ID Theft: Scourge of the New Millennium
The MBA and Partners Fight Back
By Larry Collins
The horror stories never cease. These are from the files of the Federal Trade Commission (FTC):
• “My purse was stolen in December 1990. In February 1991, I started getting notices of bounced checks. About a year later, I received information that someone using my identity had defaulted on a number of lease agreements and bought a car….I was denied a mortgage loan, employment, credit cards, and medical care for my children.”
• “My wallet was stolen in December 1998. There’s been no end to the problems I’ve faced since then. The thieves used my identity to write checks, use a debit card, open a credit card with a line of credit, open credit accounts with several stores, obtain cell phones and run up huge bills, print fraudulent checks on personal computers bearing my name, and more.”
• “I applied for a loan in November 2000 and was told I had bad credit. I requested a credit report in November 2000 and found all sorts of crazy information on it. I’m single but I was listed a married. When I renewed my driver’s license by mail, I was surprised to find someone else’s face on my license. This is a nightmare and requires a large amount of my time.”
Welcome to the underworld of Information Technology (IT).
In its annual report on consumer fraud for 2003 released earlier this year, the FTC stated that for the fourth year in a row identity theft — a crime hardly known a decade or so ago — had topped its list of the 10 most common consumer complaints filed with the commission. With more than half a million consumer complaints filed with the agency’s Consumer Sentinel database, 42 percent of them dealt with identity theft, with 55 percent of all fraud reports related to the Internet.
“Identity theft has been identified as the fastest growing white collar crime in the country, the scourge of the new millennium. Much of these crimes affect banks directly, as banking institutions continue to adopt Information Technology advances in the conduct of their businesses,” says, Daniel J. Forte, president and CEO of the Massachusetts Bankers Association.
While identity theft increasingly is becoming a problem on the Internet, the bulk of identity thefts still occur the old-fashioned way, with low-tech thieves garnering victims’ critical personal and financial data simply by rifling mailboxes or rubbish containers.
At the national level, the U.S. Postal Inspection Service cooperates with the FTC and other federal agencies, like the U.S. Secret Service, the Department of Justice, and the Federal Deposit Insurance Corp., as well as banking organizations and corporations. Here in Massachusetts, U.S. Postal Inspection Service has spearheaded the Massachusetts Identity Theft/Financial Crimes Task Force, which began operations last spring.
The MBA has been working closely with the task force to assist in developing an effective coordinated approach by federal, state, and local law enforcement authorities, together with the public and private sectors. Some of the other task force participants include the Boston Police Department, the Massachusetts State Police, the state Attorney General’s Office, and the financial investigations arms of institutions such as BankNorth, Sovereign Bank, Citizens Bank, Fleet Bank (now Bank of America), and many community banks.
“The cooperation between public and private sectors was a critical step,” said Postal Inspector Barry Jenkins, who serves as the task force supervisor. “Instead of just law enforcement people sitting down to deal with this issue, we have the business community, the major banks in Boston, and retailers like Target and T.J. Maxx. Don’t forget these are the ultimate victims of identity theft. The banks and the credit card companies and the stores are the ones left holding the bag financially.”
The aggressive efforts of the task force have already resulted in more than 200 cases being resolved. Currently, according to Jenkins, there are 149 ID theft cases pending. According to a task force memorandum, some of the cases currently being investigated include:
• A scheme perpetrated by a local gang with California connections involving a $180,000 bank fraud;
• A $221,000 loss involving mail theft, bank fraud, and the illegal use of credit and debit cards;
• A $400,000 loss involving fraudulent bank loan applications to purchase vehicles;
• A $317,000 loss by a state school pension program involving an attorney falsely collecting on his deceased mother’s teaching pension for 18 years.
Meanwhile, the MBA has developed its own ID theft group. A key component of the MBA’s ID theft program will center on co-operative efforts with law enforcement such as those already established with the MBA’s Bank Robbery Working Group and the massmostwanted.org Web site. Both of these projects have been hailed by law enforcement authorities throughout the Commonwealth, and could provide an effective framework for enhancing public information and background on the perpetrators of ID theft.
In addition, an MBA outreach effort in conjunction with member institutions has includ-ed items like the Association’s consumer education brochures, and could yet include consumer tips in monthly checking account statements, ID theft alerts on branch and ATM signage, and training sessions for bank employees on ways to protect consumers from being the victims of ID theft.
“ID theft is a multi-faceted problem,” says Kevin Kiley, MBA executive vice president, who has been at the forefront of the MBA efforts in the area of ID theft. “We are working with banks to pinpoint those areas where we can be the most effective. For example, simple things like reducing the use of social security numbers for identification are important, as well are not-so-simple tasks like developing an industry protocol for reporting procedures on ID theft.”
Beside coordination with federal and state agencies, the MBA is also evaluating some proposals aimed at creating a unified response to the problem of ID theft by all MBA member banks. These include:
• Development of standard reporting guidelines that can be used by every financial institution in the Commonwealth;
• Appointment of senior bank officials to act as ID theft coordinators;
• Utilization of existing check protection programs to enhance ID theft reporting procedures;
• Support for efforts like BIT’s current project to create a national reporting database to enhance information sharing.
“We’ll be organizing an industry forum later in the year to exchange ideas about how best to combat ID theft in the future,” says Kiley. “What we’d like to achieve is a co-coordinated approach, rather than have each financial institution develop its own protocol. It just makes a lot more sense to have all our members on the same page when it comes to fighting this serious and growing crime.”
