Identity Diet

iUniverse, Inc.

Contents

Dedication............................................................viiPreface...............................................................ixChapter 1: Identity Theft.............................................1Chapter 2: Fraud Schemes..............................................5Chapter 3: Identity Obesity...........................................10Chapter 4: Identity Theft Spiral......................................13Chapter 5: Identity Theft is Unavoidable..............................16Chapter 6: Identity Life Cycle........................................18Chapter 7: Fraud Drivers..............................................20Chapter 8: Identity Theft Laws........................................22Chapter 9: Identity Theft Awareness...................................31Chapter 10: Identity Diet.............................................33Chapter 11: Identity KAOS Principles..................................35Chapter 12: Best Identity Protection Practices........................44Chapter 13: Detecting Identity Theft..................................71Chapter 14: Getting Free Credit Reports...............................74Chapter 15: Life after Identity Theft.................................76Chapter 16: Identity Theft Action Plan................................78Chapter 17: Dispute Letter............................................80Chapter 18: Identity Theft Affidavit..................................83Chapter 19: Identity Theft Resources..................................85Conclusion............................................................87About the Author......................................................89

Chapter One

In general, identity theft is referred to cases whereby someone's identity is used without authorization for gainful purposes. There are many criminal acts which can arise from identity theft cases including credit and medical fraud, unauthorized employment, and the sale of in-demand private information to media outlets. The consequences of identity fraud and disclosure of private information are sometimes devastating to consumers and may include ruined credit and inability to borrow money, false criminal accusations, commingled medical records, negative media attention, competitive disadvantage, wasted time, lost wages, warrants and jail time.

It is a well known fact that identity theft has been consistently on the rise and is an evolving crime. Although identity theft statistics are constantly revised and can be obtained from a variety of sources, the following statistics obtained from Javelin Strategy & Research seem to sum up most of the findings related to identity theft:

In 2008, 10 million people were victims of identity theft (20% increase from 2007), and, in 2009, over 11 million people were affected by identity theft (10% increase from 2008), Fraud happens very quickly after an identity is stolen, usually within a week, indicating the importance of timely fraud detection to minimize the damage, Majority of victims detect identity theft 3 months after fraud occurs, and some discover fraud after 4 years or more, A victim may spend over 20 hours and $300 to resolve an identity theft case, and sometimes even months or years, Interestingly enough, stolen wallets and documents account for 43% of all identity theft cases indicating the low tech aspect of the crime, Identity fraud typically includes checking account fraud, unauthorized new credit accounts, credit card fraud and cell phone fraud, In more than 50% of all identity theft cases, the victim either personally knows the criminal or has done business with, Consumers are usually not liable for the fraud costs however, they still endure certain expenses related to their cases as well as some emotional and physical impact while dealing with identity theft, In 2009, over 220 million private customer records were compromised from businesses, and The estimated annual identity theft related costs for businesses is over $200 billions.

As we continue to face serious cases of identity theft, it is important to notice how the term "identity theft" has been broadly used to refer to many unrelated cases. The fact is that not all cases referred to as "identity theft" include the theft of exploitable personal information. If we separate the term into "identity" and "theft", we can conclude that not all "identity theft" cases involve exploitable information (identity) theft. For example, a misplaced document containing a list of birth dates should not be considered a case of identity theft because a) the list is not stolen and b) a date of birth means nothing by itself. However, once a list of birth dates which includes corresponding names or addresses is stolen, then the case can be referred to as a case of identity theft. Therefore, based on the broad definition and casual use of the term "identity theft", not all cases lead to fraud or other serious consequences.

Some identity theft cases may lead to identity fraud because specific and exploitable identity components are actually stolen for the purposes of committing fraud, however, identity theft may not result in identity fraud in all cases because of the casual use of the term "identity theft" in lost or misplaced cases of unexploitable information. Therefore, without "fraud" which is the intent and most likely the end result of actual identity theft cases, there is no harm in the act of "identity theft". Maybe disclosure of personal information such as medical records is worrisome if the information can be used against us, but a medical fraud is probably more deadly and concerning than the innocent disclosure of medical information because of the commingling of personal information which can occur during medical fraud. Let's further explore what I mean when I suggest placing our focus on identity fraud rather than the term "identity theft" which is casually used these days: 1) fraud is the main purpose of actual identity theft cases, 2) our identity is never totally lost or stolen, and 3) authorized sharing of our identity may result in fraud without identity theft. Let's analyze all three points and determine why the term identity theft may be misleading while identity crime or fraud should be the focus.

