Main content 15-2aHow Identity Theft Occurs Perpetrators of identity theft follow a common pattern after they have stolen a victim’s identity. To help you understand this process, we have created the “identity theft cycle.” Although some fraudsters perpetrate their frauds in slightly different ways, most generally follow the stages in the cycle shown in Figure 15.1. Stage 1. Discovery 1. Perpetrators gain information. 2. Perpetrators verify information. Stage 2. Action 1. Perpetrators accumulate documentation. 2. Perpetrators conceive cover-up or concealment actions. Stage 3. Trial 1. First dimensional actions—Small thefts to test the stolen information. 2. Second dimensional actions—Larger thefts, often involving personal interaction, without much chance of getting caught. 3. Third dimensional actions—Largest thefts committed after perpetrators have confidence that their schemes are working. Figure 15.1The Identity Theft Cycle Stage 1: Discovery The discovery stage involves two phases: information gathering and information verification. This is the first step in the identity theft cycle because all other actions the perpetrator takes depend upon the accuracy and effectiveness of the discovery stage. A powerful discovery stage constitutes a solid foundation for the perpetrator to commit identity theft. The smarter the perpetrator, the better the discovery foundation will be. During the gaining information phase, fraudsters do all they can to gather a victim’s information. Examples of discovery techniques include such information-gathering techniques as searching trash, searching someone’s home or computer, stealing mail, phishing, breaking into cars or homes, scanning credit card information, or using other means whereby a perpetrator gathers information about a victim. During the information verification phase, a fraudster uses various means to verify the information already gathered. Examples include telephone scams, where perpetrators call the victim and act as a representative of a business to verify the information gathered (this is known as pretexting), and trash searches (when another means was used to gather the original information). Although some fraudsters may not initially go through the information verification process, they will eventually use information verification procedures at some point during the scam. The scams of perpetrators who don’t verify stolen information are usually shorter and easier to catch than scams of perpetrators who verify stolen information. Step 2: Action The action stage is the second phase of the identity theft cycle. It involves two activities: accumulating documentation and devising cover-up or concealment actions. Accumulating documentation refers to the process perpetrators use to obtain needed tools to defraud the victim. For example, using the information already obtained, perpetrators may apply for a bogus credit card, fake check, or driver’s license in the victim’s name. Although the perpetra.

1. Main content
15-2aHow Identity Theft Occurs
Perpetrators of identity theft follow a common pattern after they
have stolen a victim’s identity. To help you understand this
process, we have created the “identity theft cycle.” Although
some fraudsters perpetrate their frauds in slightly different
ways, most generally follow the stages in the cycle shown
in Figure 15.1.
Stage 1. Discovery
1. Perpetrators gain information.
2. Perpetrators verify information.
Stage 2. Action
1. Perpetrators accumulate documentation.
2. Perpetrators conceive cover-up or concealment actions.
Stage 3. Trial
1. First dimensional actions—Small thefts to test the stolen
information.
2. Second dimensional actions—Larger thefts, often involving
personal interaction, without much chance of getting caught.
3. Third dimensional actions—Largest thefts committed after
perpetrators have confidence that their schemes are working.
Figure 15.1The Identity Theft Cycle
Stage 1: Discovery
The discovery stage involves two phases: information gathering
and information verification. This is the first step in the identity
theft cycle because all other actions the perpetrator takes
depend upon the accuracy and effectiveness of the discovery
stage. A powerful discovery stage constitutes a solid foundation
for the perpetrator to commit identity theft. The smarter the
perpetrator, the better the discovery foundation will be.
During the gaining information phase, fraudsters do all they can
to gather a victim’s information. Examples of discovery
techniques include such information-gathering techniques as

