We have all heard the horror stories about identity theft. Someone assuming all your personal information and racking up unpaid bills. Ruining your credit. Maybe even getting an arrest record all under your name and social security number. Then you lose everything while spending months or even years trying to convince the banks and authorities that the deeds were done by someone else.
My questions:
Is identity theft still as prevalent as it was? Assuming it was even all that prevalent ever?
Are the days of the horror stories of the person spending years fighting to get their life back over?
I’m not suggesting this is the stuff of urban legend like waking up with a missing kidney and a note scribbled on the bathroom mirror. More I’m just wondering if this is still a real scenario, with all the modern safeguards and the fact that “we” (including banks and government agencies) now fully understand the potential for identity theft.
And just to be clear I’m not talking about the relatively mundane issue of a stolen credit card being used, that is a nothing issue now as I have seen more than once. The banks, well mine at least, just remove the disputed charges right away and then send you an affidavit to sign swearing it wasn’t you. Also they replace your card.
I was curious so I took a look on the Bureau of Justice Statistics web site. They have more detailed statistics up to 2010, but the did list that 8.8 million people were victims of identity theft in 2010, and the latest numbers that I saw on the site were 2012, which listed 16.6 million victims. For comparison, they list 3.6 million victims in 2004.
In my admittedly brief search I didn’t see any statistics later than 2012, but from what they have on the site it seems that unless there’s been a dramatic decrease in the last couple of years, if anything the problem is worse now than it used to be.
ETA: Note that their statistics include things that you are trying to exclude, but that’s the best statistics I found (not that I dug too hard).
I have seen similar numbers myself but they always include things like a onetime use of credit card numbers.
In one I saw from my insurer they also counted the theft of personal information, but not use of, as identity theft. So for instance if your cards were part so a group that were stolen and cancel preemptively by the bank that would be counted as identity theft. At least according to the notice I got from my insurance company who recently got hit for data.
I’m even having a hard time coming up with news articles of the long lasting, no one believes you, identity theft scenario.
Given the restrictions on getting identity documents after 9/11, plus the greater awareness of the problem by banks and credit card companies, it’s my impression from the news that the problem of full identity theft is less. It used to be that someone would find that another had taken their full identity (like that bad movie) and operated as that person - and the news stories were full of how the victim could not get the various banks and credit agencies to understand the problem. Today, everyone knows the problem and there are more safeguards for correcting issues.
I agree, the biggest problem is really credit card theft, not full-on identity theft.
I realize that the plural of anecdote is not data, but I’ve personally known several people who have suffered from identity theft… but not by strangers. I suspect that’s not at all uncommon, a deadbeat family member opening up credit cards and such in your name.
I’ve known a couple people who have been victims of “identify theft” as their banks called it. Both times it just resulted in fraudulent charges being made from their debit card account. They both ended with the bank calling to ask if they made the charges, and when they said no the bank credited all the money back. The bank had already cancelled the cards as soon as fraud was even detected, so that was the biggest headache - waiting for a new card in the mail.
One of the cases was a little over $700 being charged at an out of state Staples store. The other was the card continually being charged at decreasing rates online until one of them finally cleared.
In another unrelated instance I used to work at a large ecommerce provider. We once had a breach in security that let loose over a hundred thousand customer credit card numbers and other general data. The company provided free credit monitoring for 12 months and no instances of abuse were ever recorded. We lost 2 customers over the ordeal despite calling every store owner to let them know of the issue.
I’m sure really bad things can still happen but in my experience issues of identity theft have just been minor headaches.
A woman at work is going through it now, although from a guy she dated for 4 months and not a stranger. Every day she finds out about a maxed out credit card in her name that she never knew about. Her name also showed up as a cosigner on a couple vehicles, one which he disappeared with and a motorcycle that he bought and left. She can’t sell the bike or report the car stolen because they are in both their names. I’m not sure what information he used other than her SS number. Apparently he was already wanted for fraud in a couple states and the authorities are hot on his tail.
It’s been pretty hard on her. One day she drove to work at 8am and had a breakdown and couldn’t get out of her car. She sat in it crying until 3pm then went home. We took turns taking her drinks and snacks and trying to comfort her. I’m not sure exactly why, but she’s losing her house.
So yeah, maybe they’ll eventually sort through all this and forgive the debts in her name, but right now she is ruined. Not to mention that she spends half her days calling and faxing credit card companies, credit bureaus, banks, collecting documents and bills, talking to the police etc.
I would distinguish between credit card fraud and identity theft.
Credit card fraud is where the person gets your card number, possibly some other data, and attempts to use that card.
Actual identity theft, I suppose, is anything where the person needs to act as the other person in some fraud beyond attempting a credit card transaction. As mentioned in the above example(s), they apply for cards, other credit, or bank accounts in the other person’s name, or involve more complex transactions; for example, buying vehicles typically something beyond presenting a credit card is required (usually fake ID, application for credit to be approved, etc.)
