concerned about it) }}, World Privacy Forum</ref>
 
=== Identity cloning and concealment ===
Line 32 ⟶ 34:
 
=== Synthetic identity theft ===
A variation of identity theft that has recently become more common is ''synthetic identity theft'', in which identities are completely or partially fabricated.<ref>[http{{Cite web|url=https://www.leagle.com/decision/2009567417bbr150_1566 In re Marie A. COLOKATHIS, Catherine Bauer, M.D., Plaintiff v. Marie Colokathis, 417 B.R. 150 (2009)] {{webarchive 2009567417bbr1501566|urlarchiveurl=https://web.archive.org/web/20150719051854/http://www.leagle.com/decision/2009567417bbr150_1566|url-status=dead|title=In Re Colokathis &#124; 417 B.R. 150 (2009)|archive-date=19 July 2015 |website=Leagle}}</ref> The most common technique involves combining a real [[social security number]] with a name and birthdate other than the ones that are simply associated with the number. Synthetic identity theft is more difficult to track as it doesn't show on either person's credit report directly but may appear as an entirely new file in the [[credit bureau]] or as a subfile on one of the victim's credit reports. Synthetic identity theft primarily harms the creditors who unwittingly grant the fraudsters credit. Individual victims can be affected if their names become confused with the synthetic identities, or if negative information in their subfiles impacts their credit ratings.<ref>{{cite web |url=http://www.bankrate.com/brm/news/pf/identity_theft_20070516_a1.asp |title=Detecting synthetic identity fraud |access-date=21 September 2008 |last=McFadden |first=Leslie |date=16 May 2007 |work=Bankrate.com |pages=1–2 }}</ref>
 
=== Medical identity theft ===
Line 38 ⟶ 40:
[[File:Figure 2- Risk of Identity Theft with Medicare Card under CMS’s Three Proposed Options (7802334168).jpg|thumb|US [[Government Accountability Office]] diagram showing the identity theft risk associated with social security numbers on [[Medicare (United States)|Medicare cards]]]]
 
Privacy researcher Pam Dixon, the founder of the World Privacy Forum,<ref>{{Cite web|url=https://www.worldprivacyforum.org/|title=World {{BarePrivacy URL inlineForum|datewebsite=Junewww.worldprivacyforum.org|accessdate=25 December 20222023}}</ref> coined the term medical identity theft and released the first major report about this issue in 2006. In the report, she defined the crime for the first time and made the plight of victims public. The report's definition of the crime is that medical identity theft occurs when someone seeks medical care under the identity of another person. Insurance theft is also very common, if a thief has your insurance information and or your insurance card, they can seek medical attention posing as yourself.<ref>{{Cite web|url=http://www.igrad.com/articles/8-types-of-identity-theft|title=Get to Know These Common Types of ID Theft|website=iGrad|access-date=29 September 2016}}</ref> In addition to risks of financial harm common to all forms of identity theft, the thief's medical history may be added to the victim's [[medical record]]s. Inaccurate information in the victim's records is difficult to correct and may affect future insurability or cause doctors to rely on misinformation to deliver inappropriate care. After the publication of the report, which contained a recommendation that consumers receive notifications of medical data breach incidents, California passed a law requiring this, and then finally [[Health Insurance Portability and Accountability Act|HIPAA]] was expanded to also require medical breach notification when breaches affect 500 or more people.<ref>{{cite web|url=http://www.worldprivacyforum.org/medicalidentitytheft.html|title=The Medical Identity Theft Information Page|publisher=World Privacy Forum|access-date=26 November 2012|url-status=dead|archive-url=https://archive.today/20130416062351/http://www.worldprivacyforum.org/medicalidentitytheft.html|archive-date=16 April 2013}}</ref><ref>{{cite web |url=http://www.idtheftcenter.org/artman2/publish/v_fact_sheets/Fact_Sheet_130_A_Correcting_Misinformation_on_Medical_Records.shtml |title=Correcting Misinformation on Medical Records |publisher=Identity Theft Resource Center |archive-url=https://web.archive.org/web/20130123025205/http://www.idtheftcenter.org/artman2/publish/v_fact_sheets/Fact_Sheet_130_A_Correcting_Misinformation_on_Medical_Records.shtml |archive-date=23 January 2013 |url-status=dead }}</ref> Data collected and stored by hospitals and other organizations such as medical aid schemes is up to 10 times more valuable to cybercriminals than credit card information.
 