2. searching trash, searching someone’s home or computer,
stealing mail, phishing, breaking into cars or homes, scanning
credit card information, or using other means whereby a
perpetrator gathers information about a victim.
During the information verification phase, a fraudster uses
various means to verify the information already gathered.
Examples include telephone scams, where perpetrators call the
victim and act as a representative of a business to verify the
information gathered (this is known as pretexting), and trash
searches (when another means was used to gather the original
information). Although some fraudsters may not initially go
through the information verification process, they will
eventually use information verification procedures at some
point during the scam. The scams of perpetrators who don’t
verify stolen information are usually shorter and easier to catch
than scams of perpetrators who verify stolen information.
Step 2: Action
The action stage is the second phase of the identity theft cycle.
It involves two activities: accumulating documentation and
devising cover-up or concealment actions.
Accumulating documentation refers to the process perpetrators
use to obtain needed tools to defraud the victim. For example,
using the information already obtained, perpetrators may apply
for a bogus credit card, fake check, or driver’s license in the
victim’s name. Although the perpetrator has not actually stolen
any funds from the perpetrator, he or she has now accumulated
the necessary tools to do so. Any action taken by the perpetrator
to acquire information or tools that will later be used to provide
financial benefit using the victim’s identity fall into this
category.
Cover-up or concealment actions involve any steps that are
taken to hide or cover the financial footprints that are left
through the identity theft process. For example, in this stage, a
fraudster might change the physical address or e-mail of the
victim so that credit card statements are sent by the financial
institution to the perpetrator rather than the victim. These

3. concealment actions allow the perpetrator to continue the
identity theft for a longer period of time without being noticed.
Stage 3: Trial
The trial stage involves those activities of the identity theft that
provide perpetrators with financial benefits. There are three
phases of the trial stage: first dimensional actions, second
dimensional actions, and third dimensional actions. The trial
stage is considered to be the most critical stage of the identity
theft cycle because this is where the fraudster’s work starts to
pay off.
First dimensional actions are the first frauds committed, mostly
to test the effectiveness of fraud schemes and the stolen
information. For example, a fraudster might go to a gas station
and use a stolen credit card to determine if the card really
works. If the card works, the fraudster gains confidence in the
theft and moves on to bigger scams. However, if the card does
not work, the fraudster faces no immediate threat of
consequences and can quickly discard the card without any
consequences.
Second dimensional actions are actions taken by a fraudster
once initial trials have been successful. These actions often
involve face-to-face interactions with others. For example, if
the card used at the gas station was successful, the fraudster
may try using it to purchase bigger items. The perpetrator may
go to a mall and buy clothing, stereo equipment, or other “large-
ticket” items.
Third dimensional actions are those actions that provide
significant benefits to the perpetrator and occur after the
perpetrator has considerable confidence in the identity theft. For
example, a fraudster may establish telephone accounts, open
bank accounts, secure an auto loan, or engage in other
significant transactions. Third dimensional actions are the most
risky for the identity thief. The likelihood of a fraudster being
caught while undertaking third dimensional actions is greater
than at any other period in the identity theft.
Once a fraudster has committed third dimensional actions, he or

4. she often discards the information of one victim and starts over
with the discovery stage using another victim’s information.
The following actual identity theft represents a third
dimensional theft:15-2bHow Fraudsters Convert Personal
Information to Financial Gain
Once fraudsters have accessed personal information, they use
that information to their financial benefit. Some of the common
purchases made by identity theft perpetrators are as follows:
· Buying large-ticket items, such as computers, stereos, or
televisions. Using a fake credit/debit card, a fraudster will often
buy items that are quite expensive and can easily be sold.
Fraudsters then spend the stolen money very quickly, usually on
drugs or other vices.
· Taking out car, home, or other loans. Once a fraudster has
confidence that the identity theft (through other successful
small purchases) is working, he or she often takes out a loan
using the victim’s identity. The most common type of fraudulent
loan is for an automobile. Because automobiles can easily be
traced [using the license plates or vehicle identification
number], the car is usually quickly sold so that it cannot be
traced to the fraudster.
· Establishing phone or wireless service in victim’s
name. Fraudsters often set up a phone or wireless service in the
victim’s name. This is done so that the perpetrator can more
easily convince banks, businesses, and others that he or she is
the person he or she claims to be. Fraudsters also use telephones
as a form of communication to buy or sell drugs, gain
information to steal more identities, begin telemarketing
schemes, and/or support other fraud schemes.
As an example of this type of identity theft and the grief it can
cause, consider the following case:
Drew found out that someone had stolen his identity when he
received a phone call from his wireless provider. After some
investigation, Drew discovered that the thief had racked up cell
phone debts at other providers too and had incurred other debts
that he was delinquent on. Drew contacted the numerous

