Identity theft
Encyclopedia
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The victim of identity theft (here meaning the person whose identity has been assumed by the identity thief) can suffer adverse consequences if he or she is held accountable for the perpetrator's actions. Organizations and individuals who are duped or defrauded by the identity thief can also suffer adverse consequences and losses, and to that extent are also victims.
The term identity theft was coined in 1964 and is actually a misnomer because it is not literally possible to steal an identity as such - more accurate terms would be identity fraud or impersonation or identity cloning, but identity theft has become commonplace.
"Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained," and identity theft is not always detectable by the individual victims, according to a report done for the FTC. Identity fraud is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A US Government Accountability Office study determined that "most breaches have not resulted in detected incidents of identity theft". the report also warned that "the full extent is unknown". A later unpublished study by Carnegie Mellon University noted that "Most often, the causes of identity theft is not known," but reported that someone else concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%". More recently, an association of consumer data companies noted that one of the largest data breaches ever, accounting for over four million records, resulted in only about 1,800 instances of identity theft, according to the company whose systems were breached.
A recent article entitled, “Cyber Crime Made Easy" explained the level to which hackers are using malicious software. As one security specialist named Gunter Ollmann said, “Interested in credit card theft? There’s an app for that.” This statement summed up the ease with which these hackers are accessing all kinds of information online. The new program for infecting users’ computers is called Zeus
; and the program is so hacker friendly that even an inexperienced hacker can operate it. Although the hacking program is easy to use, that fact does not diminish the devastating effects that Zeus (or other software like Zeus) can do to a computer and the user. For example, the article stated that programs like Zeus can steal credit card information, important documents, and even documents necessary for homeland security. If the hacker were to gain this information, it would mean identity theft or even a possible terrorist attack. (Giles, Jim. "Cyber Crime Made Easy." New Scientist 205.2752 (2010): 20-21. Academic Search Premier. EBSCO. Web. 3 Oct. 2010.)
Identity theft may be used to facilitate or fund other crimes including illegal immigration
, terrorism
, phishing
and espionage
. There are cases of identity cloning to attack payment systems, including online credit card processing and medical insurance.
Usually, identity thieves are attention seekers, do it for fun, revenge or to malign somebody’s reputation. Occasionally, they impersonate others for non-financial reasons—for instance, to receive praise or attention for the victim's achievements.
s performed for employment purposes.
It can be difficult for the victim of a criminal identity theft to clear their record. The steps required to clear the victim's incorrect criminal record
depend on what jurisdiction the crime occurred in and whether the true identity of the criminal can be determined. The victim might need to locate the original arresting officers and prove their own identity by some reliable means such as fingerprinting or DNA fingerprinting, and may need to go to a court hearing to be cleared of the charges. Obtaining an expungement
of court records may also be required. Authorities might permanently maintain the victim's name as an alias for the criminal's true identity in their criminal records databases. One problem that victims of criminal identity theft may encounter is that various data aggregators might still have the incorrect criminal records in their databases even after court and police records are corrected. Thus it is possible that a future background check will return the incorrect criminal records. This is just one example of the kinds of impact that may continue to affect the victims of identity theft for some months or even years after the crime, aside from the psychological trauma that being 'cloned' typically engenders.
with a name and birthdate other than the ones associated with the number. Synthetic identity theft is more difficult to track as it doesn't show on either person's credit report directly, but may appear as an entirely new file in the credit bureau
or as a subfile on one of the victim's credit reports. Synthetic identity theft primarily harms the creditors who unwittingly grant the fraudsters credit. Individual victims can be affected if their names become confused with the synthetic identities, or if negative information in their subfiles impacts their credit ratings.
, found that of 40,000 children 10.2% were victims of identity theft.
about individuals, or various credentials they use to authenticate themselves, in order to impersonate them. Examples include:
. For consumers, this is usually a result of them naively providing their personal information or login credentials to the identity thieves as a result of being duped but identity-related documents such as credit cards, bank statements, utility bills, checkbooks etc. may also be physically stolen from vehicles, homes and offices, or directly from victims by pickpockets and bag snatchers. Guardianship of personal identifiers by consumers is the most common intervention strategy recommended by the US Federal Trade Commission, Canadian Phone Busters
and most sites that address identity theft. Such organizations offer recommendations on how individuals can prevent their information falling into the wrong hands.
Identity theft can be partially mitigated by not identifying oneself unnecessarily (a form of information security control known as risk avoidance). This implies that organizations, IT systems and procedures should not demand excessive amounts of personal information or credentials for identification and authentication. Requiring, storing and processing personal identifiers (such as Social Security number
, national identification number
, drivers license number, credit card number, etc.) increases the risks of identity theft unless this valuable personal information is adequately secured at all times.
To protect themselves against electronic identity theft by phishing
, hacking
or malware, individuals are well advised to maintain computer security
, for example by keeping their operating systems fully patched against known security vulnerabilities, running antivirus software and being cautious in their use of IT.
Identity thieves sometimes impersonate dead people, using personal information obtained from death notices, gravestones and other sources to exploit delays between the death and the closure of the person's accounts, the inattentiveness of grieving families and weaknesses in the processes for credit-checking. Such crimes may continue for some time until the deceased's families or the authorities notice and react to anomalies.
In recent years, commercial identity theft protection/insurance services have become available in many countries. These services purport to help protect the individual from identity theft or help detect that identity theft has occurred in exchange for a monthly or annual membership fee or premium. The services typically work either by setting fraud alerts on the individual's credit files with the three major credit bureaus or by setting up credit report monitoring
with the credit bureaux. While identity theft protection/insurance services have been heavily marketed, their value has been called into question.
Poor stewardship of personal data by organizations, resulting in unauthorized access to sensitive data, can expose individuals to the risk of identity theft. The Privacy Rights Clearinghouse has documented over 900 individual data breaches by US companies and government agencies since January 2005, which together have involved over 200 million total records containing sensitive personal information, many containing social security numbers. Poor corporate diligence standards which can result in data breaches include:
The failure of corporate or government organizations to protect consumer privacy
, client confidentiality
and political privacy
has been criticized for facilitating the acquisition of personal identifiers by criminals.
Using various types of biometric information, such as fingerprint
s, for identification and authentication has been cited as a way to thwart identity thieves, however there are technological limitations and privacy concerns associated with these methods as well.
On the Commonwealth level, under the Criminal Code Amendment (Theft, Fraud, Bribery & Related Offences) Act 2000 which amended certain provisions within the Criminal Code Act 1995,
The term identity theft was coined in 1964 and is actually a misnomer because it is not literally possible to steal an identity as such - more accurate terms would be identity fraud or impersonation or identity cloning, but identity theft has become commonplace.
"Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained," and identity theft is not always detectable by the individual victims, according to a report done for the FTC. Identity fraud is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A US Government Accountability Office study determined that "most breaches have not resulted in detected incidents of identity theft". the report also warned that "the full extent is unknown". A later unpublished study by Carnegie Mellon University noted that "Most often, the causes of identity theft is not known," but reported that someone else concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%". More recently, an association of consumer data companies noted that one of the largest data breaches ever, accounting for over four million records, resulted in only about 1,800 instances of identity theft, according to the company whose systems were breached.
A recent article entitled, “Cyber Crime Made Easy" explained the level to which hackers are using malicious software. As one security specialist named Gunter Ollmann said, “Interested in credit card theft? There’s an app for that.” This statement summed up the ease with which these hackers are accessing all kinds of information online. The new program for infecting users’ computers is called Zeus
Zeus (trojan horse)
Zeus is a Trojan horse that steals banking information by keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became...
; and the program is so hacker friendly that even an inexperienced hacker can operate it. Although the hacking program is easy to use, that fact does not diminish the devastating effects that Zeus (or other software like Zeus) can do to a computer and the user. For example, the article stated that programs like Zeus can steal credit card information, important documents, and even documents necessary for homeland security. If the hacker were to gain this information, it would mean identity theft or even a possible terrorist attack. (Giles, Jim. "Cyber Crime Made Easy." New Scientist 205.2752 (2010): 20-21. Academic Search Premier. EBSCO. Web. 3 Oct. 2010.)
Types
Sources such as the non-profit Identity Theft Resource Center sub-divide identity theft into five categories:- Criminal identity theft (posing as another person when apprehended for a crime)
- Financial identity theft (using another's identity to obtain credit, goods and services)
- Identity cloning (using another's information to assume his or her identity in daily life)
- Medical identity theft (using another's identity to obtain medical care or drugs)
- Child identity theft.
Identity theft may be used to facilitate or fund other crimes including illegal immigration
Illegal immigration
Illegal immigration is the migration into a nation in violation of the immigration laws of that jurisdiction. Illegal immigration raises many political, economical and social issues and has become a source of major controversy in developed countries and the more successful developing countries.In...
, terrorism
Terrorism
Terrorism is the systematic use of terror, especially as a means of coercion. In the international community, however, terrorism has no universally agreed, legally binding, criminal law definition...
, phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
and espionage
Espionage
Espionage or spying involves an individual obtaining information that is considered secret or confidential without the permission of the holder of the information. Espionage is inherently clandestine, lest the legitimate holder of the information change plans or take other countermeasures once it...
. There are cases of identity cloning to attack payment systems, including online credit card processing and medical insurance.
Usually, identity thieves are attention seekers, do it for fun, revenge or to malign somebody’s reputation. Occasionally, they impersonate others for non-financial reasons—for instance, to receive praise or attention for the victim's achievements.
Identity cloning and concealment
In this situation, the identity thief impersonates someone else in order to conceal their own true identity. Examples might be illegal immigrants, people hiding from creditors or other individuals, or those who simply want to become "anonymous" for personal reasons. Another example are posers, a label given to people who use somebody else’s photos and information through social networking sites. Mostly, posers create believable stories involving friends of the real person they are imitating. Unlike identity theft used to obtain credit which usually comes to light when the debts mount, concealment may continue indefinitely without being detected, particularly if the identity thief is able to obtain false credentials in order to pass various authentication tests in everyday life.Criminal identity theft
When a criminal fraudulently identifies himself to police as another individual at the point of arrest, it is sometimes referred to as "Criminal Identity Theft." In some cases criminals have previously obtained state-issued identity documents using credentials stolen from others, or have simply presented fake ID. Provided the subterfuge works, charges may be placed under the victim's name, letting the criminal off the hook. Victims might only learn of such incidents by chance, for example by receiving court summons, discovering their drivers licenses are suspended when stopped for minor traffic violations, or through background checkBackground check
A background check or background investigation is the process of looking up and compiling criminal records, commercial records and financial records of an individual....
s performed for employment purposes.
It can be difficult for the victim of a criminal identity theft to clear their record. The steps required to clear the victim's incorrect criminal record
Criminal record
A criminal record is a record of a person's criminal history, generally used by potential employers, lenders etc. to assess his or her trustworthiness. The information included in a criminal record varies between countries and even between jurisdictions within a country...
depend on what jurisdiction the crime occurred in and whether the true identity of the criminal can be determined. The victim might need to locate the original arresting officers and prove their own identity by some reliable means such as fingerprinting or DNA fingerprinting, and may need to go to a court hearing to be cleared of the charges. Obtaining an expungement
Expungement
In the common law legal system, an expungement proceeding is a type of lawsuit in which a first time offender of a prior criminal conviction seeks that the records of that earlier process be sealed, thereby making the records unavailable through the state or Federal repositories. If successful, the...
of court records may also be required. Authorities might permanently maintain the victim's name as an alias for the criminal's true identity in their criminal records databases. One problem that victims of criminal identity theft may encounter is that various data aggregators might still have the incorrect criminal records in their databases even after court and police records are corrected. Thus it is possible that a future background check will return the incorrect criminal records. This is just one example of the kinds of impact that may continue to affect the victims of identity theft for some months or even years after the crime, aside from the psychological trauma that being 'cloned' typically engenders.
Synthetic identity theft
A variation of identity theft which has recently become more common is synthetic identity theft, in which identities are completely or partially fabricated. The most common technique involves combining a real social security numberSocial Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
with a name and birthdate other than the ones associated with the number. Synthetic identity theft is more difficult to track as it doesn't show on either person's credit report directly, but may appear as an entirely new file in the credit bureau
Credit bureau
A credit bureau , or credit reference agency is a company that collects information from various sources and provides consumer credit information on individual consumers for a variety of uses. It is an organization providing information on individuals' borrowing and bill paying habits...
or as a subfile on one of the victim's credit reports. Synthetic identity theft primarily harms the creditors who unwittingly grant the fraudsters credit. Individual victims can be affected if their names become confused with the synthetic identities, or if negative information in their subfiles impacts their credit ratings.
Medical identity theft
Medical identity theft occurs when someone uses a person's name and sometimes other parts of their identity—such as insurance information—without the person's knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, which may in turn lead to inappropriate and potentially life-threatening decisions by medical staff.Child identity theft
Child identity theft occurs when a minor’s Social Security number is used by another person for the imposter’s personal gain. The imposter can be a family member, a friend, or even a stranger who targets children. The Social Security numbers of children are valued because they do not have any information associated with them. Thieves can establish lines of credit, obtain driver’s licenses, or even buy a house using a child’s identity. This fraud can go undetected for years, as most children don’t discover the problem until years later. Child identity theft is fairly common, and studies have shown that the problem is growing. The largest study on child identity theft, as reported by Richard Power of the Carnegie Mellon Cylab with data supplied by AllClear IDAllClear ID
AllClear ID, released in 2010, is an identity theft protection product from the company Debix. Debix was founded in 2004 and uses patented technology to alert customers of potential fraud....