=== Child identity theft ===
Child identity theft occurs when a minor's identity is used by another person for the impostor's personal gain. The impostor can be a family member, a friend, or even a stranger who targets children. The Social Security numbers of children are valued because they do not have any information associated with them. Thieves can establish lines of credit, obtain driver's licenses, or even buy a house using a child's identity. This fraud can go undetected for years, as most children do not discover the problem until years later. Child identity theft is fairly common, and studies have shown that the problem is growing. The largest study on child identity theft, as reported by Richard Power of the Carnegie Mellon Cylab with data supplied by [[AllClear ID]], found that of 40,000 children, 10.2% were victims of identity theft.<ref>{{Cite web|url=https://www.foxbusiness.com/features/government-turns-spotlight-on-child-id-theft-problem|title=Government Turns Spotlight on Child ID Theft Problem|date=12 January 2016|website=CreditCards.com|language=en-US|access-date=22 April 2019}}</ref>
 
The [[Federal Trade Commission]] (FTC) estimates that about nine million people will be victims of identity theft in the United States per year. It was also estimated that in 2008; 630,000 people under the age of 19 were victims of theft. This then gave themthe victims a debt of about $12,799 which was not theirs.<ref name=":5">{{Cite web|url=http://link.galegroup.com/apps/doc/A317310399/AONE?u=sunybuff_main&sid=AONE&xid=8502170b.|title=Protecting and defending a young person in foster care from financial identity theft|last=Clemente|first=Jean|date=Feb 2010}}</ref>
 
Not only are children in general big targets of identity theft but children who are in foster care are even bigger targets. This is because they are most likely moved around quite frequently and their SSN is being shared with multiple people and agencies. Foster children are even more victims of identity theft within their own families and other relatives. Young people in foster care who are victims of this crime are usually left alone to struggle and figure out how to fix their newly formed bad credit.<ref name=":5" />
 
The emergence of children's identities on social media has also contributed to a rise in incidents of digital kidnapping and identity theft. [[Digital kidnapping]] involves individuals stealing online images of children and misrepresenting them as their own.<ref>{{Cite journal |last1=Berg |first1=Valeska |last2=Arabiat |first2=Diana |last3=Morelius |first3=Evalotte |last4=Kervin |first4=Lisa |last5=Zgambo |first5=Maggie |last6=Robinson |first6=Suzanne |last7=Jenkins |first7=Mark |last8=Whitehead |first8=Lisa |date=2024-02-21 |title=Young Children and the Creation of a Digital Identity on Social Networking Sites: Scoping Review |journal=JMIR Pediatrics and Parenting |language=EN |volume=7 |issue=1 |pages=e54414 |doi=10.2196/54414|doi-access=free |pmid=38381499 |pmc=10918551 }}</ref>
 
=== Financial identity theft ===
Line 51 ⟶ 55:
 
=== Tax identity theft ===
{{see also|Tax evasion}}
One of the major identity theft categories is '''tax-related identity theft'''. The most common method is to use a person's authentic name, address, and [[Social Security Number]] to file a tax return with false information, and have the resulting refund direct-deposited into a bank account controlled by the thief. The thief in this case can also try to get a job and then their employer will report the income of the real taxpayer, this then results in the taxpayer getting in trouble with the IRS.<ref name=":03">{{Cite web|url=https://www.citrincooperman.com/infocus/identityIn-theftFocus-taxResource-and-financial-considerationCenter|title=IdentityIn TheftFocus Resource Center from Citrin Cooperman &#124; TaxIdeas andThat Count|website=www.citrincooperman.com|accessdate=25 FinancialDecember Consideration2023}}</ref>
 