5. businesses that showed him delinquent and notified them of his
situation. After he filed a police report he began the painful
process of disputing the many problems that showed up on his
credit report.
· Using counterfeit checks or debit cards. Using debit cards or
counterfeit checks, fraudsters often drain victims’ bank
accounts. As discussed later in the chapter, one of the biggest
risks of debit cards is the lack of insurance to cover fraudulent
transactions. This makes it extremely important that consumers
only have a reasonable amount of cash in their checking and/or
debit accounts. That way, if a fraudster drains a victim’s
checking account, the loss will be minimal.
· Opening a new bank account. Fraudsters often use victim’s
personal information to open new checking accounts under their
name. Using the checks received from the new account, they
then write checks that will not only cause problems such as
nonsufficient funds [NSF] (bounced checks) transactions, but in
the process, they destroy the person’s name and credit.
· Filing for bankruptcy under the victim’s name. Fraudsters
sometimes file for bankruptcy under a victim’s name. Such
filings keep victims from knowing that their identity has been
stolen. In the process, the victim’s credit report and reputation
are damaged, a problem that can take years to repair.
· Reporting a victim’s name to the police in lieu of their
own. Fraudsters have been known to use the victim’s name and
identity to keep their own records from being blemished.
Furthermore, if a perpetrator has a criminal record, he or she
might use a victim’s name to purchase guns or other difficult-
to-obtain items. If a fraudster does have an encounter with the
police and uses a victim’s identity, many times, the fraudster
will be released because the victim has no previous criminal
record. However, if the perpetrator is summoned to court and
does not appear, a warrant for the victim’s arrest may be issued.
Again, it may take years to clear a victim’s name and reputation
from federal, state, local, and business records.
· Opening new credit card accounts. Fraudsters often open new

6. credit card accounts enabling them to spend money in a victim’s
name with no immediate consequences. This is one of the
easiest ways for perpetrators to defraud a victim once his or her
identity has been stolen.
· Changing victim’s mailing address. Fraudsters often change
the mailing address on a victim’s credit card accounts. This
prevents the victim from knowing that there is a problem and
enables the fraudster to continue using the credit card and
identity. Because the perpetrator, not the victim, receives the
billing statements, the fraudster can continue the scheme. 15-
2cStealing a Victim’s Identity
Stealing a victim’s identity isn’t as difficult as it may seem.
Fraudsters can obtain the information required to commit
identity theft in several ways. The U.S. Department of Justice
Web site lists some of the following methods as common ways
for one’s identity to be stolen.
1. Fraudsters gain personal information by posing as a
legitimate employee, government official, or representative of
an organization with which the victim conducts business.
2. Fraudsters watch or listen to you enter a credit card number
in what is known as shoulder surfing.
3. Fraudsters rummage through consumers’ trash—an activity
sometimes called dumpster diving. Once a garbage container is
in the street it is considered public property and anyone can
rummage through it. Preapproved credit card applications, tax
information, receipts containing credit card numbers, Social
Security receipts, or financial records are valuable sources of
information for identity thieves.
4. Fraudsters skim victims’ credit cards for information when
they pay their bills. Skimming is a process where fraudsters use
an information storage device to gain access to valuable
information when a credit card is processed. Skimming is a hi-
tech method by which thieves capture personal or account
information from a credit card, driver’s license, or even a
passport. An electronic device used to capture this information
is called a “skimmer” and can be purchased online for under

