Identity theft as we know it today is on the rise. It’s rather simple in a well connected world that thieves and other miscreants can glean a couple of bits of our personal data SSN, date of birth address etc. and then begin formulating a new false identity from which they hope to profit for personal gain. Much of today’s large scale identity theft is carried out by organized crime rings in foreign countries, while a growing industry of smaller time thieves are using all sorts of scams to cheat the system here in the US. Identity theft has many tentacles, some among them include.
- credit card identity ssn numbers and other financial information
- health care identity theft (think Medicare/caid fraud)
- Tax refund / borth or death certificate fraud (think claiming tax refund for a recently deceased or born person)
The core problem is that we’re tying numbers and descriptions to people and that bond is very loose and fluid. Basically just using only three to four data points (name, dob, ssn , address)we can associate a real live person with their identity, this is the basic flaw in the system, since the modern world its relatively easy to glean such information because there’s no true physical tie-in to the person.
What you can do now
For now I think we all need to be more vigilant and do as much as we can to stay on top of our identity. Here are some suggestions.
- Add transaction (Email alerts) to all your credit and debit cards. Most banks and credit card agencies usually have options on their web sites to send out email triggered alerts for credit card purchases, do this for every credit card so your always in the loop.
- Check our your Free credit report regularly, visit the official credit report government site here for details. Be careful and use only trusted sites , as many impostor free credit report sites exists, which of course try to steal or sell your information .
- Lost or stolen credit cards , immediately report and cancel them, do not dilly dally as thieves work very quickly.
- Beware of unsolicited calls (or emails) asking for personal information.
- Beware of bank / credit card emails warning you about dire financial issues and asking you to click n their link to login. Ignore their link and login via your trusted bookmark or type in carefully the valid name of your financial institution.
- Minimize credit card use (ie. pay in cash) when paying for items such as fuels or meals in new or untrustworthy locations ( such as overseas).
One solution – have companies validate each credit request
A simple common sense solution is to have a standard callback and verification system , every time some company wants to issue new credit, checks your credit or uses credit in your name . The onus of verification should fall on the company issuing/authorizing the credit not you as the hapless consumer. Here’s a simple example.
Identity thief manages to gather your core information, then applies for a card in your name etc. The issuing company first should do common sense matching against its database to see that , hey your last known address is in NJ but now your applying in FL or hey you already have 5 credit cards why would you apply for six. Major credit issuers have fairly sophisticated logic in their systems that perform a this basic check, but not all issuers are as sophisticated The next step if the above checks pass, is to have a simple phone call to the person requesting the credit to confirm they indeed did request the card. Of course a wise thief will put in a false phone number , but a wiser credit agency will disregard that number and call the last number on file. Also valid agencies should have some way to verify personal information against recent phone or utility records.
This way identity thieves would have to not only know your ssn or other key information but have to answer the phone and answer questions like what was your last phone / electric bill, legitimate users would have no qualms with this and it would stop the vast majority of identity theft.
Problem with this approach is that companies are too lazy or prefer not to take on the expense of more elaborate checks. most have done the numbers and realize that the cost of dealing with identity theft is likely cheaper than the cost of thorough validation step. Of course that’s the cost to them, but your cost of lost time, money and effort to clean up the theft is not considered.
One-time or Disposable Credit cards numbers
Another approach already adopted by the likes of Citi (Citi Virtual Account number) and others , is one-time usage credit card (disposable) numbers or short expiration credit cards . You can find out more here how to generate your own disposable credit card number .
These types of cards are essentially worthless after one or limited time use making the identity theft harder since its usage is very time dependent . This is a great approach, of course it requires more infrastructure on the side of the card-issuing company, but helps minimize identity theft for purchases and other retail requests.
National database of credit checks or issues.
Another way to minimize identity theft is to have a national (mandated by the government) database where users can log in (via a very secure mechanism) and be able see all the activity , credit checks, credit issues, fraud alerts, etc. in one central place. This database would be required to be populated by all agencies and companies that in any way touch a person’s credit information, so a person can see in a transparent fashion who is looking or issuing credit against their identity. That’s the key, if you can find out who and when someone is looking or requesting your credit or financial information you can make better informed decisions about its legitimate use.
Bio-metrics – the best approach…
Perhaps the best , but most controversial approach is to tie a bio-metric marker to a person’s identity. This would seem like the most common-sense way . Something like a finger print scan (from a live finger) or iris scan (from a live eye) can be used to legitimately tie a person’s true identity with their bio-metric markers, making it very very hard for an identity thief to pull off his or her fraud.
The controversy here is that it is a privacy advocates fear this information falling in the wrong hands or government having too much information and being able to use it mischievously for other purposes (ie. spying).
In the end this is a problem that will eventually have a solution , until then we all need to be vigilant.
Part of the problem is problem here is – punishment. If we would start executing ID thieves and hackers….the problem would be solved.
I’m all for branding, lopping off limbs, or making these criminals do hard labor. Some of these criminals make millions for their crimes and only spend a few months in jail over it, is it me or is that a minor price to pay for doing so much damage to people and society?
Part of the problem is that a lot of these thieves and hackers are based overseas in places like Russia, UK, Spain, Nigeria, etc. How do you go after them?
Abrandao, I totally agree with the article, We need law that clearly states it is creditor’s responsibility to verify my identity, not other way around. If creditors fail to verify identity – it is their problem, I should be able to say “I didn’t do it, take it off record and don’t bother me again” and creditors should bear burden of proof.” Agreed we need some national verification system
Most monitoring is unnecessary. Identity theft is virtually impossible to eliminate, but easy to minimize. The site, http://www.abrandao.com has info on how to prevent identity theft for free.
It’s easier to steal and theive some’s identity and later ask for forgiveness, than for creditors to actually veify .