The 14039 Form to the [[Internal Revenue Service|IRS]] is a form that will help one fight against a theft like tax theft. This form will put the IRS on alert and someone who believed they have been a victim of tax-related theft will be given an Identity Protection Personal Identification Number (IP PIN), which is a 6 digit code used in replacing an SSN for filing tax returns.<ref name=":03" />
Line 57 ⟶ 62:
== Techniques for obtaining and exploiting personal information ==
Identity thieves typically obtain and exploit [[personally identifiable information]] about individuals, or various credentials they use to authenticate themselves, to impersonate them. Examples include:
* Using [[public records]] about individual citizens, published in official registers such as electoral rolls<ref>{{cite news | last=Loviglio | first=Joann| url= http://www.nbcnews.com/id/46874551| title= If Microsoft co-founder's ID isn't safe, is yours? | work= NBC News |date= March 2012 }}{{dead link|date=August 2024|bot=medic}}{{cbignore|bot=medic}}</ref>
* Rummaging through rubbish for personal information ([[Dumpster diving#Information diving|dumpster diving]])
* Stealing [[Cheque|cheques (checks)]] to acquire banking information, including account numbers and [[bank code]]s<ref>{{cite web |url=http://www.douglascountysheriff.org/idtheft/idtheftmain.htm |title=Identity Theft |access-date=2009-08-02 |archive-date=2012-07-28 |archive-url=https://archive.istoday/20120728/http://www.douglascountysheriff.org/idtheft/idtheftmain.htm |url-status=dead }}, Douglas County Sheriff's Office, Washington</ref>
* Retrieving personal data from redundant IT equipment and storage media including PCs, servers, PDAs, mobile phones, USB memory sticks, and hard drives that have been disposed of carelessly at public dump sites, given away, or sold on without having been properly sanitized
* Guessing Social Security numbers by using information found on Internet social networks such as [[FacebookTwitter]] and [[MySpace]]<ref>{{cite news |last=Olmos |first=David |url=https://www.bloomberg.com/apps/news?pid=newsarchive&sid=aKbjO.Ew4S2E |title=Social Security Numbers Can Be Guessed From Data, Study Finds |publisher=Bloomberg |date=6 July 2009 |access-date=4 January 2011 |url-status=dead |archive-url=https://web.archive.org/web/20130617002156/http://www.bloomberg.com/apps/news?pid=newsarchive&sid=aKbjO.Ew4S2E |archive-date=17 June 2013 }}</ref>
* Using [[public records]] about individual citizens, published in official registers such as electoral rolls<ref>{{cite news | last=Loviglio | first=Joann| url= http://www.nbcnews.com/id/46874551| title= If Microsoft co-founder's ID isn't safe, is yours? | work= NBC News |date= March 2012 }}</ref>
* Stealing bank or credit cards, identification cards, passports, authentication tokens ... typically by [[pickpocketing]], [[burglary|housebreaking]] or mail [[theft]]
* Common-knowledge questioning schemes that offer [[account verification]], such as "What's your mother's maiden name?", "what was your first car model?", or "What was your first pet's name?".
* [[Skimming (credit card fraud)|Skimming]] information from bank or credit cards using compromised or hand-held card readers, and creating clone cards
* Using [[Wireless identity theft|' contactless' credit card readers]] to acquire data wirelessly from [[RFID]]-enabled passports
* Shoulder-Surfing, involves an individual who discreetly watches or hears others providing valuable personal information. This is particularly done in crowded places because it is relatively easy to observe someone as they fill out forms, enter PINs on ATMs or even type passwords on smartphones.
* Stealing personal information from computers using breaches in [[browser security]] or [[malware]] such as [[Trojan horse (computing)|Trojan horse]] [[keystroke logging]] programs or other forms of [[spyware]]
* [[Hacker (computer security)|Hacking]] computer networks, systems, and databases to obtain personal data, often in large quantities
* Exploiting [[Data breach|breaches]] that result in the publication or more limited disclosure of personal information such as names, addresses, [[Social Security number]] or credit card numbers
* Advertising bogus job offers to accumulate [[curriculum vitae|resumes]] and applications typically disclosing applicants' names, home and email addresses, telephone numbers, and sometimes their banking details
* Exploiting insider access and abusing the rights of privileged IT users to access personal data on their employers' systems
* Infiltrating organizations that store and process large amounts or particularly valuable personal information
* Impersonating trusted organizations in emails, SMS text messages, phone calls, or other forms of communication to dupe victims into disclosing their personal information or login credentials, typically on a fake corporate website or data collection form ([[phishing]])
* Brute-force attacking weak passwords and using inspired guesswork to compromise weak password reset questions
* Obtaining castings of fingers for falsifying [[fingerprint identification]].
* Browsing [[social network service|social networking]] websites for personal details published by users, often using this information to appear more credible in subsequent social engineering activities
* Diverting victims' email or post to obtain personal information and credentials such as credit cards, billing, and bank/credit card statements, or to delay the discovery of new accounts and credit agreements opened by the identity thieves in the victims' names
* Using false pretenses to trick individuals, customer service representatives, and help desk workers to disclose personal information and login details or changing user passwords/access rights ([[pretexting]])
* Stealing [[Cheque|cheques (checks)]] to acquire banking information, including account numbers and [[bank code]]s<ref>{{cite web |url=http://www.douglascountysheriff.org/idtheft/idtheftmain.htm |title=Identity Theft |access-date=2009-08-02 |archive-date=2012-07-28 |archive-url=https://archive.is/20120728/http://www.douglascountysheriff.org/idtheft/idtheftmain.htm |url-status=dead }}, Douglas County Sheriff's Office, Washington</ref>
* Guessing Social Security numbers by using information found on Internet social networks such as [[Facebook]] and [[MySpace]]<ref>{{cite news |last=Olmos |first=David |url=https://www.bloomberg.com/apps/news?pid=newsarchive&sid=aKbjO.Ew4S2E |title=Social Security Numbers Can Be Guessed From Data, Study Finds |publisher=Bloomberg |date=6 July 2009 |access-date=4 January 2011 |url-status=dead |archive-url=https://web.archive.org/web/20130617002156/http://www.bloomberg.com/apps/news?pid=newsarchive&sid=aKbjO.Ew4S2E |archive-date=17 June 2013 }}</ref>
* Low security/privacy protection on photos that are easily clickable and downloaded on [[social networking]] sites.
* Befriending strangers on social networks and taking advantage of their trust until private information is given. ([[Social engineering (security)|Social Engineering]])
 