7. $50. A credit card is swiped through the skimmer, and the
information contained in the magnetic strip on the card is then
read into and stored on the device or an attached computer.
Skimming is predominantly a tactic used to commit credit card
fraud but is also gaining in popularity among identity thieves.
Skimming is a problem globally. Some foreign countries are
considered high risk for travelers making credit card purchases.
One traveler in France recently reported that his credit card had
been used to purchase thousands of dollars of goods from
Thailand, Kuala Lumpur, Hong Kong, and Malacca.
Skimmers are quite creative; since the skimming devices are so
small and easy to hide, it is not difficult for them to skim your
card without you noticing. The following are some examples of
how cards can be skimmed:
· Skimming at restaurants. Many skimming rings have been
known to employ restaurant staff to capture credit card
information. An example of such an incident occurred in
Charlotte, North Carolina, where two waiters of a well-known
steak house were accused of skimming more than 650 credit
card numbers from unsuspecting patrons and selling them for
$25 each.
· Skimming at ATM machines or gas stations. It is not
uncommon for a thief to be bold enough to tamper with an ATM
machine. Typically, a “card trapping” device is inserted into the
ATM card slot or a card reader is inserted into a gas station
pump. ATM skimming has been a major problem in Britain with
estimates that one in every 28 ATM machines has been
equipped with skimmers from thieves. Gas station skimming is a
growing problem in the United States.
· Skimming by store clerks. A very common form of skimming
involves store clerks skimming a credit card when a consumer
makes a purchase. The clerk scans the card twice, once for the
expected transaction and another in a skimmer for later
retrieval. There have also been reports of clerks skimming
driver’s licenses when customers who are writing checks supply
the license for verification.

8. Stealing the identity of many victims is also quite easy.
Fraudsters use numerous ways to get the information required to
commit identity theft. Some of the more common types of
information gathering techniques include:
1. Gathering information from businesses. Perpetrators steal
information from their employer, hacking into organizations’
computers, or bribing/conning an employee who has access to
confidential records.
Thousands of Hotels.com customers could have been put at risk
for identity theft after a laptop computer containing their credit
card information was stolen from an auditor. The password-
protected laptop belonging to an external auditor was taken
from a locked car in Bellevue, Washington.
2. Stealing wallets or purses to gain confidential information or
identification. Valuable information is contained in almost
every wallet.
3. Breaking into victims’ homes and stealing their information.
4. Stealing mail, including bank information, checks, credit card
information, tax information, or preapproved credit cards.
5. Completing a “change of address form” at the local post
office and having victims’ mail delivered to a P.O. box or
another address.
6. Engaging in shoulder surfing where criminals watch
consumers from a nearby location as they give credit card or
other valuable information over the phone.
7. Using the Internet to steal important information. This often
occurs by phishing, a high-tech scam that uses spam or pop-up
messages to deceive consumers into disclosing credit card
numbers, bank account information, SSNs, passwords, or other
sensitive information. Phishers (i.e., fraud perpetrators who use
phishing) will send e-mail or pop-up messages claiming to be
from legitimate businesses or organizations that consumers deal
with—for example, Internet service providers, banks, online
payment services, or even government agencies. The message
will usually say that the victim needs to “update” or “validate”
his or her account. The message then directs the victim to a

9. Web site that looks like a legitimate site. The purpose of this
site is to trick the victim into divulging personal information.
15-2dMinimizing the Risk
There are many ways to minimize vulnerability to identity theft.
The harder it is for a perpetrator to access personal information,
the less likely a fraudster will try to defraud someone.
There are many proactive means to minimize the risk of identity
theft. Some of the most effective ways include:
1. Guard your mail from theft. When away from home, have the
U.S. Postal Service hold your personal mail. Consumers can do
this by calling 1-800-275-8777. It is also beneficial to deposit
outgoing mail at post office collection boxes or at a local post
office, rather than in an unsecured mailbox outside your home.
2. Opt out of preapproved credit cards. One common and easy
way for a fraudster to commit identity theft is to simply fill out
the preapproved credit card applications consumers receive via
the mail and send them in. Although many individuals destroy
preapproved credit cards, this only protects consumers from
having fraudsters go through their trash. Fraudsters still have
the opportunity to open a victim’s mailbox and steal
preapproved credit card applications even before victims are
aware that they have arrived. What most consumers don’t know
is that they have the opportunity to opt out of preapproved
credit card offers. Consumers can do this by calling 1-888-5-
OPTOUT (1-888-567-8688) to have their name removed from
direct marketing lists.
3. Check your personal credit information (credit report) at least
annually. The Fair Credit Reporting Act (FCRA) requires each
of the nationwide consumer reporting companies—Equifax,
Experian, and Trans Union—to provide you with a free copy of
your credit report, at your request, every 12 months. The FCRA
promotes the accuracy and privacy of information in the files of
the nation’s consumer reporting companies. The FTC, the
nation’s consumer protection agency, enforces the FCRA with
respect to consumer reporting companies. A credit report
includes information on where you live, how you pay your bills,