Meanwhile, virtually all the parties fighting this widening fraud agree that the most effective way of thwarting ID thieves rests with their potential victims, those of us who go about routinely conducting our own financial affairs without giving much thought to the mounting threat to our financial security.
The fact is that just a few years ago the term “identity theft” wasn’t even in common usage, and even today you’d be hard pressed to find it in a dictionary. (It doesn’t appear in the 10th edition of the Merriam-Webster Collegiate Dictionary, or in the most recent Webster’s Un-abridged Dictionary).
“Obviously, it’s a lot easier to take preventive measures, then to put your financial situation back together again after identity theft occurs,” says Deputy Chief William G. Brooks of the Wellesley Police Department, and a member of the MBA group developing a model policy for Massachusetts police departments.
Brooks, who also worked extensively on the MBA’s successful bank robbery working group, says that with the technology that exists today, and with the use of computers to transact all kind of business, thievery has been raised to a very sophisticated level.
“Look, you can have someone with a laptop sitting in New York City using a credit card number of someone living in Boston to buy a product in California and have it delivered anywhere. That’s a pretty complicated process.”
Another complicated process involves the plethora of agencies that currently process ID theft complaints and conduct criminal prosecutions.
“Right now there’s no standardized approach,” says Brooks. “That’s what the task force is trying to put together. You might have one victim of ID theft contacting the Federal Trade Commission and the Postal Service, and another going to his local police department or the State Police, and it can be pretty confusing for the victims.”
It is expected that before long the MBA’s group will be proposing a model policy for reporting ID theft in the Bay State to the Police Chiefs Association of Massachusetts.
“A big problem right now is jurisdictional,” says Brooks. “Say someone engaged in ID theft uses a card down on Cape Cod, but the card owner lives in Natick. The Natick Police Department could conduct a successful investigation, but since the crime was committed on Cape Cod, it’s out of their jurisdiction.”
So a victim is likely to be told he must report the crime in the jurisdiction where it occurred.
“The proposed model policy will address problems like this,” says Brooks. “Police will take a report of ID theft even if it happens elsewhere.”
Meanwhile, here are eight commandments that individuals should heed to guard against identity theft, instructions similar to those contained in an identity theft resource guide, already being issued by the Wellesley Police Department. Bankers would be wise to pass them on to customers:
1. Obtain a copy of your credit report from the three national credit bureaus every year. There is no charge for these reports for Massachusetts residents, as long as just one report a year is ordered, and the procedure is painless. The credit bureaus and their toll-free phone numbers are: Trans Union Credit Services, (800) 888-4213; Equifax Credit Services, (800) 685-1111; Experian Credit Services, (888) 397-3742. Check the reports closely to insure that all the information is accurate.
2. Check out your credit card statements each month, to make sure all items were billed by you.
3. You know those endless offers for credit cards that keep showing up in your mailbox? Tear them up or shred them. Do NOT simply discard them intact. The same goes for ATM or credit card receipts. So-called dumpster divers have been known to sift through rubbish to obtain account numbers and other vital information.
4. Never mail bills by placing them in the mailbox with the red flag up. That’s a clear signal for identity thieves to pick up a wealth of your personal financial information. Mail your bills at the post office or at a U.S. mailbox.
5. Don’t carry your Social Security card around with you, and if you’re using it as your driver’s license number, contact the Registry of Motor Vehicles and have the number changed.
6. Never give out personal or credit card information over the phone unless you’re the one who initiated the call. If someone calls with a phone pitch and asks for that kind of information, tell them to get lost.
7. If you find that your credit card bills and other monthly documents like bank statements are more than a couple of weeks late, immediately contact the post office to determine if someone has been forwarding your mail to another address; contact your bank to determine if your statement has been mailed to you; and contact other companies from which you receive monthly bills.
8. Protect your personal identification number (PIN) for your ATM or debit card. Don’t walk around with it emblazoned somewhere in your handbag or wallet. Commit it to memory. When you’re at an ATM machine, and there are folks behind you, cover your hand when you punch in your PIN.
At first glance, these steps seem to go far beyond the proverbial “ounce of prevention.” At instructional seminars on the subject of ID fraud, inevitably during the Q&A session someone is likely to stand up and ask plaintively, “Who has the time to go adopt all these preventative measures?”
If a victim of ID theft happens to be at the session, the answer to that question will be readily available. You’ll hear things like, “This is what you have to do: After shutting down all your accounts… notify the police, and then notify the FTC ID Theft Clearing-house…Keep a copy of the police report, it will come in handy when people accuse you of dodging your bills by claiming to be an ID theft victim (And that will happen!)… Obtain an Identity Theft Affidavit from the FTC Web site… Keep a journal, recording every single conversation you have about your ID theft experience… Keep copies of every letter exchanged during the process, being careful when you send letters that they’re sent by registered mail…”
Obviously, the list of things to do in order to rectify the damage of ID theft seems endless, but it takes far more time than implementation of the foregoing eight preventative commandments.
“This is a horrendously complex issue, and there are no easy answers in how to cope with it,” says the MBA President and CEO Daniel J. Forte. “That’s why the work of the MBA in conjunction with the Massachusetts Identity Theft/Financial Crimes Task Force is so critical.