== Indicators ==
{{How-to|section|date=April 2022}}
The majority of identity theft victims do not realize that they are a victim until it has negatively impacted their lives. Many people do not find out that their identities have been stolen until they are contacted by financial institutions or discover suspicious activities on their bank accounts.<ref name=":0">{{Cite web|url=https://www.cnbc.com/2014/01/17/seven-signs-youre-a-victim-of-identity-theft.html|title=Seven signs you're a victim of identity theft|last=Weisbaum|first=Herb|date=18 January 2014|website=CNBC|access-date=12 November 2016}}</ref> According to an article by Herb Weisbaum, everyone in the US should assume that their personal information has been compromised at one point.<ref name=":0" /> It is therefore of great importance to watch out for warning signs that your identity has been compromised. The following are eleven indicators that someone else might be using your identity.
# Credit or debit card charges for goods or services you are not aware of, including unauthorized withdrawals from your account<ref name=":0" />
# Receiving calls from credit or debit card fraud control department warning of possible suspicious activity on your credit card account<ref name=":1">{{Cite book|title=Identity Theft : A Reference Handbook|last=Hoffman|first=Sandra K|publisher=ABC-CLIO|year=2009|isbn=9781598841442|location=Santa Barbara, US|pages=[https://archive.org/details/identitytheftref0000hoff/page/42 42–44]|via=Contemporary World Issues|url-access=registration|url=https://archive.org/details/identitytheftref0000hoff/page/42}}</ref>
# Receiving credit cards that you did not apply for<ref name=":1" />
# Receiving information that a [[credit scoring]] investigation was done. They are often done when a loan or phone subscription was applied for.
# Checks bouncing for lack of enough money in your account to cover the amount. This might be as a result of unauthorized withdrawals from your account<ref name=":1" />
# Identity theft criminals may commit crimes with your personal information. You may not realize this until you see the police on your door arresting you for crimes that you did not commit<ref name=":1" />
# Sudden changes to your [[credit score]] may indicate that someone else is using your credit cards<ref name=":2">{{Cite book|title=For Dummies : Identity Theft For Dummies (1)|last=Arata|first=Michael J.|publisher=For Dummies|year=2010|isbn=9780470622735|location=Hoboken, US|pages=43–45|via=ProQuest ebrary}}</ref>
# Bills for services like gas, water, electricity not arriving in time. This can be an indication that your mail was stolen or redirected<ref name=":2" />
# Not being approved for loans because your credit report indicates that you are not credit worthy<ref name=":2" />
# Receiving notification from your post office informing you that your mails are being forwarded to another unknown address<ref name=":3">{{Cite web|url=http://money.usnews.com/money/personal-finance/articles/2015/07/07/10-signs-you-might-be-a-victim-of-identity-theft|title=10 Signs You Might Be a Victim of Identity Theft|last=U.S. News Staff|date=7 July 2015|website=money.usnews.com|publisher=U.S. News|access-date=12 November 2016}}</ref>
# Your yearly tax returns indicating that you have earned more than you have actually earned. This might indicate that someone is using your [[national identification number]] e.g. [[Social Security number|SSN]] to report their earnings to the tax authorities<ref name=":3" />
 
== Individual identity protection ==
Line 104 ⟶ 73:
Identity thieves sometimes impersonate dead people, using personal information obtained from death notices, gravestones, and other sources to exploit delays between the death and the closure of the person's accounts, the inattentiveness of grieving families, and weaknesses in the processes for credit-checking. Such crimes may continue for some time until the deceased's families or the authorities notice and react to anomalies.<ref>[http://www.idtheftcenter.org/Fact-Sheets/fs-117.html IDtheftcenter.org<!-- Bot generated title -->] {{webarchive|url=https://web.archive.org/web/20160417074200/http://www.idtheftcenter.org/Fact-Sheets/fs-117.html|date=17 April 2016}}, Identity Theft Resource Center Fact Sheet 117 Identity Theft and the Deceased - Prevention and Victim Tips.</ref>
 
In recent years{{When|date=September 2018}}, commercial identity theft protection/insurance services have become available in many countries. These services purport to help protect the individual from identity theft or help detect that identity theft has occurred in exchange for a monthly or annual membership fee or premium.<ref>{{cite web |url=http://www.nextadvisor.com/identity_theft_protection_services/compare.php |title=Identity Theft Protection Services |access-date=2008-12-16 |archive-date=2012-09-07 |archive-url=https://archive.istoday/20120907/http://www.nextadvisor.com/identity_theft_protection_services/compare.php |url-status=dead }} retrieved on 16 December 2008</ref> The services typically work either by setting fraud alerts on the individual's credit files with the three major credit bureaus or by setting up [[credit report monitoring]] with the credit bureau. While identity theft protection/insurance services have been heavily marketed, their value has been called into question.<ref>{{cite web |url=http://www.pcworld.com/article/145077/identitytheft_protection_what_services_can_you_trust.html |title=Identity-Theft Protection: What Services Can You Trust? }} PC World.com, retrieved on 16 December 2008</ref>
 
== Potential outcomes ==
Line 115 ⟶ 84:
 
== Identity protection by organizations ==
In their May 1998 testimony before the United States Senate, the [[Federal Trade Commission]] (FTC) discussed the sale of Social Security numbers and other personal identifiers by credit-raters and data miners. The FTC agreed to the industry's self-regulating principles restricting access to information on credit reports.<ref>{{cite web |url=http://www.ftc.gov/os/1998/05/identhef.htm |title=Testimony before the Subcommittee on Technology, Terrorism and Government Information |url-status=dead |archive-url=https://archive.today/20120801/http://www.ftc.gov/os/1998/05/identhef.htm |archive-date=1 August 2012 }}, Committee of the Judiciary, United States Senate 20 May 1998 pp 5,6</ref> According to the industry, the restrictions vary according to the category of customer. Credit reporting agencies gather and disclose personal and credit information to a wide business client base.
 