, found that of 40,000 children 10.2% were victims of identity theft.
Techniques for obtaining and exploiting personal information for identity theft
Identity thieves typically obtain and exploit personally identifiable informationPersonally identifiable information
Personally Identifiable Information , as used in information security, is information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual...
about individuals, or various credentials they use to authenticate themselves, in order to impersonate them. Examples include:
- Rummaging through rubbish for personal information (dumpster diving)
- Retrieving personal data from redundant IT equipment and storage media including PCs, servers, PDAs, mobile phones, USB memory sticks and hard drives that have been disposed of carelessly at public dump sites, given away or sold on without having been properly sanitized
- Using public recordsPublic recordsPublic records are documents or pieces of information that are not considered confidential. For example, in California, when a couple fills out a marriage license application, they have the option of checking the box as to whether the marriage is "confidential" or "Public"...
about individual citizens, published in official registers such as electoral rolls - Stealing bank or credit cards, identification cards, passports, authentication tokens ... typically by pickpocketingPickpocketingPickpocketing is a form of larceny that involves the stealing of money or other valuables from the person of a victim without their noticing the theft at the time. It requires considerable dexterity and a knack for misdirection...
, housebreakingBurglaryBurglary is a crime, the essence of which is illicit entry into a building for the purposes of committing an offense. Usually that offense will be theft, but most jurisdictions specify others which fall within the ambit of burglary...
or mail theftTheftIn common usage, theft is the illegal taking of another person's property without that person's permission or consent. The word is also used as an informal shorthand term for some crimes against property, such as burglary, embezzlement, larceny, looting, robbery, shoplifting and fraud... - Skimming information from bank or credit cards using compromised or hand-held card readers, and creating clone cards
- Using 'contactless' credit card readersWireless Identity TheftWireless identity theft, also known as contactless identity theft or RFID identity theft, is a form of identity theft described as "the act of compromising an individual's personal identifying information using wireless mechanics." Numerous articles have been written about wireless identity theft...
to acquire data wirelessly from RFID-enabled passports - Observing users typing their login credentials, credit/calling card numbers etc. into IT equipment located in public places (shoulder surfingShoulder surfing (computer security)In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information...
) - Stealing personal information from computers using malwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, particularly Trojan horseTrojan horse (computing)A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
keystroke loggingKeystroke loggingKeystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
programs or other forms of spywareSpywareSpyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's... - HackingHacker (computer security)In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
computer networks, systems and databases to obtain personal data, often in large quantities - Exploiting breaches that result in the publication or more limited disclosure of personal information such as names, addresses, Social Security numberSocial Security numberIn the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
or credit card numbers - Advertising bogus job offers in order to accumulate resumes and applications typically disclosing applicants' names, home and email addresses, telephone numbers and sometimes their banking details
- Exploiting insider access and abusing the rights of privileged IT users to access personal data on their employers' systems
- Infiltrating organizations that store and process large amounts or particularly valuable personal information
- Impersonating trusted organizations in emails, SMS text messages, phone calls or other forms of communication in order to dupe victims into disclosing their personal information or login credentials, typically on a fake corporate website or data collection form (phishingPhishingPhishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
) - Brute-force attacking weak passwords and using inspired guesswork to compromise weak password reset questions
- Obtaining castings of fingers for falsifying fingerprint identification.
- Browsing social networkingSocial network serviceA social networking service is an online service, platform, or site that focuses on building and reflecting of social networks or social relations among people, who, for example, share interests and/or activities. A social network service consists of a representation of each user , his/her social...
websites for personal details published by users, often using this information to appear more credible in subsequent social engineering activities - Diverting victims' email or post in order to obtain personal information and credentials such as credit cards, billing and bank/credit card statements, or to delay the discovery of new accounts and credit agreements opened by the identity thieves in the victims' names
- Using false pretenses to trick individuals, customer service representatives and help desk workers into disclosing personal information and login details or changing user passwords/access rights (pretexting)
- Stealing cheques (checks)ChequeA cheque is a document/instrument See the negotiable cow—itself a fictional story—for discussions of cheques written on unusual surfaces. that orders a payment of money from a bank account...
to acquire banking information, including account numbers and bank routing numbersRouting transit numberA routing transit number is a nine digit bank code, used in the United States, which appears on the bottom of negotiable instruments such as checks identifying the financial institution on which it was drawn... - Guessing Social Security numbers by using information found on Internet social networks such as Facebook and MySpace
- Low security/privacy protection on photos that are easily clickable and downloaded on social networking sites.
- Befriending strangers on social networks and taking advantage of their trust until private information are given.
Individual identity protection
The acquisition of personal identifiers is made possible through serious breaches of privacyPrivacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
. For consumers, this is usually a result of them naively providing their personal information or login credentials to the identity thieves as a result of being duped but identity-related documents such as credit cards, bank statements, utility bills, checkbooks etc. may also be physically stolen from vehicles, homes and offices, or directly from victims by pickpockets and bag snatchers. Guardianship of personal identifiers by consumers is the most common intervention strategy recommended by the US Federal Trade Commission, Canadian Phone Busters
PhoneBusters
The Canadian Anti-Fraud Centre is Canada's national anti-fraud call centre and central fraud data repository...
and most sites that address identity theft. Such organizations offer recommendations on how individuals can prevent their information falling into the wrong hands.
Identity theft can be partially mitigated by not identifying oneself unnecessarily (a form of information security control known as risk avoidance). This implies that organizations, IT systems and procedures should not demand excessive amounts of personal information or credentials for identification and authentication. Requiring, storing and processing personal identifiers (such as Social Security number
Social Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
, national identification number
National identification number
A national identification number, national identity number, or national insurance number is used by the governments of many countries as a means of tracking their citizens, permanent residents, and temporary residents for the purposes of work, taxation, government benefits, health care, and other...
, drivers license number, credit card number, etc.) increases the risks of identity theft unless this valuable personal information is adequately secured at all times.
To protect themselves against electronic identity theft by phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
, hacking
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
or malware, individuals are well advised to maintain computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
, for example by keeping their operating systems fully patched against known security vulnerabilities, running antivirus software and being cautious in their use of IT.
Identity thieves sometimes impersonate dead people, using personal information obtained from death notices, gravestones and other sources to exploit delays between the death and the closure of the person's accounts, the inattentiveness of grieving families and weaknesses in the processes for credit-checking. Such crimes may continue for some time until the deceased's families or the authorities notice and react to anomalies.