10. and whether you have been sued, arrested, or filed for
bankruptcy. Nationwide consumer reporting companies sell the
information in your report to creditors, insurers, employers, and
other businesses that use it to evaluate your applications for
credit, insurance, employment, or ability to rent a home.
Instructions on how to access free credit reports can be found at
the FTC’s Web site or by typing key words such as “free credit
report” into an Internet search engine. You can also access the
credit rating agencies individually by going to their Web sites.
4. Protect SSNs. An individual’s SSN is valuable information
for any fraudster. With knowledge of someone’s SSN, fraudsters
can open all types of new accounts in the victim’s name.
Therefore, consumers should always keep their Social Security
card in a safe place. If individuals are living with roommates, it
is even more important that they safeguard this information.
Although a roommate may never steal an individual’s
information, a friend, brother, or sister of a roommate may.
Remember, it is those we trust who have the greatest
opportunity to commit fraud. Many organizations still use
members’ SSNs as a form of recognition that must be used in
order gain access to the organization’s intranet. It is important
to change this number as often as possible. Many computers
automatically remember passwords so that users do not have to
enter them again. It is wise to make sure these numbers are not
easily accessible. Many states give citizens the option to have
their SSN printed on their driver’s license; however, doing so is
never required. If an individual’s driver’s license contains his
or her SSN, that person should get a new driver’s license as
soon as possible. Never keep your Social Security card in your
wallet or purse.
Stop & Think
How could a fraudster use only a victim’s SSN to perpetrate a
fraud?
5. Safeguard personal information. Safeguarding personal
information is very important for every individual. Consumers
who have roommates employ outside help to clean or perform

11. other domestic services, or have outside people in their house
for any reason need to be particularly careful. One certified
fraud examiner recommends that individuals put their most
important documents in an empty ice cream container in their
freezer. It is his belief that if someone does come in an
individual’s house, this is probably the last place he or she will
look. For the normal consumer, however, a locked safe may be
sufficient.
6. Guard trash from theft. Consumers need to tear or shred
receipts, insurance information, credit applications, doctor’s
bills, checks and bank statements, old credit cards, and any
credit offers they receive in the mail, as well as any other
source of personal information. Remember all consumers can
opt out of prescreened credit card offers by calling 1-888-567-
8688. (See previous section on opting out of preapproved credit
cards.) Buying a shredder is one of the wisest purchases
individuals can make.
Caution
Be sure not to set your garbage out too long before the garbage
truck comes and, whenever possible, shred all documents before
you discard them. Also, never leave your mail in your mailbox
any longer than necessary.
7. Protect wallet and other valuables. Consumers should carry
their wallet in their front pocket and never leave it in their car
or any other place where it can be stolen. It is important for
consumers to always be aware of where their wallet is and what
its contents are. Individuals should only carry identification
information and credit and debit cards that they regularly use in
their wallet. Many individuals lose track of the number of credit
cards they have. Consumers should limit themselves to only two
or three credit cards and keep the 24-hour emergency telephone
numbers of all credit cards they possess in their cell phone’s
address book. That way, if credit cards are lost or stolen, the
victim can quickly call the issuing credit card company and put
a block on all transactions. Although debit cards help
consumers stay out of debt, most do not have fraud protection