First, personal information is often stolen for fraud purposes. There are rare cases when personal information is stolen for non-fraudulent purposes such as curiosity or as part of another criminal act such as when a wallet is stolen for its cash. However, a stolen wallet does not make it a case of identity theft or the person an identity theft victim. What is the meaning of identity theft if no fraud can be committed? The term identity theft means nothing if no crime can be committed except maybe when our privacy is compromised. I may be worried about the disclosure of my private information because it can be used against me in some cases, but if criminals are not able to use my information against me such as not being able to illegally enter another country with my lost passport due to improved security controls at the airports or within the passport itself, then no crime can be committed and no harm is done. Therefore, the possibility and consideration of a crime is more important than the supposed case of identity theft. The casual use of the term "identity theft" in our society reduces the importance of the identity crime and it is often upon the discovery of a fraud that we realize our identity has been stolen.

Second, while criminals may use some of our identity components to commit various crimes, we are still capable of functioning within the society using our other identity components. For example, we may not be able to use the credit card that was stolen or apply for new credit cards due to the mess in our credit reports, but we can still use our other existing credit cards, go to the gym with our membership cards, and travel with our passports depending on which piece or component of our identity was stolen. You see, when we say our identity is stolen, it almost sounds like we no longer possess our entire identity and can't function at all.

Lastly, identity fraud can occur without identity theft. Many times, close relatives and friends with whom personal information is shared, abuse the trust and commit fraud with the entrusted information. Other times, some people may knowingly share their identity components with others to commit illegal acts or identity fraud. By doing so, they help their relatives or friends get medical help for example, without considering any serious consequences for themselves. Should these cases of identity fraud be considered the results of identity theft? Not really if personal information was shared willingly. There is no theft when information is shared willingly but we continue to broadly and casually define these cases as identity theft. This may surprise you but voluntary sharing of personal information with friends, family members, and coworkers is very common to help them get medical help, enter a building by using an access badge, get cash from the bank's cash machine, or even leave and enter countries illegally. Although, these acts are considered illegal and fraudulent, they are not the result of identity theft but rather the results of authorized sharing of personal information.

Chapter Two

Fraud schemes typically include three major elements; fraud objective, required identity components, and execution plan. Sometimes the fraud objective might be cash or medical care which determines the required identity components such as insurance card, debit card and pass code to execute the scheme. Fraudsters will resort to various methods for executing the plan and achieving the final and desired fraud objective. Sometimes, a fraud scheme may require more than one identity component or piece of personal information in order to commit the specific fraud. For example, if a fraud objective is to steal cash from a bank Automated Teller Machine (ATM), a debit card and its access code or Personal Identification Number (PIN) are needed to execute the fraud scheme. As such, the fraud scheme should include steps to steal a debit card (or produce a counterfeit) along with its ATM access code in order to take cash out of the ATM. In the past, when debit cards could only be used to withdraw cash from the bank machines, the risks were lower than today since fraudsters can also go shopping with today's debit cards which also display the Visa or MasterCard logos and then sell the items in the open market to the highest bidder.

Here are a few methods that fraud schemes can be executed to steal identities:

Physical theft - in this scenario, personal information may be stolen from home, office, car, luggage, purse, wallet, briefcase, pockets, and others with whom personal information is shared. Such personal items or identity components may include credit cards, debit cards, passport, birth certificate, ATM code, driver's license, Social Security Number (SSN), account numbers, check books, and online account pass codes. The list of identity components which can be stolen to commit fraud is long and depending on the objectives of the fraud, only one or a few identity components may be needed to finalize the fraud schemes. According to recent identity theft statistics, theft of physical identity components accounts for about 50 percent of all identity theft cases. For example, stolen wallets consisting of one or more credit cards are often the root cause of credit fraud.

Spams - These are unwanted emails that we receive which are intended to accomplish certain goals. Spam emails might communicate certain information to the email recipient such as information about a product or service or include a link which will take the email recipient to a website or download a program on the user's computer when clicked. Such emails must be deleted immediately and removed from the trash folder. They must never be opened and the link within must never be clicked as it might install a dangerous software on the computer for the purposes of stealing personal information.