In recent years, commercial identity theft protection/insurance services have become available in many countries. These services purport to help protect the individual from identity theft or help detect that identity theft has occurred in exchange for a monthly or annual membership fee or premium. The services typically work either by setting fraud alerts on the individual's credit files with the three major credit bureaus or by setting up credit report monitoring
Credit report monitoring
Credit report monitoring is the monitoring of one's credit history in order to detect any suspicious activity or changes. Companies offer such service on a subscription basis, typically granting regular access to one's credit history, alerts of critical changes to one's credit history, and...
with the credit bureaux. While identity theft protection/insurance services have been heavily marketed, their value has been called into question.
Identity protection by organizations
In their May 1998 testimony before the United States Senate, the Federal Trade Commission (FTC) discussed the sale of Social Security numbers and other personal identifiers by credit-raters and data miners. The FTC agreed to the industry's self-regulating principles restricting access to information on credit reports. According to the industry, the restrictions vary according to the category of customer. Credit reporting agencies gather and disclose personal and credit information to a wide business client base.Poor stewardship of personal data by organizations, resulting in unauthorized access to sensitive data, can expose individuals to the risk of identity theft. The Privacy Rights Clearinghouse has documented over 900 individual data breaches by US companies and government agencies since January 2005, which together have involved over 200 million total records containing sensitive personal information, many containing social security numbers. Poor corporate diligence standards which can result in data breaches include:
- failure to shred confidential information before throwing it into dumpsters
- failure to ensure adequate network securityNetwork securityIn the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...
- the theft of laptop computers or portable media being carried off-site containing vast amounts of personal information. The use of strong encryptionEncryptionIn cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
on these devices can reduce the chance of data being misused should a criminal obtain them. - the brokerage of personal information to other businesses without ensuring that the purchaser maintains adequate security controls
- Failure of governments, when registering sole proprietorships, partnerships, and corporations, to determine if the officers listed in the Articles of Incorporation are who they say they are. This potentially allows criminals access to personal information through credit ratingCredit ratingA credit rating evaluates the credit worthiness of an issuer of specific types of debt, specifically, debt issued by a business enterprise such as a corporation or a government. It is an evaluation made by a credit rating agency of the debt issuers likelihood of default. Credit ratings are...
and data miningData miningData mining , a relatively young and interdisciplinary field of computer science is the process of discovering new patterns from large data sets involving methods at the intersection of artificial intelligence, machine learning, statistics and database systems...
services.
The failure of corporate or government organizations to protect consumer privacy
Consumer privacy
Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate customer privacy measures...
, client confidentiality
Client confidentiality
Client confidentiality is the principle that an institution or individual should not reveal information about their clients to a third party without the consent of the client or a clear legal reason...
and political privacy
Political privacy
Political privacy has been a concern since voting systems emerged in ancient times. The secret ballot is the simplest and most widespread measure to ensure that political views are not known to anyone other than the voter—it is nearly universal in modern democracy, and considered a basic right of...
has been criticized for facilitating the acquisition of personal identifiers by criminals.
Using various types of biometric information, such as fingerprint
Fingerprint
A fingerprint in its narrow sense is an impression left by the friction ridges of a human finger. In a wider use of the term, fingerprints are the traces of an impression from the friction ridges of any part of a human hand. A print from the foot can also leave an impression of friction ridges...
s, for identification and authentication has been cited as a way to thwart identity thieves, however there are technological limitations and privacy concerns associated with these methods as well.
Australia
In Australia, each state has enacted laws that dealt with different aspects of identity or fraud issues. Some States have now amended relevant criminal laws to reflect crimes of identity theft, such as the Criminal Law Consolidation Act 1935 (SA), Crimes Amendment (Fraud, Identity and Forgery Offences) Act 2009 and also in Queensland under the Criminal Code 1899 (QLD). Other States and Territories are in states of development in respect of regulatory frameworks relating to identity theft such as Western Australia in respect of Criminal Code Amendment (Identity Crime) Bill 2009.On the Commonwealth level, under the Criminal Code Amendment (Theft, Fraud, Bribery & Related Offences) Act 2000 which amended certain provisions within the Criminal Code Act 1995,
Likewise, each state has enacted their own privacy laws to prevent misuse of personal information and data. The Commonwealth Privacy Act is applicable only to Commonwealth and territory agencies, and to certain private sector bodies (where for example they deal with sensitive records, such as medical records, or they have more than $3 million turnover PA).
Canada
Under section 402.2 of the Criminal Code of CanadaCriminal Code of CanadaThe Criminal Code or Code criminel is a law that codifies most criminal offences and procedures in Canada. Its official long title is "An Act respecting the criminal law"...
,
Under section 403 of the Criminal Code of CanadaCriminal Code of CanadaThe Criminal Code or Code criminel is a law that codifies most criminal offences and procedures in Canada. Its official long title is "An Act respecting the criminal law"...
,
In Canada, Privacy Act (federal legislation) covers only federal government, agencies and crown corporations. Each province and territory has its own privacy law and privacy commissioners to limit the storage and use of personal data.
For the private sector, the purpose of the Personal Information Protection and Electronic Documents Act ( 2000, c. 5 ) (known as PIPEDA) is to establish rules to govern the collection, use and disclosure of personal information; except for the provinces of Quebec, Ontario, Alberta and British Columbia were provincial laws have been deemed substantially similar.
France
In France, a person convicted of identity theft can be sentenced up to five years in prison and fined up to €EuroThe euro is the official currency of the eurozone: 17 of the 27 member states of the European Union. It is also the currency used by the Institutions of the European Union. The eurozone consists of Austria, Belgium, Cyprus, Estonia, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg,...
75,000.
Hong Kong
Under HK Laws. Chap 210 Theft Ordinance, sec. 16A Fraud
Under the Personal Data (Privacy) Ordinance, it established the post of Privacy Commissioner for Personal Data and mandate how much personal information one can collect, retain and destruction. This legislation also provides citizens the right to request information held by businesses and government to the extent provided by this law.
India
Under the Information Technology Act 2000 Chapter IX Sec 43 (b)
Philippines
Social networking sites are one of the most famous spreader of posers in the online community, giving the users freedom to place any information they want without any verification that the account is being used by the real person.
Philippines, known as the 10th heavy users of Facebook and other social networking sites such as Twitter, Multiply and Tumblr has been known as source to various identity theft problems. Identity of those people who carelessy put personal information on their profiles can easily be stolen just by simple browsing. There are people who meet online, get to know each other through the free Facebook chat and exchange of messages that then leads to sharing of private information. Others get romantically involved with their online friends that they tend to give too much information such as their social security number, bank account and even personal basic information such as home address and company address.