12. insurance. On the other hand, nearly all credit cards now come
with fraud protection insurance. Before getting debit or credit
cards, consumers should realize the risks involved with each
and try to minimize those risks to protect themselves. A good
practice is to photocopy both sides of all your credit cards,
travel cards, and other personal information you keep in your
wallet or purse. Some phone apps also provide an easy way to
store this information. This way, if your purse or wallet is
stolen, you will have all the information about what was stolen
and can quickly notify banks, credit bureaus, and other
organizations.
8. Use strong passwords. Individuals should use passwords on
credit card, bank, and telephone accounts that are not easily
determinable or available. Consumers should avoid using
information that can be easily associated with them, such as
their birthday, their mother’s maiden name, their spouse’s
name, the last four digits of their telephone number, a series of
consecutive numbers such as 1-2-3-4, or anything else that is
predictable. Many organizations will use a default password
when opening new accounts. Consumers need to make sure they
change these default passwords as quickly as possible. Many
individuals use the same password for all accounts. While this
does prevent individuals from forgetting their passwords, it
makes it extremely easy for a fraudster to gain access to all the
victim’s accounts, once the fraudster has gained access to one
account. For example, a fraudster who works for a bank may
have access to your bank password. If the password is the same
for other accounts, the fraudster will now have unlimited access
to much of a victim’s information and financial accounts.
Consumers should not use the same password for everything and
should change their password periodically.
One method to create a strong password is to use the first letter
of each word in a long phrase that you remember. Interspersing
numbers and other characters in the password makes these
passwords especially strong. For example, the famous phrase
from President Lincoln’s Gettysburg address begins: “Four

13. score and seven years ago our fathers brought forth on this
continent, a new nation, conceived in Liberty.” This phrase
would lead to the password of “fsasyaofbfotcanncil.” Adding
some numbers and other characters will make this password
very hard to crack but relatively easy to remember. For
example, inserting the numbers from a date that you remember,
say February 24, 1992, along with an asterisk and exclamation
point and you now have this password:
“fsasya2ofbf24otc92ann*cil!” this password is very secure.
Even so, it probably shouldn’t be used for multiple accounts,
especially if a perpetrator could cause you significant hardship
if those accounts were breached. Some software programs can
be purchased that will generate strong passwords and encrypt
and keep track of them for multiple accounts. These programs
can be very useful since the user only needs to remember one
password on his or her computer in order to access hundreds of
highly secure passwords.
9. Protect your home. Consumers should protect their house
from fraud perpetrators. Some fraudsters have been known to
break into a home and not steal a single physical object. The
victims may not even know someone has been inside their
home. The perpetrator will steal all information that is needed
to easily commit identity theft and then leave. In order to
prevent this from happening, it is important to lock all doors,
preferably with deadbolts or double locks, and lock all
windows. It is a good idea to have an alarm system. If an alarm
system is considered too expensive, consumers can buy an alarm
system sticker, sign, or box and set it outside their house to
make thieves believe that the house has a security system when
it does not. If consumers have an automatic garage door with a
code box to open the garage door, they need to pay attention
that others are not watching when they press the numbers on the
code box. Fraudsters will wait for hours to watch someone enter
the code box numbers so that they have easy access into the
victim’s home. It is important to periodically change the
password to the code box. On a typical code box, it is easy to

14. determine which numbers are used in the password by noticing
that the three or four numbers used in the password contain
more wear and tear than the numbers that are not used in the
password. Finally, if consumers have baby monitors in the
house, they should make sure that they are not being monitored
by neighbors or anybody else. Much like in the movie Signs,
baby monitors pick up frequencies of other baby monitors.
Fraudsters have been known to listen to phone calls and
intercept valuable personal information because someone has
been talking on the phone in a room with a baby monitor.
10. Protect your computer. Remember that legitimate companies
rarely ask for confidential information via e-mail. If an
individual has a question about his or her account, the person
should call the company using a phone number he or she knows
is legitimate. If consumers get an e-mail or pop-up message that
asks for personal or financial information, they should not reply
or click on the link in the message. Fraudsters are even using
“cookies” to gather personal and confidential information from
consumers’ hard drives.
E-mail is not a secure way to send personal information. If a
consumer needs to send information over the Internet, it should
be encrypted and the Web site should be checked to verify it is
authentic. Many Web sites will have an icon on the browser’s
status bar that shows the site to be secure. If a Web site begins
with “https:” it is more secure than a Web site that only starts
with “http:” The “s” means that the site is secure. However, no
matter what anyone says, no Web site is completely secure.
When using credit cards online, consumers need to make sure
that they check their credit card and bank statements as soon as
possible. Remember that if a statement is late by even a couple
days, consumers should contact their bank or credit card
company and check the billing addresses and account balances.
This could be a red flag that something is amiss.
Although nearly all banks now use the Internet for automatic
payments and other purposes, Internet transactions are not
completely secure. One of the authors of this book was recently