Poor stewardship of personal data by organizations, resulting in unauthorized access to sensitive data, can expose individuals to the risk of identity theft. The Privacy Rights Clearinghouse has documented over 900 individual data breaches by US companies and government agencies since January 2005, which together have involved over 200 million total records containing sensitive personal information, many containing social security numbers.<ref>[{{Cite web|url=http://www.privacyrights.org/ar/ChronDataBreaches.htm A Chronology of Data Breaches<!-- Bot generated title -->] {{webarchive|archive-url=https://web.archive.org/web/20100613183200/http://www.privacyrights.org/ar/ChronDataBreaches.htm|url-status=dead|title=A Chronology of Data Breaches<!-- Bot generated title -->|archive-date=13 June 2010}}</ref> Poor corporate diligence standards which can result in data breaches include:
* failure to shred confidential information before throwing it into dumpsters
* failure to ensure adequate [[network security]]
Line 139 ⟶ 108:
 
=== Australia ===
In [[Australia]], each state has enacted laws that deal with different aspects of identity or fraud issues. Some states have now amended relevant criminal laws to reflect crimes of identity theft, such as the Criminal Law Consolidation Act 1935 (SA), Crimes Amendment (Fraud, Identity and Forgery Offences) Act 2009, and also in Queensland under the Criminal Code 1899 (QLD). Other states and territories are in states of development in respect of regulatory frameworks relating to identity theft such as Western Australia in respect of the Criminal Code Amendment (Identity Crime) Bill 2009.
 
At the Commonwealth level, under the ''Criminal Code Amendment (Theft, Fraud, Bribery & Related Offences) Act 2000'' which amended certain provisions within the ''Criminal Code Act 1995'',
Line 189 ⟶ 158:
In Canada, ''Privacy Act'' (federal legislation) covers only federal government, agencies and [[crown corporations]]. Each province and territory has its own privacy law and privacy commissioners to limit the storage and use of personal data.
For the private sector, the purpose of the Personal Information Protection and Electronic Documents Act (2000, c. 5) (known as PIPEDA) is to establish rules to govern the collection, use, and disclosure of personal information; except for the provinces of Quebec, Ontario, Alberta and British Columbia where provincial laws have been deemed substantially similar.
 
==== Proposed legislation ====
* [[Bill C-27 (39th Canadian Parliament, 2nd Session)]]
 
=== France ===
In France, a person convicted of identity theft can be sentenced up to five years in prison and fined up to [[euro|€]]75,000.<ref>{{citeCite web |url=http://www.journaldunet.com/juridique/juridique040309.shtml |title=JournaldunetUsurpation d'identité : la loi ou la technique pour se protéger ?|website=www.journaldunet.com|accessdate=25 December 2023}}</ref>
 
=== Hong Kong ===
Line 200 ⟶ 172:
the first-mentioned person commits the offense of fraud and is liable on conviction upon indictment to '''imprisonment for 14 years'''.}}
 
Under theThe ''Personal Data (Privacy) Ordinance'', it(PDPO) establishedregulates the post{{clarify|date=Aprilcollection, 2021}} of Privacy Commissioner for Personal Datause and mandatesretention how muchof personal information onein can collect,Hong retain and destroyKong. This legislationIt also provides citizens the right to request information held by businesses and the government to the extent provided by this law. The PDPO establishes the [[Office of the Privacy Commissioner for Personal Data]] which enforces the law and advises on the use of personal data.
 
=== India ===
Line 211 ⟶ 183:
Social networking sites are one of the most famous spreaders of ''posers'' in the online community, giving the users the freedom to post any information they want without any verification that the account is being used by the real person.{{clarify|date=April 2021}}
 
The Philippines, which ranks eighth in the numbers of users of [[Facebook]] and other social networking sites (such as [[Twitter]], [[Multiply (website)|Multiply]] and [[Tumblr]]), has been known as a source of various identity theft problems.<ref>[{{Cite web|url=https://www.techunblocked.org/2015/06/facebook-users-by-country-wise.html List Of Facebook Users By Country Wise Top Ranking 2016] {{webarchive |archive-url=https://web.archive.org/web/20160310213502/https://www.techunblocked.org/2015/06/facebook-users-by-country-wise.html|url-status=dead|title=List of Facebook Users by Country Wise Top ranking 2016 - Tech Unblocked|archive-date=10 March 2016 }}</ref> Identities of people who carelessly put personal information on their profiles can easily be stolen just by simple browsing. Some people meet online, get to know each other through Facebook chat, and exchange messages that share private information. Others get romantically involved with online friends and end up sharing too much information (such as their social security number, bank account, home address, and company address).
 
