Stolen names, stolen lives
Fake IDs helped the terrorists; but don't expect a quick fix for identity theft
Just weeks after Pennsylvania branded identity theft a crime last year, one of the legislators who wrote the new law, Rep. Matthew Baker of Wellsboro, discovered that someone had filched his identity. Baker's impostor racked up $10,000 in bank loans and credit card charges, and even managed to obtain Baker's birth certificate, Social Security card, and driver's license. "It's frightening to think that your identity could be stolen that quickly and easily," says Baker.
Frightening, but hardly surprising. Congress declared identity theft a federal crime in 1998, and since then the problem has gotten worse, as ID thieves have become ever more sophisticated in their efforts to pretend to be other people and to bilk banks and creditors--for hundreds of millions of dollars--in their name. The tragedy of September 11 underscores the gravity of the offense and the shortcomings of the nation's piecemeal identification system. All 19 of the hijackers that day used multiple aliases and assumed several identities, officials told Congress last week, and some of them even held more than one Social Security number. "We know now, without question," testified James Huse, the inspector general of the Social Security Administration, "that this illegal activity not only facilitates financial crimes but provides capability for organized criminal enterprises to sustain themselves while engaged in acts of terrorism." But just as Congress's last act failed to curb the problem, it's not clear that the solutions being considered in the wake of the terrorist attacks--including a controversial national identity card--will fix the ID mess.
"Information is the world's new currency," says Bruce Townsend, special agent in charge of the U.S. Secret Service's financial-crimes division. No wonder that it has become a lucrative business to use another person's identification--name, Social Security number, and date of birth--to open new lines of credit, tap existing bank accounts, apply for mortgages, lease cars, or get insurance. The thieves run up tabs on the accounts while the victims are left to dispute the bills and repair tarnished credit reports. While no single agency tracks identity fraud, the Secret Service says potential losses in its investigations jumped from $851 million in 1998 to $1.4 billion last year.
The greedy apparently have no scruples: Last month three people were indicted for using the identities of people who had perished in the World Trade Center terrorist attacks. "This is a new low," says Rep. Clay Shaw of Florida. In one of the cases, a limousine service owner in California is said to have gotten an American Express card and tried to obtain a $750,000 mortgage under the name of Daniel Brandhorst, a tax practitioner at PricewaterhouseCoopers in Los Angeles. Brandhorst was returning from vacation in Boston with his partner and son when United Airlines Flight 175 crashed into the World Trade Center.
The root of the identity theft problem is the lack of a formal, centralized identification system. The driver's license, originally intended to be nothing more than a permit to get behind the wheel, has evolved into the nation's de facto ID card. With a fake driver's permit, everyone from underage kids looking to buy a drink to terrorists looking to buy a plane ticket can pass for legitimate. The trouble is that authorities don't always verify the identity of the person they issue a document to, be it a birth certificate, passport, or license, according to Werner Raes, a detective and vice president of the International Association of Financial Crimes Investigators. In August, seven of the hijackers took advantage of a rule at the Virginia Department of Motor Vehicles allowing applicants to get others to vouch for their identity and residence. All they had to do was submit sworn affidavits. Now four locals face federal charges for helping the terrorists prepare the bogus statements. The department has since abandoned the practice.
Carded. The patchwork of IDs available complicates the job of authorities trying to verify what's real and what's fake. There are 16,000 different versions of birth certificates in the United States. And there aren't just 50 drivers' licenses--one for each state--but 243. "Nobody can possibly know every version of every document that we print," says David Myers, identification fraud coordinator for the state of Florida. "I have to peek at my book all the time." Counterfeit papers, meantime, have gotten more difficult to detect because criminals have turned tech-savvy. "One could easily produce a fictitious document that purports to be a birth certificate," says the Secret Service's Townsend.
Crooks don't have to resort to counterfeiting, since so many personal data are available for the taking, online and elsewhere. The Social Security number--the magic nine-digit number that unlocks doors and is the password of identity theft--has never been more public. Health insurers use it for patient IDs, and universities use it for student IDs. It is bought and sold online, and it peppers public records. There are other, more grandiose schemes. "The hot ticket is what I call company infiltration," says Wayne Ivey, head of the identity theft task force at the Florida Department of Law Enforcement. Data have been pinched from payroll and personnel records, insurance company files, and retailer databases. Beginning in 1997, for example, a woman who worked at times for Ericsson, the electronics company, and Perrier swiped the personal data of coworkers and passed them to an accomplice. He siphoned about $700,000 from eight of the victims' E*Trade stock accounts and took cash advances of more than $800,000 on 60 credit cards.
While the problem gets worse--the Federal Trade Commission gets 4,000 calls a week to its identity theft hotline, more than double the volume of a year ago--solutions seem scarce. Victims and consumer advocates say creditors should be doing more to confirm the identity of those seeking loans, and credit bureaus should flag suspicious credit report entries. The banks insist they are doing what they can, citing consumer education and the systems credit card companies use to spot unusual purchases. "Clearly, the access of information that folks have everywhere makes it much more of a challenge to verify ID than ever before," says John Byrne, senior counsel, American Bankers Association.
No excuse, says Nicole Robinson of Oxon Hill, Md., who says someone opened two accounts in her name even after fraud alerts were posted on her credit reports. Likewise, Maureen Mitchell of Madison, Ohio, was outraged to discover last week that someone made four withdrawals totaling $34,000 from two of her savings accounts--two years after she'd been victimized by identity theft. After the original incident, Mitchell and her husband had placed security protocols on the accounts, which were supposed to prevent anyone from gaining access to them without a password and photo ID. "This has spun out of control," says Mitchell.
The major credit bureaus have been developing products to help lenders detect identity theft at an earlier stage. Consumers, too--but they have to pay. "We all have a vested interest in combating this problem," says John Ford, chief privacy officer at Equifax. Yet they too must strive to stay a step ahead of the bad guys. "If they [criminals] attempt new ways to compromise records and victims, we change and improve our abilities to detect that," says Diane Terry, head of TransUnion's fraud victim assistance department.
But most fixes plug only some holes, not all. Legislation has been introduced in Congress to prevent identity theft. Motor vehicle administrators vow to shore up the integrity of driver credentials. Proposals abound calling for retina scans, fingerprinting, and a national ID card. None are likely to be enacted soon. Since September 11, that business-as-usual pace has victims madder than ever. Says Mitchell: "I'll be damned if my savings account is going to be accessed to finance some terrorist to crash into a building."
Identity ripoff
The FTC maintains profiles of some 94,000 identity-theft victims. The major offenses:
Share of stolen identities used for:
Credit card fraud 43 pct.
Purchase of phone or utility service 20 pct.
Loans and bank fraud 20 pct.
Employment 8 pct.
Government documents or benefits 7 pct.
Note: Victims may experience more than one form of identity theft.
Source: Federal Trade Commission
Rob Cady--USN&WR
The numbers to call
What To Do
Victims of identity theft should contact the Federal Trade Commission's Identity Theft Clearinghouse. Its Web site (www. consumer.gov/idtheft) and the counselors who staff the toll-free hotline (877-438-4338) provide advice and refer complaints to law enforcement.
To alert the major credit bureaus to your plight, call:
Equifax 800-525-6285
Experian 888-397-3742
TransUnion 800-680-7289
This story appears in the November 12, 2001 print edition of U.S. News & World Report.