15. talking to the CEO of a large regional bank. The CEO confessed
that although his bank did not feel that it was completely safe to
conduct online banking, bank management believed it was
necessary to keep up with all the other banks that were using
online banking. As a result, this bank also provides Internet
banking despite the risk to its customers.
Customers should not open any attachment or download files
from e-mail unless they know who sent them and their purpose
for sending them. Everyone with Internet access should use
antivirus software and keep it up to date. Phishing e-mails
contain software that can harm computers and trace activities
while consumers are on the Internet. Antivirus software will
watch incoming communications for bad files. A firewall is an
effective way to block communications from unauthorized
sources. Broadband connections are especially vulnerable, and
caution should be used with them. If a consumer feels that he or
she has received a fraudulent e-mail or a suspicious file,
without opening the attachments, it should be forwarded
to www.ftc.gov for the FTC’s inspection.
11. Opt out of information sharing. Everyone in America who
has an account with a credit union, savings and loan, bank,
insurance agency, investment account, or mortgage company
will likely have their private information sold to marketing
companies, company affiliates, or other third parties. Under
the Gramm-Leach-Bliley Act, financial institutions have
the right to share personal information for a profit. Have you
ever wondered why you get more advertisements for clothing
than your roommate? Or perhaps your roommate gets more
preapproved credit card applications than you do.
Part of the reason is because banks, credit unions, and financial
institutions sell your information to marketing groups. These
groups know how much money consumers spend on clothes,
food, gas, and travel. These marketing agencies then market to
consumers in a way that is most effective. The Gramm-Leach-
Bliley Act also gives individuals the right to opt out of having
their information sold. However, many individuals are unaware

16. that they have this option. The majority of individuals aren’t
even aware that their information is being sold, used, and
circulated. To prevent identity theft and protect confidentiality,
individuals should go to their financial institutions and opt out
of having their information shared.15-2eProsecution of Identity
Theft
When people commit identity theft, they can now be prosecuted
criminally and/or civilly. To succeed in the prosecution, it is
usually necessary to show that the perpetrator acted
with intent to defraud the victim. This is best accomplished by
gathering appropriate evidential matter. Appropriate evidential
matter consists of the underlying data and all corroborating
information available. With most identity thefts, once evidential
matter is obtained, such as proof that a credit card, an auto loan,
or a large-ticket item was purchased with a fake identity, it is
relatively easy to prove intent.
In Chapter 1, we stated that criminal law is that branch of law
that deals with offenses of a public nature. Criminal laws
generally deal with offenses against society as a whole. They
are prosecuted either federally or by a state for violating a
statute that prohibits some type of activity. Every state, as well
as the federal government, has statutes prohibiting identity theft
in its various forms. Table 15.1 lists some of the more common
identity fraud federal statutes that every fraud examiner should
know about.
Table 15.1
Common Identity Fraud Statutes
STATUTE
TITLE AND CODE
DESCRIPTION
Identity Theft and Assumption Deterrence Act
Title 18 U.S. Code § 1028
This act is one of the most direct and effective statutes against
identity theft. This act was passed as a result of many identity
thefts that resulted in little or no fines or forms of punishment.