This phenomena lead to the creation of Senate Bill 52: Cybercrime Prevention Act of 2010. Section 2 of this bill states that it recognizes the importance of communicationCommunicationCommunication is the activity of conveying meaningful information. Communication requires a sender, a message, and an intended recipient, although the receiver need not be present or aware of the sender's intent to communicate at the time of communication; thus communication can occur across vast...
and multimediaMultimediaMultimedia is media and content that uses a combination of different content forms. The term can be used as a noun or as an adjective describing a medium as having multiple content forms. The term is used in contrast to media which use only rudimentary computer display such as text-only, or...
for the development, exploitation and dissemination of information but violators will be punished by the law through imprisonment of prision mayor or a fine ranging from Php200,000 and up, but not exceeding 1 million, or depending on the damage caused, or both (Section 7).
Sweden
Sweden have had relatively little problems with identity theft. This is because only Swedish identity documentIdentity documentAn identity document is any document which may be used to verify aspects of a person's personal identity. If issued in the form of a small, mostly standard-sized card, it is usually called an identity card...
s have been accepted for identity verification. Stolen documents are traceable by banks and some other institutions. The banks have the duty to check the identity of people withdrawing money or getting loans. If a bank gives money to someone using an identity document reported as stolen, the bank must take the loss. From 2008 any EU passport are valid in Sweden for identity check, and Swedish passports are valid all over the EU. This makes it harder to detect stolen documents, but still banks in Sweden must ensure that stolen documents are not accepted.
Other types of identity theft than over the bank desk have become more common in Sweden. One common example is ordering a credit card to someone who has an unlocked letterbox and is not home on daytime. The thief steals the letter with the credit card and then the letter with the code which typically arrives a few days later. Usage of a stolen credit card is hard in Sweden, since an identity document or a PIN code it is normally demanded. If the shop does not demand that, it must take the loss from stolen credit cards. The method of observing someone using the credit card PIN code, stealing the card or skimming it, and then use the card, has become more common.
Legally, Sweden is an open society. The Principle of Public AccessFreedom of information legislationFreedom of information legislation comprises laws that guarantee access to data held by the state. They establish a "right-to-know" legal process by which requests may be made for government-held information, to be received freely or at minimal cost, barring standard exceptions...
says that all information kept by public authorities must be available for anyone except in certain cases. Specificially anyone's address, income, taxes etc. are available to anyone. This makes fraud easier (the address is protected for certain people needing it).
To impersonate someone else and gain money from it is a kind of fraudFraudIn criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation...
, which is described in the Criminal CodeCriminal CodeA criminal code is a document which compiles all, or a significant amount of, a particular jurisdiction's criminal law...
(Swedish:Brottsbalken).
United Kingdom
In the United Kingdom personal data is protected by the Data Protection Act 1998. The Act covers all personal data which an organization may hold, including names, birthday and anniversary dates, addresses, telephone numbers, etc.
Under English lawEnglish lawEnglish law is the legal system of England and Wales, and is the basis of common law legal systems used in most Commonwealth countries and the United States except Louisiana...
(which extends to Wales but not necessarily to Northern Ireland or Scotland), the deception offences under the Theft Act 1968Theft Act 1968The Theft Act 1968 is an Act of the Parliament of the United Kingdom. It creates a number of offences against property in England and Wales.On 15 January 2007 the Fraud Act 2006 came into force, redefining most of the offences of deception.-History:...
increasingly contend with identity theft situations. In R v Seward (2005) EWCA Crim 1941 the defendant was acting as the "front man" in the use of stolen credit cards and other documents to obtain goods. He obtained goods to the value of £10,000 for others who are unlikely ever to be identified. The Court of Appeal considered sentencing policy for deception offenses involving "identity theft" and concluded that a prison sentence was required. Henriques J. said at para 14:"Identity fraud is a particularly pernicious and prevalent form of dishonesty calling for, in our judgment, deterrent sentences."
Increasingly, organizations, including Government bodies will be forced to take steps to better protect their users' data.
Stats released by CIFASCIFASCIFAS - The UK's Fraud Prevention Service, is a not-for-profit membership association representing the private and public sectors. CIFAS is dedicated to the prevention of fraud, including staff fraud, and the identification of financial and related crime...
- The UK's Fraud Prevention Service show that there were 89,000 victims of identity theft in the UK 2010. This compared with 2009 where there were 85,000 victims. Men in their 30s and 40s are the most common UK victims and identity fraud now accounts for nearly half of all frauds recorded.
United States
The increase in crimes of identity theft led to the drafting of the Identity Theft and Assumption Deterrence Act. In 1998, The Federal Trade Commission appeared before the United States Senate. The FTC discussed crimes which exploit consumer credit to commit loan fraud, mortgage fraudMortgage fraudMortgage fraud is crime in which the intent is to materially misrepresent or omit information on a mortgage loan application to obtain a loan or to obtain a larger loan than would have been obtained had the lender or borrower known the truth....
, lines-of-credit fraud, credit card fraudCredit card fraudCredit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also...
, commodities and services frauds. The Identity Theft Deterrence Act (2003)[ITADA] amended U.S. Code Title 18, § 1028 ("Fraud related to activity in connection with identification documents, authentication features, and information"). The statute now makes the possession of any "means of identification" to "knowingly transfer, possess, or use without lawful authority" a federal crime, alongside unlawful possession of identification documents. However, for federal jurisdiction to prosecute, the crime must include an "identification document" that either: (a) is purportedly issued by the United States, (b) is used or intended to defraud the United States, (c) is sent through the mail, or (d) is used in a manner that affects interstate or foreign commerce. See (c). Punishment can be up to 5, 15, 20, or 30 years in federal prisonPrisonA prison is a place in which people are physically confined and, usually, deprived of a range of personal freedoms. Imprisonment or incarceration is a legal penalty that may be imposed by the state for the commission of a crime...
, plus fines, depending on the underlying crime per (b). In addition, punishments for the unlawful use of a "means of identification" were strengthened in § 1028A ("Aggravated Identity Theft"), allowing for a consecutive sentence under specific enumerated felony violations as defined in § 1028A(c)(1) through (11).
The Act also provides the Federal Trade CommissionFederal Trade CommissionThe Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
with authority to track the number of incidents and the dollar value of losses. Their figures relate mainly to consumer financial crimes and not the broader range of all identification-based crimes.
If charges are brought by state or local law enforcement agencies, different penalties apply depending on the state.
Six Federal agencies conducted a joint task force to increase the ability to detect identity theft. Their joint recommendation on "red flag" guidelines is a set of requirements on financial institutions and other entities which furnish credit data to credit reporting services to develop written plans for detecting identity theft. The FTC has determined that most medical practices are considered creditors and are subject to requirements to develop a plan to prevent and respond to patient identity theft. I These plans must be adopted by each organization's Board of Directors and monitored by senior executives.