This phenomenon leads to the creation of the [[Cybercrime Prevention Act of 2012]] (Republic Act No. 10175). Section 2 of this act states that it recognizes the importance of [[communication]] and [[multimedia]] for the development, exploitation, and dissemination of information{{clarify|date=April 2021}}, but violators will be punished by the law through imprisonment or a fine upwards of ₱200,000, but not exceeding ₱1,000,000, or (depending on the damage caused) both.
Line 222 ⟶ 194:
Legally, Sweden is an open society. [[Freedom of information legislation|The Principle of Public Access]] states that all information (e.g. addresses, incomes, taxes) kept by public authorities must be available for anyone, except in certain cases (for example, the addresses of people who need to hide are restricted). This makes fraud easier.
 
Until 2016, there were no laws that specifically prohibited using someone's identity. Instead, there were only laws regarding any indirect damages caused. Impersonating anyone else for financial gain is a [[type of fraud]] in the [[Criminal Code]] ({{lang-langx|sv|brottsbalken}}). Impersonating anyone else to discredit them by hacking into their social media accounts and provoke{{clarify|date=April 2021}} is considered [[libel]]. However, it is difficult to convict someone of committing this crime. In late 2016, a new law was introduced which partially banned undetermined{{clarify|date=April 2021}} identity usage.<ref>[{{Cite web|url=http://rkrattsdb.gov.se/SFSdoc/16/160485.PDF |title=SFS 2016:485 Lag om ändring i brottsbalken]|accessdate=25 December 2023}}</ref>
 
=== United Kingdom ===
In the United Kingdom, personal data is protected by the [[Data Protection Act 1998]]. The Act covers all personal data which an organization may hold, including names, birthday and anniversary dates, addresses, and telephone numbers.
 
Under [[English law]] (which extends to [[Wales]] but not to [[Northern Ireland]] or [[Scotland]]), the [[Deception (criminal law)|deception]] offences under the [[Theft Act 1968]] increasingly contend with identity theft situations. In ''R v Seward'' (2005) EWCA Crim 1941,<ref>{{citeCite web |url=http://www.bailii.org/ew/cases/EWCA/Crim/2005/1941.html |title=Seward, R. v Seward ([2005)] EWCA Crim 1941 (11 July 2005)|accessdate=25 December 2023}}</ref> the defendant was acting as the "frontman" in the use of stolen credit cards and other documents to obtain goods. He obtained goods to the value of £10,000 for others who are unlikely ever to be identified. The Court of Appeal considered a sentencing policy for deception offenses involving "identity theft" and concluded that a prison sentence was required. Henriques J. said at para 14: "Identity fraud is a particularly pernicious and prevalent form of dishonesty calling for, in our judgment, deterrent sentences."
 
Statistics released by [[CIFAS]] (UK's Fraud Prevention Service) show that there were 89,000 victims of identity theft in the UK in 2010 and 85,000 victims in 2009.<ref>{{cite web |url=http://www.cifas.org.uk/identity_fraud |title=CIFAS: your identity }}, CIFAS</ref><ref>{{cite web |url=http://id-theft-uk.blogspot.com/2010/02/uk-fraud-prevention-agency-say-id-theft.html |title=UK Fraud Prevention Agency Say ID Theft Increase of 32% in 2009 |access-date=2010-02-03 |archive-date=2012-07-01 |archive-url=https://archive.today/20120701/http://id-theft-uk.blogspot.com/2010/02/uk-fraud-prevention-agency-say-id-theft.html |url-status=dead }}, Identity Theft UK Blog, 3 February 2010</ref>{{Unreliable source?|date=December 2015}} Men in their 30s and 40s are the most common victims.<ref>{{cite web |url=http://blog.protectmyid.co.uk/index.php/the-most-likely-victims-of-identity-fraud-men-in-their-late-30s-and-early-40s/ |title=The most likely victims of identity fraud: men in their late 30s and early 40s |url-status=dead |archive-url=https://archive.today/20120708/http://blog.protectmyid.co.uk/index.php/the-most-likely-victims-of-identity-fraud-men-in-their-late-30s-and-early-40s/ |archive-date=8 July 2012 }}, Protect MY ID Blog, 21 January 2011</ref>{{Unreliable source?|date=December 2015}} Identity fraud now accounts for nearly half of all frauds recorded.<ref>{{cite web |url=http://www.cifas.org.uk/press_release_twentyeleven_c |title=Fraudscape: report reveals the UK's fraud landscape in 2010 }}, CIFAS</ref>
 
=== United States ===
Line 239 ⟶ 211:
If charges are brought by state or local law enforcement agencies, different penalties apply to depend on the state.
 