17. Gramm-Leach-Bliley Act
Title 15 U.S. Code § 6801-6809
Passed in 1999, this law prohibits the use of false pretenses to
access the personal information of others (before this time it
was actually legal to call up the bank and act as someone else to
gain his or her confidential personal information).
Health Information Portability and Accountability Act, 1996
Standards for Privacy of Individually Identifiable Health
Information, Final Rule—45 CFT Parts 160 and 165
This law came into effect on April 14, 2001. It protects the
privacy and confidentiality of patient information.
Drivers Privacy Protection Act of 1994
Title 18 U.S. Code § 2721
This act ensures that personal information contained by
departments of motor vehicles is not disclosed.
Family Educational Rights and Privacy Act of 1974
Title 20 U.S. Code § 1232
This act makes it illegal for any agency that receives federal
funding to disclose any educational or personal information of
any individual.
Fair Credit Reporting Act
Title 15 U.S. Code § 1681
This act gives exact procedures for correcting mistakes on
credit reports. It also requires that credit reports can only be
obtained for legitimate business needs.
Electronic Fund Transfer Act
Title 15 U.S. Code § 1693
This act provides some consumer protection for all fraudulent
transactions that involve using a credit card or other electronic
means to debit or credit an account.
Fair Debt Collection Practices Act
Title 15 U.S. Code § 1692
This act protects consumers from unfair or deceptive practices
used by debt collectors to collect overdue bills that a creditor
has forwarded for collection.
Fair Credit Billing Act

18. Title 15 U.S. Code, Chapter 41
This act limits consumers’ liability for fraudulent credit card
charges.
These are some of the more common statutes covering identity
thefts. Usually, when perpetrators are convicted, they serve jail
sentences and/or pay fines. Before perpetrators are convicted,
they must be proven guilty “beyond a reasonable doubt.” Juries
must rule unanimously on guilt for the perpetrator to be
convicted.15-2fOnce Identity Theft Has Occurred
Chances are that at some time in the future, you or someone you
know will become a victim of identity theft. If you are so
unfortunate, it is important to act quickly to minimize the
damages. A small amount of time, such as a few days, can make
a big difference when identity theft has occurred.
Victims of identity theft should immediately contact the FTC.
The FTC is available online at www.ftc.gov or by telephone at
1-877-ID THEFT (877-438-4338). The FTC has the
responsibility to work with victims of identity theft. The FTC
will not only provide victims with valuable materials, but will
also help contact enforcement agencies and credit reporting
agencies to minimize damages.
Although the FTC is the primary agency responsible for helping
victims of identity theft, a few other agencies are also helpful
resources for identity theft victims. The local FBI and/or U.S.
Secret Service agencies can help report and investigate different
types of identity theft. If a victim believes that some or part of
his or her mail has been redirected, the local Postal Inspection
Service can help fix the mail and identify if the perpetrator has
used mail as a tool to commit the fraud. If a victim suspects that
the perpetrator may have used improper identification
information and caused tax violations, he or she should call the
Internal Revenue Service at 1-800-829-0433. If a victim
believes that his or her SSN has been used fraudulently, he or
she should call the Social Security Administration at 1-800-269-
0271.

19. Because a victim’s reputation and credit report are directly
affected by identity theft, the principal credit reporting
agencies—TransUnion, Equifax, and Experian—should be
contacted as well. Because of the gravity of identity theft, all
three principal credit reporting agencies have developed fraud
units to help victims of identity theft. These fraud units can be
called at the following numbers: 1-800-680-7289 (TransUnion),
1-800-525-6285 (Equifax), and 1-800-397-3742 (Experian).
Many identity thefts involve fraudulent checks. Therefore,
victims of identity theft should contact all major check
verification companies. If a victim has had checks stolen or has
had bank accounts set up in his or her name, check verification
companies can help restore credit as well as clear up financial
debts. If a victim is aware of a particular merchant that has
received a stolen check, the victim should identify the
verification company that merchant uses and contact them.
While there are many check verification companies, some of the
more popular agencies are listed in Table 15.2.
Table 15.2
Check Verification Agencies
Agency
Help Line
Equifax
1-800-437-5120
CheckRite
1-800-766-2748
National Processing Company
1-800-526-5380
Shared Check Authorization Network (SCAN)
1-800-262-7771
TeleCheck
1-800-927-0188
CrossCheck
1-800-552-1900
ChexSystems

20. 1-800-428-9623
In addition to the agencies listed in Table 15.2, identity theft
victims should contact all creditors with whom their name or
identifying data have been fraudulently used. Victims should
also contact financial institutions that they believe may contain
fraudulent accounts in their name. Victims will probably need
to change personal identification numbers (PIN), bank account
cards, checks, and any other personal identifying data.