Identity theft complaints as a percentage of all fraud complaints decreased from 2004-2006. The Federal Trade Commission reported that fraud complaints in general were growing faster than ID theft complaints. The findings were similar in two other FTC studies done in 2003 and 2005. In 2003, 4.6 percent of the US population said they were a victim of ID theft. In 2005, that number had dropped to 3.7 percent of the population. The Commission's 2003 estimate was that identity theft accounted for some $52.6 billion of losses in the preceding year alone and affected more than 9.91 million Americans; the figure comprises $47.6 billion lost by businesses and $5 billion lost by consumers.
According to the Federal Trade Commission (FTC), a report released in 2007 revealed that 8.3 million American adults, or 3.7 percent of all American adults, were victims of identity theft in 2005.
The latest report from the FTC showed that ID theft increased by 21% in 2008. However, credit card fraud, that crime which is most closely associated with the crime of ID theft, has been declining as a percentage of all ID theft. In 2002, 41% of all ID theft complaints involved a credit card. That percentage has dropped to 21% in 2008.
Two states, CaliforniaCaliforniaCalifornia is a state located on the West Coast of the United States. It is by far the most populous U.S. state, and the third-largest by land area...
and WisconsinWisconsinWisconsin is a U.S. state located in the north-central United States and is part of the Midwest. It is bordered by Minnesota to the west, Iowa to the southwest, Illinois to the south, Lake Michigan to the east, Michigan to the northeast, and Lake Superior to the north. Wisconsin's capital is...
have created an Office of Privacy Protection to assist their citizens in avoiding and recovering from identity theft.
In Massachusetts in 2009-2010, Governor Deval PatrickDeval PatrickDeval Laurdine Patrick is the 71st and current Governor of Massachusetts. A member of the Democratic Party, Patrick served as an Assistant United States Attorney General under President Bill Clinton...
made a commitment to balance consumer protection with the needs of small business owners. His Office of Consumer Affairs and Business Regulation announced certain adjustments to Massachusetts' identity theft regulations that maintain protections and also allows flexibility in compliance. These updated regulations went into effect on March 1, 2010. The regulations are clear that their approach to data security is a risk-based approach important to small businesses and might not handle a lot of personal information about customers.
Notification
Most states followed California's lead and enacted mandatory data breach notification laws. As a result, companies that report a data breach typically report it to all their customers.
Spread and impact
Surveys in the USA from 2003 to 2006 showed a decrease in the total number of victims and a decrease in the total value of identity fraud from US$47.6 billion in 2003 to $15.6 billion in 2006. The average fraud per person decreased from $4,789 in 2003 to $1,882 in 2006.
The 2003 survey from the Identity Theft Resource Center found that:- Only 15% of victims find out about the theft through proactive action taken by a business
- The average time spent by victims resolving the problem is about 330 hours
- 73% of respondents indicated the crime involved the thief acquiring a credit card
In a widely publicized account, Michelle Brown, a victim of identity fraud, testified before a U.S. Senate Committee Hearing on Identity Theft. Ms. Brown testified that: "over a year and a half from January 1998 through July 1999, one individual impersonated me to procure over $50,000 in goods and services. Not only did she damage my credit, but she escalated her crimes to a level that I never truly expected: she engaged in drug trafficking. The crime resulted in my erroneous arrest record, a warrant out for my arrest, and eventually, a prison record when she was booked under my name as an inmate in the Chicago Federal Prison."
In Australia, identity theft was estimated to be worth between AUS$1billion and AUS$4 billion per annum in 2001.
In the United Kingdom the Home Office reported that identity fraud costs the UK economy £1.2 billion annually (experts believe that the real figure could be much higher) although privacy groups object to the validity of these numbers, arguing that they are being used by the government to push for introduction of national ID cardsBritish national identity cardThe Identity Cards Act 2006 was an Act of the Parliament of the United Kingdom. It provided for National Identity Cards, a personal identification document and European Union travel document, linked to a database known as the National Identity Register .The introduction of the scheme was much...
. Confusion over exactly what constitutes identity theft has led to claims that statistics may be exaggerated.
An extensively reported study from Microsoft Research in 2011 finds that estimates of identity theft losses contain enormous exaggerations, writing that surveys "are so compromised and biased that no faith whatever can be placed in their findings."
Famous identity thieves
- Frank AbagnaleFrank AbagnaleFrank William Abagnale, Jr. is an American security consultant known for his history as a former confidence trickster, check forger, impostor, and escape artist...
- Albert GonzalezAlbert GonzalezAlbert Gonzalez is a computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 through 2007—the biggest such fraud in history.Gonzalez and his accomplices used SQL injection...
- Radovan KaradžićRadovan KaradžicRadovan Karadžić is a former Bosnian Serb politician. He is detained in the United Nations Detention Unit of Scheveningen, accused of war crimes committed against Bosnian Muslims and Bosnian Croats during the Siege of Sarajevo, as well as ordering the Srebrenica massacre.Educated as a...
- Michael SaboMichael SaboMichael John Sabo is an American consultant and speaker on identity theft and fraud in the business sector. He is currently Executive Director of US Prison Consultants, a principal resource for individuals charged with white-collar crime....
- John StapeJohn StapeJohn Stape is a fictional character from the British soap opera, Coronation Street, played by actor Graeme Hawley. He made his first on-screen appearance during the episode airing on 6 May 2007. The character departed on 3 June 2011 after four years on the show...
Cultural references
The public fascination with impostors has long had an effect on popular culturePopular culturePopular culture is the totality of ideas, perspectives, attitudes, memes, images and other phenomena that are deemed preferred per an informal consensus within the mainstream of a given culture, especially Western culture of the early to mid 20th century and the emerging global mainstream of the...
and extends to modern literature, and cinemaFilmA film, also called a movie or motion picture, is a series of still or moving images. It is produced by recording photographic images with cameras, or by creating images using animation techniques or visual effects...
.- Catch Me If You CanCatch Me If You CanCatch Me If You Can is a 2002 American biographical comedy-drama film based on the life of Frank Abagnale Jr., who, before his 19th birthday, successfully performed cons worth millions of dollars by posing as a Pan American World Airways pilot, a Georgia doctor, and a Louisiana parish prosecutor...
is a 2002 American crime film based on the life of Frank Abagnale Jr., who, before his 19th birthday, successfully conned millions of dollars by posing as a Pan American World Airways pilot, a Georgia doctor and Louisiana attorney and parish prosecutor. His primary crime was cheque forgery, becoming so skillful that the FBI eventually turned to him for help in catching other cheque forgers. - In East Bound and DownEast Bound and Down"East Bound and Down" is the title of a song written by Jerry Reed and Dick Feller, and recorded by Reed for the soundtrack for the film Smokey and the Bandit. It was released in August 1977 as a single on RCA Records. The song spent sixteen weeks on the U.S. country music charts, reaching a peak...
HBO (Chapter 7) Kenny Powers moves to Mexico and steals Stevie Janowski's Identity - The story of Michelle Brown has been made into a film.
