Identity Theft How to Protect Your Name (9 page)

Using
ordinary kitchen supplies
, a Japanese researcher was able to fool a fingerprint detector about 80 percent of the time. And, back in the U.S., several researchers defeated smart card technology using a camera flashgun and microscope to extract secret information widely used in smart cards.

7 7

T H E P R O B L E M S C A U S E D B Y E X I S T I N G I D T O O L S

C O N C L U S I O N

SSNs and state driver’s licenses are
chaotically administered
and easy to fake. Nationalizing the American ID system gives many people Orwellian jitters.

And smart card technology can be bested by smarter crooks. So, what’s the answer to the ID card question?

Like so many answers: Common sense and some in-cremental reforms.

Congress should work with state governments, including state legislatures, to provide DMV employees with necessary tools and training on renewal and issuance of state driver’s licenses and to assist with anti-fraud programs. For example: •

Any errors in replacement requests for driver’s licenses and state ID cards, such as misspelling of the applicant’s name or street name, should be considered a significant reason to flag an application for further evaluation.

•

All DMV employees that deal with the issuance and renewal of identifying documents should receive comprehensive and ongoing training.

•

Requests for duplicate or replacement driver’s licenses or ID cards should only be presented in person, not by phone or the Internet.

•

A testing program should be employed to identify fraud and abuse within the DMV’s systems and to verify that procedures are being followed.

7 8

C H A P T E R 3

States could greatly improve the security of driver’s licenses by adopting
common sense procedures
, such as:

•

Improving the identification verification process by establishing designated licensing offices where employees would be trained to spot fraudulent documents and be equipped with the computer equipment necessary to check databases maintained by the SSA and INS. Non-permanent resident immigrants and visa holders would be required to use one of these offices.

•

Eliminating some types of documentation that can be easily forged or abused, such as the I-94 visa form and the IRS

taxpayer identification number.

•

Stopping the common practice of issuing licenses to foreign nationals on a same-day basis, which makes it extremely difficult to properly check identity and residency documents.

•

Tying license expirations to those indicated on visas and foreign passports instead of automatically granting the typical four-to-six year expiration period.

•

Restricting the number of duplicated licenses issued to one individual to replace stolen or lost originals.

•

Requiring that photo identification be shown at every stage of the licensing process and refusing to permit photographs that obscure individuals’ faces.

7 9

T H E P R O B L E M S C A U S E D B Y E X I S T I N G I D T O O L S

•

Increasing the penalties for obtaining a license through fraudulent means.

What can you do to secure your SSN and driver’s license? Keep your Social Security card out of your wallet or purse and in a safe place at home. Keep your SSN
in your head
—and only give it to companies that really need it. This will be reiterated throughout this book.

You have to keep your driver’s license on your person…and you probably need a state-issued photo ID even if you don’t drive. The best advice here: Try not to lose it.

8 0

C H A P T E R 4

4

ID THEFT

So, we’ve covered what identity theft is. And who’s most likely to commit it. And how the nature of many identification systems enables the thieves. In this chapter, we consider the question of precisely how identity thieves commit their crimes.

Because ID systems are so varied, there are many ways for crooks to commit identity theft. Low-tech thieves can dig up personal financial information by going through
commercial and residential trash
. More ambitious—or less patient—thieves can steal mail from mailboxes. Others look for
low-risk opportunities
to pick up an inattentive person’s wallet or purse.

Identity thieves tend to be more creative than dar-ing. Few want to face the risks of stealing information at knife-point. They’d much prefer to take a job
as a janitor in an office building or bribe a letter
carrier to hunt for credit card bills or other information.

8 1

T H E M E C H A N I C S O F I D T H E F T

And then there’s the Internet. With the proliferation of computers and increased use of the World Wide Web, identity thieves have used information obtained from
company databases
and Web sites. In some cases, the information obtained is in the public domain; in others, it is proprietary—and is gotten by means of a computer intrusion.

In this chapter, we’ll consider the most common mechanics of ID theft.

S T E A L I N G C H E C K S

Mechanically, the easiest way to steal someone’s identity is to get his or her personal checks. Even if the check is all a crook has, it can be enough.

In the summer of 2002, an Arkansas man stole several people’s identities by using information on personal checks he took from a
small business’s cash
box
. Local law enforcement authorities were concerned because he was able to make so much financial mayhem with nothing more than the checks.

The cash box was stolen from Quality Door & Screen in North Little Rock in April. About two months later, different state revenue offices issued three separate identification cards bearing the same picture. The thief forged forms of identification—including out-of-state driver’s licenses and birth certificates—and used those to get Arkansas state IDs. The names and addresses on the IDs matched those of people whose
checks had been in the cash box
. And the crook got them without having Social Security numbers or other critical information.

8 2

C H A P T E R 4

Next, he used the state ID cards to make small deposits into bank accounts belonging to the three central Arkansas men whose checks had been in the cash box. Finally, over several days, he withdrew everything from the accounts. In total, he made away with more than $10,000.

North Little Rock police were left with a picture…but no name or other information…of the ID thief.

That same summer, an Oregon woman accused of using stolen checks and fake identities to purchase at least $150,000 in merchandise from Portland-area retailers was arrested. Catherine Gail Hoy-Nelson was caught driving a $35,000 Mitsubishi Eclipse convert-ible that had been reported stolen because it was
purchased with a bad check and a stolen identity
. A printout of a local police department’s Internet Web page—with Hoy-Nelson’s picture featured in a most-wanted section—was in the car.