Pretexting - This term which is also synonymous with spoofing, impersonating, masquerading or mimicking is used to pretend to be someone else in order to extract desired information for committing fraud. An example of a pretexting is a spam phishing email which appears to be sent by a legitimate company. Once a consumer trusts the source of the email (because it appears to be from a company the customer does business with such as a bank), desired information may be shared willingly as requested by the email instructions.

Spoofing - As mentioned, spoofing is also another term used for pretexting to extract desired information from potential victims for the purposes of identity theft.

Phishing - Although, email communications may have various objectives, some are interested in specific information. In order to extract the desired information, some emails may appear to come from someone or a company the recipient recognizes. Generally speaking, these emails are well drafted and include a company logo to appear coming from a legitimate company. Sometimes, they are very hard to detect and really appear to come from a friend or a company we do business with. Sometimes, these spam emails are designed to take us to websites which either market a product or ask for our personal information. These are called phishing spams which are designed to extract confidential and personal information from people. Some of them are actually very well done and use fear tactics to lure people into sharing their information immediately and without any hesitation. For example, the phishing email might appear to be coming from a bank (pretexting) which states that "your account has been compromised and your cooperation is immediately needed". It further states the bank account has been frozen until the account holder provides additional information. It also states that all the scheduled payments and checks will be rejected pending the receipt of the additional information. This phishing email pretending to be coming from a bank is using scare tactics in order to entice the person to give away account passcode and other personal information immediately which can then be used to access and empty the account.

When someone receives such phishing schemes asking for personal information, it is recommended that the account holder logs into the account to verify if the account is really frozen and not accessible. If the account can not be accessed, the bank must be contacted directly by calling the number listed on the monthly bank statement and not the number provided in the spam email. And if the account can be accessed and the transaction amounts are verified as accurate, the email must be deleted and the account must be monitored for a few days to detect suspicious activities.

Social Engineering - This is another fraud scheme designed to extract information directly from people. Most often, someone approaches a potential victim by phone, email, letter or in person and pretends to be some authority figure that the victim recognizes such as a police officer, IRS agent, debt collector, or the security officer at the work place. These people again approach with a made up story and ask for certain information such as the Social Security Number or the account passcode. Such requests must be validated to ensure the individual and his requests are legitimate. To validate the legitimacy of such requests, an examination of a piece of identification and justifications for requested information must be completed. If the legitimacy of both the requestor and the request can not be fully and readily verified, the request must be rejected and no information must be shared. Also, identity thieves may approach unsuspecting consumers at the ATMs and other places to offer help such as with ATM code entry and system access while they steal the secret information and empty bank accounts.

Skimming - Card skimmers are devices which can read credit and debit card information in order to produce counterfeit cards. The skimming device can be placed on the ATMs where people insert their cards to withdraw cash, and as they scan their cards and enter the PIN, their card information is extracted and the entered PIN is either caught on an illegally installed camera or someone approaches the victim and uses the social engineering technique described above to offer help and extract the PIN from the victim. Also, the devices can be portable and used in public places such as restaurants. While the waiter carries the credit card away to charge the restaurant bill on the credit card, the device can be used to read all the card information in seconds which can then be used to produce counterfeit credit cards. Some restaurants in Europe and elsewhere require waiters to process the credit card transaction in front of the customer in order to defeat skimming. Consumers must be more aware and cautious of non-working ATMs and suspicious people, devices and places.

Shoulder Surfing - This is a casual fraud scheme used on unsuspecting people at the cash machines or on the computers. Fraudsters stand behind potential victims while they enter their codes into the cash machine or computer and observe the pass codes or other private information as they are entered or visible on the screen. When entering or reading confidential information in public places such as at the airport, coffee shops, banks or on the airplanes, we must notice how closely a person is standing behind us and cover our hand as we enter the pass code. To protect the privacy of the information we read on a computer, we can use a computer privacy filter which will prevent someone from reading the information displayed on the computer screen from a side angle.

(Continues...)

Excerpted from Identity Dietby Henry Bagdasarian Copyright © 2010 by Henry Bagdasarian. Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.