- In Frederick ForsythFrederick ForsythFrederick Forsyth, CBE is an English author and occasional political commentator. He is best known for thrillers such as The Day of the Jackal, The Odessa File, The Fourth Protocol, The Dogs of War, The Devil's Alternative, The Fist of God, Icon, The Veteran, Avenger, The Afghan and The Cobra.-...
's novel The Day of the JackalThe Day of the JackalThe Day of the Jackal is a thriller novel by English writer Frederick Forsyth, about a professional assassin who is contracted by the OAS, a French terrorist group of the early 1960s, to kill Charles de Gaulle, the President of France....
the would-be assassin of General de GaulleCharles de GaulleCharles André Joseph Marie de Gaulle was a French general and statesman who led the Free French Forces during World War II. He later founded the French Fifth Republic in 1958 and served as its first President from 1959 to 1969....
steals three identities. Firstly, he assumes the identity of a dead child by obtaining the child's birth certificateBirth certificateA birth certificate is a vital record that documents the birth of a child. The term "birth certificate" can refer to either the original document certifying the circumstances of the birth or to a certified copy of or representation of the ensuing registration of that birth...
and using it to apply for a passportPassportA passport is a document, issued by a national government, which certifies, for the purpose of international travel, the identity and nationality of its holder. The elements of identity are name, date of birth, sex, and place of birth....
. He also steals the passports of a Danish clergyman and an American tourist, and disguises himself as each of those persons in turn. The assumption of a dead person's identity is now generally known as "Jackal Fraud". - In the 1995 movie The Net, Sandra BullockSandra BullockSandra Annette Bullock is an Academy Award winning American actress and producer who rose to fame in the 1990s after roles in successful films such as Demolition Man, Speed, The Net, A Time to Kill, and While You Were Sleeping. She continued with films such as Miss Congeniality, The Lake House,...
plays a computer consultant whose life is taken over with the help of computer assisted identity theft. - In Jonathan SmithJonathan SmithJonathan Smith may refer to:*Jonathan Smith , American professional race car driver*Jonathan Bayard Smith , American merchant, delegate to the Continental Congress...
's novel Night Windows the action is based on the horrific and real life theft of Smith's own identity. - In the webcomic Kevin and KellKevin and KellKevin and Kell is a furry comedy webcomic strip by syndicated cartoonist Bill Holbrook. The strip began on September 3, 1995. It is one of the oldest continuously running webcomics....
the character Danielle Kindle dies and is later "replaced" by a double from a parallel world. After an attempt at taking over her predecessor's identity, Danielle Kendall confesses her true nature and gets accepted by the predecessor's family—if not by all the readers. - T. Coraghessan BoyleT. Coraghessan BoyleTom Coraghessan Boyle is a U.S. novelist and short story writer. Since the mid 1970s, he has published twelve novels and more than 100 short stories...
's 2006 novel Talk TalkTalk Talk (novel)Talk Talk is a novel by T. C. Boyle first published in 2006, about a young deaf woman who becomes the victim of a credit card fraud and identity theft...
describes the theft of Dana Halter's identity, and her and Martin Bridger's chase of the thief across the country. - In Susan Schaab's novel Wearing the Spider a female attorney gets caught in a web of sexual harassment, identity theft and political intrigue.
- In the Family GuyFamily GuyFamily Guy is an American animated television series created by Seth MacFarlane for the Fox Broadcasting Company. The series centers on the Griffins, a dysfunctional family consisting of parents Peter and Lois; their children Meg, Chris, and Stewie; and their anthropomorphic pet dog Brian...
episode "Back to the WoodsBack to the Woods (Family Guy)"Back to the Woods" is the ninth episode of season six in the FOX animated series Family Guy that aired on February 17, 2008. James Woods and Barry Manilow play themselves in special guest appearances, and impressionist Dave Van Dam portrays David Letterman...
", James WoodsJames WoodsJames Howard Woods is an American film, stage and television actor. Woods is known for starring in critically acclaimed films such as Once Upon a Time in America, Salvador, Nixon, Ghosts of Mississippi, Casino, and in the television legal drama Shark. He has won three Emmy Awards, and has gained...
, having gotten his hands on PeterPeter GriffinPeter Griffin is a fictional character and the protagonist of the animated comedy series Family Guy and the patriarch of the Griffin family. He is voiced by cartoonist Seth MacFarlane and first appeared on television, along with the rest of the family in the 15-minute short on December 20, 1998....
's wallet, steals Peter's identity, so Peter retaliates by stealing Woods' identity and angering people. - In Harry Potter and the Goblet of FireHarry Potter and the Goblet of FireHarry Potter and the Goblet of Fire is the fourth novel in the Harry Potter series written by J. K. Rowling, published on 8 July 2000.The novel won a Hugo Award in 2001, the only Harry Potter novel to do so...
, Barty Crouch Jr. magically steals the identity of Mad-Eye Moody. - In The Talented Mr. RipleyThe Talented Mr. RipleyThe Talented Mr. Ripley is a psychological thriller novel by Patricia Highsmith. This novel first introduced the character of Tom Ripley who returns in the novels Ripley Under Ground, Ripley's Game, The Boy Who Followed Ripley and Ripley Under Water...
novel (1955) and movie (1999), after murdering Greenleaf, Ripley assumes his identity, living off the latter's allowance. - In The Office (Season 3 Episode 20, Product Recall), Jim steals Dwight's identity as a prank.
- In GattacaGattacaGattaca is a 1997 science fiction film written and directed by Andrew Niccol. It stars Ethan Hawke, Uma Thurman and Jude Law with supporting roles played by Loren Dean, Ernest Borgnine, Gore Vidal and Alan Arkin....
(1997), Vincent borrows the identity of another person in a society which analyzes peoples DNA and predetermines how successful you can or can not be (coined in the movie as a "borrowed ladder"). - That Mitchell and Webb SoundThat Mitchell and Webb SoundThat Mitchell and Webb Sound is a comedy sketch show on BBC Radio 4 which started on 28 August 2003. A second series was broadcast in 2005 with a third starting on 24 May 2007. The series became adapted for television as That Mitchell and Webb Look in 2006. The series is seen in some ways a...
features a sketch in which a bank manager tells a customer that his identity has been stolen, although the customer claims that he is still himself and it is in fact his money that has been stolen and therefore the bank's fault and not his. - In Mad MenMad MenMad Men is an American dramatic television series created and produced by Matthew Weiner. The series premiered on Sunday evenings on the American cable network AMC and are produced by Lionsgate Television. It premiered on July 19, 2007, and completed its fourth season on October 17, 2010. Each...