Six Federal agencies conducted a joint task force to increase the ability to detect identity theft. Their joint recommendation on "red flag" guidelines is a set of requirements on financial institutions and other entities which furnish credit data to credit reporting services to develop written plans for detecting identity theft. The FTC has determined that most medical practices are considered creditors and are subject to requirements to develop a plan to prevent and respond to patient identity theft.<ref>Michael, Sara {{cite web |url=http://www.physicianspractice.com/index/fuseaction/newsletterArticles.view/articleID/87.htm |title=Getting Red Flag Ready |access-date=2009-07-02 |archive-date=2012-09-11 |archive-url=https://archive.today/20120911/http://www.physicianspractice.com/index/fuseaction/newsletterArticles.view/articleID/87.htm |url-status=dead }} PhysiciansPractice.com, 21 May 2009. Retrieved 2 July 2009.</ref> These plans must be adopted by each organization's board of directors and monitored by senior executives.<ref>[http://www.ftc.gov/os/fedreg/2007/december/071213factafurnisheraccuracy.pdf 72 Fed. Reg. 70944 ] {{webarchive |url=https://web.archive.org/web/20130217151554/http://www.ftc.gov/os/fedreg/2007/december/071213factafurnisheraccuracy.pdf |date=17 February 2013 }} (PDF). Retrieved 29 January 2008.</ref>
 
Identity theft complaints as a percentage of all fraud complaints decreased from 2004 to 2006.<ref name="autogenerated1">[{{Cite web|url=http://www.ftc.gov/bcp/edu/microsites/idtheft/downloads/clearinghouse_2006.pdf Law Enforcement Contact1 January 1 December 31, 2001] {{webarchive |urlarchiveurl=https://web.archive.org/web/20080911044319/http://www.ftc.gov/bcp/edu/microsites/idtheft/downloads/clearinghouse_2006.pdf|url-status=dead|title=Law Enforcement Contact1 January 1 December 31, 2001|archive-date=11 September 2008 }}</ref> The Federal Trade Commission reported that fraud complaints in general were growing faster than ID theft complaints.<ref name="autogenerated1" /> The findings were similar in two other FTC studies done in 2003 and 2005. In 2003, 4.6 percent of the US population said they were a victim of ID theft. In 2005, that number had dropped to 3.7 percent of the population.<ref name=SR_1>{{cite web| title=Federal Trade Commission – Identity Theft Survey Report| url=httphttps://www.ftc.gov/bcpsites/edudefault/micrositesfiles/idtheftdocuments/downloadsreports/synovate_reportfederal-trade-commission-identity-theft-program/synovatereport.pdf| publisher=[[Federal Trade Commission]]|title date=September 2002|website access-date=5 January 2024}}</ref><ref>{{Cite web|url=https://www.ftc.gov |archive/reports/federal-urltrade-commission-2006-identity-theft-survey-report-prepared-commission-synovate|archiveurl=https://web.archive.org/web/2008051609445520080911044311/http://www.ftc.gov/bcp/edu/microsites/idtheft/downloads/synovate_report.pdf |archive-date=16 May 2008}}</ref><ref>[http://www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf |url-status=dead|title=Federal Trade Commission: 2006 Identity Theft Survey Report: Prepared for the Commission by Synovate|date=1 (November 2007)] {{webarchive |url=https://web.archive.org/web/20080911044311/http://www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf |-date=11 September 2008|website=Federal Trade Commission}}</ref> The commission's 2003 estimate was that identity theft accounted for some $52.6 billion of losses in the preceding year alone and affected more than 9.91 million Americans;<ref>{{cite web |url=http://www.ftc.gov/opa/2003/09/idtheft.shtm |title=FTC.gov<!-- Bot generated title --> |url-status=dead |archive-url=https://archive.today/20120731/http://www.ftc.gov/opa/2003/09/idtheft.shtm |archive-date=31 July 2012 }}, releases Survey of Identity Theft in U.S. 27.3 Million Victims in past 5 Years, Billions in Losses for Businesses and Consumers</ref> the figure comprises $47.6 billion lost by businesses and $5 billion lost by consumers.
 
According to the [[Bureau of Justice Statistics|U.S. Bureau of Justice Statistics]], in 2010, 7% of US households experienced identity theft - up from 5.5% in 2005 when the figures were first assembled, but broadly flat since 2007.<ref name="Bureau of Justice Statistics">{{cite web | url=http://bjs.gov/content/pub/pdf/itrh0510.pdf | title=Identity Theft Reported by Households, 2005-2010 | publisher=Bureau of Justice Statistics | year=2011 | access-date=24 June 2013}}</ref> In 2012, approximately 16.6 million persons, or 7% of all U.S. residents age 16 or older, reported being victims of one or more incidents of identity theft.<ref>Harrell, Erika and Lynn Langton. (2013). [http://www.bjs.gov/content/pub/pdf/vit12.pdf Victims of Identity Theft, 2012.] {{webarchive |url=https://web.archive.org/web/20160907043423/http://www.bjs.gov/content/pub/pdf/vit12.pdf |date=7 September 2016 }} Washington, D.C. [[United States Department of Justice|U.S. Department of Justice]], [[Bureau of Justice Statistics]].</ref>
 
At least two states, [[California]]<ref>{{cite web |url=http://www.privacyprotection.ca.gov/ |title=California Office of Identity Protection |access-date=2009-01-08 |archive-date=2012-08-05 |archive-url=https://archive.today/20120805/http://www.privacyprotection.ca.gov/ |url-status=dead }}</ref> and [[Wisconsin]]<ref>{{citeCite web |url=httphttps://privacydatcp.wi.gov/ Pages/Programs_Services/IdentityTheft.aspx|title=Wisconsin'sDATCP OfficeHome ofIdentity PrivacyTheft Protection|website=datcp.wi.gov|accessdate=25 December 2023}}</ref> have created an Office of Privacy Protection to assist their citizens in avoiding and recovering from identity theft.
 