I thought I had read that the credit reporting agencies can now put flags on a person’s credit report if there is an ongoing risk of this sort of fraud.
Two major identity frauds in the UK just now: The crook who can intercept your mail (big problem in multi occupancy residences) applies for loans in your name and intercepts all the relating correspondence.
A newer one is when people are selling property. The crooks email the solicitors with a new bank account for them to transfer the cash to. Of course it is one they created just for the scam. This one is probably dead now since the solicitors have been held liable.
Having been a recent victim - it’s a pain in the ass. Someone has my SS and date of birth and is opening loans in my name. The upside is that the entities I’m dealing with all have processes to deal with the problem, and so far nothing catastrophic has happened to me, but it IS eating up time, energy, and money and causing me stress.
So… maybe not as bad as it use to be 20 years ago, but still a colossal pain in the ass.
I had my identity stolen in 2001. I filed a police report and sent it to fraudulent creditors and I called the three credit bureaus and had a note added to my report to deny all credit requests for a period of time. It took a little time on the phone and some companies were more cooperative than others but I had a clean and correct credit report within a few months.
Corporate computer are routinely hacked; the credit card numbers along with certain identifying info then goes up for sale in the dark web. Brian Krebs reports on this regularly. Recent posts:
Admittedly, defense typically involved cancelling your credit card and putting a fraud alert on your credit record. I’ve been a vic twice, and the recent one was easier than than my 1980s experience.
I do wonder how long this can carry on - after all, since the main loser in any such transaction is the company making the loan, one hopes they would quickly learn to require reliable identification before handing out money.
Or has the person managed to obtain more pieces of “valid” ID from that information? IIRC there was a thread a few months ago about how hard it was to establish identity documentation from scratch if you had no existing records to rely on. I guess it all goes back to the question of how do you prove you are you, how do they catch someone who claims they are you but are not?
I know after some examples of mortgage fraud about 15 years ago, Canadian banks and title registrars have more stringent demands for identification before allowing any such transactions.
I had a hard time tracking down this story, but that was simply due to searching the archives of the wrong magazine. Once I recalled the entire list of publications that come to my mailbox, it occurred to me where I might find the article.
I don’t know how prevalent it is but I’m sure it’s enough to suggest that it’s a good idea to take some actions. I have perfect credit score, as perfect as it gets I guess but I did a security freeze on it just in case. Especially once I was told that hackers got SSN’s…etc from a breach with Anthem insurance. At least they won’t be able to get a loan on my name or anything like that.
My checks and CC’s have fraud protections but so far so good.
There is a more recent story of some mexican woman who dug into someone else so deep that even the courts had no real way to figure out who is really who. Dunno the details but saw it on the TV news a few months back.
I was a victim of the Anthem hack attack. I immediately froze my credit. Problem is, the hack occurred PRIOR to the announcement. The first of the fraud loans I turned up was taken out in June 2014, in other words, MONTHS before the announcement and an actual year ago at this point. The attacked companies NEVER tell you exactly when the breach occurred.
Don’t assume that because you froze your credit when the announcement was made you weren’t already a victim.
Identity theft raises the question: How is “you” even defined? How do you define you? If alleged identify thief is that dug in, does that person become legally “you” by definition (at least until you can re-define yourself as you)?
Does the essential legal being of “you-ness” lie in your flesh-and-blood corpus, or does legal “you-ness” reside in the documents that one holds (or that the County Recorder holds)?
You are you. If I steal your identity and get official documents saying that I am you, then I am still not you.
I might be able to fool some people for some time into making them think I am you, but you will win in the end.
If we go to court and I say that I am Senegoid, and you say that you are Senegoid, you will win. How many witnesses could you bring to testify that you are you?
I can’t even imagine a scenario where I could win that case, no matter how devious of a thief I am. I can’t persuade your mother to testify that I am you, or your former Little League coach, or the employer you work for. I suppose that a crazy hypothetical could be constructed where there might be a question, but I can’t think of it.
As I mentioned, there was a big long thread last year(?) on how to establish your identity in the post 9/11 era, especially if you have no existing official documentation. (I.e. granny was born at home in the back woods of Kentucky 80 years ago and now wants a passport).
The general consensus was absent any documentation, you needed to get affindavits from established people that you are who you say you are, take those to court for some sort of declaration, and then use those to bootstrap your way to better ID. Generally, that involves affidavits from local clergy (themselves properly ID’ed) “yes, I’ve known this person as Granny Ethel Smith for 20 years”. Plus, presumably, a logical explanation how you came to be in your predicament.
It’s a rare person under 50 that can’t produce some sort of ID information, back history, and collection of acquaintances. Most have school history, medical records, draft cards, armed services, drivers licenses, etc. Never been arrested? If yes, you’d be fingerprinted. Pictures have been a common feature of drivers licenses for quite a while. School yearbooks? You leave a massive trail if anyone cares to track it down.