, Dick Whitman, an enlisted man from a poor background, is wounded in the Korean War and switches identities with Donald Draper, an officer who has been killed. As 'Don DraperDon DraperDonald "Don" Draper is a fictional character and the protagonist of AMC's television series Mad Men. He is portrayed by 2008 Golden Globe winner Jon Hamm. Until the third season finale, Draper was Creative Director of Manhattan advertising firm Sterling Cooper...
', he becomes a successful advertising man. - Puccini's opera Gianni Schicchi, based on a reference in Dante's Inferno, tells of a character who impersonates a recently deceased man in order to make himself the beneficiary of his will.
- In Paper Mario: The Thousand Year Door, Doopliss stole the identity of MarioMariois a fictional character in his video game series, created by Japanese video game designer Shigeru Miyamoto. Serving as Nintendo's mascot and the main protagonist of the series, Mario has appeared in over 200 video games since his creation...
. The player must then discover Doopliss' name to reclaim his identity. - In Unknown, Liam NeesonLiam NeesonLiam John Neeson, OBE is an Irish actor who has been nominated for an Oscar, a BAFTA and three Golden Globe Awards.He has starred in a number of notable roles including Oskar Schindler in Schindler's List, Michael Collins in Michael Collins, Peyton Westlake in Darkman, Jean Valjean in Les...
found his identity stolen after getting out of a coma. - The movie FaceoffFaceoffA face-off is the method used to begin play in ice hockey and some other sports. The two teams line up in opposition to each other, and the opposing centres attempt to gain control of the puck after it is dropped between their sticks by an official. One of the referees drops the puck at centre ice...
, featuring John TravoltaJohn TravoltaJohn Joseph Travolta is an American actor, dancer and singer. Travolta first became known in the 1970s, after appearing on the television series Welcome Back, Kotter and starring in the box office successes Saturday Night Fever and Grease...
and Nicolas CageNicolas CageNicolas Cage is an American actor, producer and director, having appeared in over 60 films including Raising Arizona , The Rock , Face/Off , Gone in 60 Seconds , Adaptation , National Treasure , Ghost Rider , Bad Lieutenant: Port of Call New Orleans , and...
, shows a more bizarre form of identity theft. The antagonist, played by Travolta, takes the protagonist, played by Cage, captive and has surgeons remove their faces and swap them, after which Travolta proceeds to live like Cage did, while still moving his own plan forward. He is eventually captured and their faces are swapped again. - In TV series Fairly Legal, episode "Coming Home", Kate represents Sofia Peña, who's parents were illegal immigrants and who assumed someone else's identity in order to enlist in the military.
See also
- 2007 UK child benefit data misplacement
- 201 CMR 17.00 (Massachusetts personal information protection law)
- Bank fraudBank fraudBank fraud is the use of fraudulent means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently representing to be a bank or financial institution. In many instances, bank fraud is a criminal offense...
- Capgras delusionCapgras delusionThe Capgras delusion theory is a disorder in which a person holds a delusion that a friend, spouse, parent, or other close family member has been replaced by an identical-looking impostor...
- Check fraud
- Check washingCheck washingCheck washing is the process of erasing details from checks to allow them to be rewritten, usually for criminal purposes such as fraudulent withdrawal from the victim's bank account. The technique could potentially be used to remove ink stains from books....
- Credit card fraudCredit card fraudCredit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also...
- Credit profile numberCredit profile numberCPN, an acronym for Credit Profile Number, is a recent and as yet unchecked method of identity theft. Legitimate, but unused, Social Security Numbers are found by computer search; typically, they belong to children or long-time prison inmates who make no use of them...
- Fair and Accurate Credit Transactions ActFair and Accurate Credit Transactions ActThe Fair and Accurate Credit Transactions Act of 2003 is a United States federal law, passed by the United States Congress on November 22, 2003, and signed by President George W. Bush on December 4, 2003, as an amendment to the Fair Credit Reporting Act...
- Fair Credit Billing ActFair Credit Billing ActThe Fair Credit Billing Act is a United States federal law enacted in 1975 as an amendment to the Truth in Lending Act...
- Fair Credit Reporting ActFair Credit Reporting ActThe Fair Credit Reporting Act is a United States federal law that regulates the collection, dissemination, and use of consumer information, including consumer credit information. Along with the Fair Debt Collection Practices Act , it forms the base of consumer credit rights in the United States...
- Ghosting (identity theft)Ghosting (identity theft)Ghosting is a form of identity theft in which someone steals the identity, and sometimes even the role within society, of a specific dead person who is not widely known to be deceased...
- HackingHackingHacking may refer to:* Computer hacking, including the following types of activity:** Hacker , activity within the computer programmer subculture** Hacker , to access computer networks, legally or otherwise...
- Identity document forgeryIdentity document forgeryIdentity document forgery is the process by which identity documents issued by governing bodies are copied and/or modified by persons not authorized to create such documents or engage in such modifications, for the purpose of deceiving those who would view the documents about the identity or status...
- Identity fraudIdentity fraudIdentity fraud may occur when someone steals personal information, opens credit card accounts in the victim's name without permission, and charges merchandise to those accounts. Conversely, identity fraud does not occur when a credit card is simply stolen. Stealing one’s credit card may be consumer...
- Identity scoreIdentity scoreAn identity score is a system for detecting identity theft. Identity scores are increasingly being adopted as a means to prevent fraud in business and as a tool to verify and correct public records....
- ImpostorImpostorAn impostor or imposter is a person who pretends to be somebody else, often to try to gain financial or social advantages through social engineering, but just as often for purposes of espionage or law enforcement....
- Lapsed lurker
- PharmingPharmingPharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving...
- PhishingPhishingPhishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
- RFID
- SpamSpam (electronic)Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
- Wireless identity theftWireless Identity TheftWireless identity theft, also known as contactless identity theft or RFID identity theft, is a form of identity theft described as "the act of compromising an individual's personal identifying information using wireless mechanics." Numerous articles have been written about wireless identity theft...
External links
- The New Era of Identity Theft–[Criminal Justice Resources]
- Identity theft – United States Federal Trade CommissionFederal Trade CommissionThe Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
- The President’s Task Force on Identity Theft – a government task force established by US President George W. Bush to fight identity theft.
- Identity Theft – Carnegie Mellon UniversityCarnegie Mellon UniversityCarnegie Mellon University is a private research university in Pittsburgh, Pennsylvania, United States....
- Identity Theft: A Research Review, National Institute of Justice 2007
- Identity Theft and Fraud – United States Department of JusticeUnited States Department of JusticeThe United States Department of Justice , is the United States federal executive department responsible for the enforcement of the law and administration of justice, equivalent to the justice or interior ministries of other countries.The Department is led by the Attorney General, who is nominated...
- Get ID Smart 'Public service site offering free prevention tips'
- Dateline NBC investigation 'To Catch an ID Thief'
- Downloadable identity theft curriculum for educators
- Preventing ID theft