In 2009, Indiana created an Identity Theft Unit within their Office of Attorney General to educate and assist consumers in avoiding and recovering from identity theft as well as assist law enforcement in investigating and prosecuting identity theft crimes.<ref>{{cite web|url=http://www.in.gov/legislative/ic/code/title4/ar6/ch13.pdf |title=ArchivedIndiana copyGeneral Assembly |access-date=3 October 2013 |url-status=live |archive-url=https://web.archive.org/web/20131004215445/http://www.in.gov/legislative/ic/code/title4/ar6/ch13.pdf |archive-date=4 October 2013 }}</ref><ref>{{cite web |url=http://www.in.gov/attorneygeneral/2853.htm |title=Attorney General: ID Theft Prevention |publisher=In.gov |date=6 December 2013 |access-date=24 January 2014 |archive-date=11 January 2014 |archive-url=https://web.archive.org/web/20140111062848/http://www.in.gov/attorneygeneral/2853.htm |url-status=dead }}</ref>
 
In Massachusetts in 2009–2010, Governor [[Deval Patrick]] committed to balancing consumer protection with the needs of small business owners. His Office of Consumer Affairs and Business Regulation announced certain adjustments to Massachusetts' identity theft regulations that maintain protections and also allow flexibility in compliance. These updated regulations went into effect on 1 March 2010. The regulations are clear that their approach to data security is a risk-based approach important to small businesses and might not handle a lot of personal information about customers.<ref>[http://www.mass.gov/?pageID=ocatopic&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca "Consumer Identity Theft"]. Commonwealth of Massachusetts, 2010 {{webarchive |url=https://web.archive.org/web/20111105045936/http://www.mass.gov/?pageID=ocatopic&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca |date=5 November 2011 }}</ref><ref>[http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf "Frequently Asked Question Regarding 201 CMR 17.00"] {{webarchive |url=https://web.archive.org/web/20110811054640/http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf |date=11 August 2011 }}, Commonwealth of Massachusetts, Office of Consumer Affairs and Business Regulation, 3 November 2009</ref>
Line 256 ⟶ 228:
 
==== Notification ====
Many states followed California's lead and enacted mandatory [[data breach notification laws]]. As a result, companies that report a data breach typically report it to all their customers.<ref>{{cite web |url=http://www.naag.org/states-offer-data-breach-protection.php |title=States Offer Data Breach Protection |url-status=dead |archive-url=https://archive.today/20120913/http://www.naag.org/states-offer-data-breach-protection.php |archive-date=13 September 2012 }}</ref>
 
== Spread and impact ==
{{How-toUpdate | section|date=AprilSeptember 20222023}}
Surveys in the US from 2003 to 2006 showed a decrease in the total number of identity fraud victims and a decrease in the total value of identity fraud from US$47.6 billion in 2003 to $15.6 billion in 2006.{{citation needed|date=May 2021}} The average fraud per person decreased from $4,789 in 2003 to $1,882 in 2006. A Microsoft report shows that this drop is due to statistical problems with the methodology, that such survey-based estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude.<ref>{{cite web|url=http://research.microsoft.com/pubs/149886/SexLiesandCybercrimeSurveys.pdf |title=Sex, Lies and Cybercrime Surveys |publisher=Microsoft |date=15 June 2011 |access-date=11 March 2015}}</ref>
 
The 2003 survey from the Identity Theft Resource Center<ref>{{citeCite web |url=httphttps://www.idtheftcenter.org /|title=IDtheftcenter.orgHome Page|website=ITRC|accessdate=25 December 2023}}</ref> found that:
* Only 15% of victims find out about the theft through proactive action taken by a business
* The average time spent by victims resolving the problem is about 330 hours
Line 322 ⟶ 295:
* {{annotated link|Albert Gonzalez}}
* {{annotated link|Yuri Kondratyuk}}
* {{annotated link|Charles Stopford}}
{{div col end}}
 
==Further reading==
 
* Brensinger, Jordan (2023). "[https://journals.sagepub.com/doi/full/10.1177/00031224231189895 Identity Theft, Trust Breaches, and the Production of Economic Insecurity]". ''American Sociological Review''.
 
==References==
Line 332 ⟶ 310:
* [https://www.identitytheft.gov/ Identity Theft Recovery Plan] FTC steps for identity theft victims.
* [http://www.idtheft.gov The President's Task Force on Identity Theft] – a government task force established by US President George W. Bush to fight identity theft.
* {{curlie|Society/Crime/Theft/Identity_Theft}}
* [http://www.mysecurecyberspace.org/encyclopedia/index/identity-theft.html#msc.encyclopedia.identitytheft Identity Theft] – [[Carnegie Mellon University]]
* [https://web.archive.org/web/20101105002332/http://www.ojp.usdoj.gov/nij/topics/crime/id-theft/welcome.htm Identity Theft: A Research Review, National Institute of Justice 2007]
Retrieved from "https://en.wikipedia.org/wiki/Identity_theft"