In the days after her arrest, police recovered about $25,000 in merchandise purchased with stolen checks from retailers such as Home Depot and Leather Express.

Police had been looking for Hoy-Nelson for more than a year. They’d tracked her at different times to various Portland-area addresses…but had not been able to locate her. Her
modus operandi
had been to
prowl
wealthy neighborhoods
, looking for packages of new checks to steal from unlocked mailboxes. After she got the checks, she’d create an identity for herself around them.

8 3

T H E M E C H A N I C S O F I D T H E F T

But Hoy-Nelson didn’t operate entirely alone; local police said that she’d worked with various people to sell the ill-gotten merchandise or trade it for drugs.

S T E A L T H E W H O L E M A I L B O X

Since local law enforcement—and even many individuals—have gotten wise about protecting checks in unsecured personal mailboxes, some crooks have gotten more aggressive about what they steal.

In late August 2002, thieves took a U.S. Postal Service mailbox in San Diego—making it the fourth stolen in three months. All of the mailboxes were removed by being
unbolted from the ground
; all were eventually found, empty. The crooks seemed to be working methodically. The mailbox heists took place about every 30 days, in different parts of San Diego County.

And there was no doubt what the crooks were looking for. A retired schoolteacher who’d lost mail in one of the boxes reported ID theft to local police.

Someone had altered checks included with two of her bills and cashed them—taking $1,300 from her checking account. Separately, someone had applied for a credit card in her husband’s name.

In September 2002—a continent away from San Diego—a crew of thieves broke
open mailboxes at
post offices
in several suburban communities south of Tampa, Florida. The selected post offices were in neighborhoods considered
safe, middle-class (not
wealthy) communities
with many retirees.

The crooks seemed to have prepared for their heists and cased the post offices in advance. Their
modus
operandi
was to wait until dark, then approach collec-8 4

C H A P T E R 4

tion boxes outside of the targeted post offices. They’d used heavy hand-tools (apparently custom-built for the work) to pry open the back doors of the collection boxes and steal all of the mail inside. A witness to one of the thefts said the crooks were a group of four, apparently three men and a woman. They worked very quickly and seemed to be
well-re-hearsed
.

The crooks also seemed to be careful to keep their schedule unpredictable. Two of the mailbox heists took place a few days apart; the others more than a week apart. The local police said this made it unlikely that the thieves were mischievous teenagers or desperate junkies. One officer said the crew was “careful” and “definitely not stupid.” The irregular schedule made it harder for police to anticipate their moves.

Investigators with the local sheriff’s office said that, though the crooks took everything from the mailboxes, the careful preparations pointed to ID theft as the motive. The crooks were probably
looking for
mortgage and credit card payments
—which would include account information and checks.

C R E D I T C A R D S K I M M I N G

Skimming occurs when the
data on the magnetic
strip
on the back of a credit or ATM card is captured by swiping the card through a device that re-sembles, in most cases, a pager or small cell phone.

The information from the magnetic strip is stored in the device until its memory fills up or until it is downloaded to a computer or transferred onto the magnetic strip of blank cards. (The blank cards that have the copied data are called
cloned cards
.)
8 5

T H E M E C H A N I C S O F I D T H E F T

The restaurant industry is particularly vulnerable to skimming because it is one of the few retail sectors where, for a few moments, customers are separated from their credit cards and often can’t see their servers processing payment authorizations. Because most skimming devices are small enough to fit unseen in an adult’s hand, an
unscrupulous waiter, bartender or
cashier
can easily swipe a card without being seen.

Skimming first caught the attention of law enforcement agencies in the mid-1990s, when e-commerce and other types of electronic transactions started to become popular. In the classic model, crooks skim credit cards at restaurants or other retail stores and then use to the card information to make online purchases—usually within 24 hours of the skim.

Credit card companies don’t like talking about how
much money is stolen through skimming; apparently, they believe that discussing the phenomenon
will only encourage more of it. But informed sources
in the industry estimate that the major card companies lose as much as $300 million a year in the U.S.

due to skimming.

The crooks that specialize in skimming usually
work
with restaurant or retail employees
who consider themselves underpaid. The crooks offer $20 to $50

per swiped card. The employees take the devices with them—as we mentioned, the things can be easily mistaken for a pager or cell phone—and swipe as many cards as time and circumstances allow.

8 6

C H A P T E R 4

Smart crooks will circulate through a metropolitan area, not spending more than a day or so skimming in any single location. In fact, according to one Florida law enforcement official, the most efficient crooks will spend two or three times as many hours finding promising locations and corruptible waiters or bartenders as they will actually skimming.

Experts say that 70 percent of all skimming takes
place in restaurants or bars. But that doesn’t mean
all skimming takes place there.

In July 2002, Benjamin Driscoll—a resident of Delray Beach, Florida (north of Miami) discovered a
skimming scheme
at a local Bank of America branch.

When Driscoll swiped his ATM card and entered his PIN at one of the branch’s cash machines, a message appeared on the screen stating that his transaction could not be processed.

Driscoll swiped his card again but grew suspicious and tugged on the machine. A skimming device, which had been
attached with Velcro over the ATM
’s normal card slot, came off into his hands.

A spokesman for Bank of America admitted that Driscoll’s experience was not unique…that a number of aggressive ID thieves attach skimming devices to ATMs. In most cases, the spokesman said, the thieves will also attach professional-looking signs to the machines saying there is something wrong with the ATM