Identity Theft Check

Biometric identifiers are any unique elements of your Person-Identifying Information (PII) that can positively identify you above another person – so, for existence, your iris and fingerprint patterns are good examples of biometric identifiers.

The proposed British ID cards will have certain biometric identifiers coded into them, or, at the very least, certain biometric identifiers may be kept on a central database which can be accessed through use of the ID cards.

This means that the identity upon the cards will be linked even more closely with the individual it belongs to, making it harder for others to use. Indeed, because biometric data is even more personal to individuals and unique they can, generally speaking, be used to identify an individual even more accurately than other already existent forms of official authentication, such as passwords and PIN numbers that can be stolen, hacked or even guessed in some cases.

Biometric data is already being used in the British ‘E-Passports’, introduced in the UK back in 2006. In fact in the face of our globalising world where travel and the transmission and accessibility of information has and is becoming ever more easy, there has been a concerted effort across much of the rest of the world to further fortify state borders and personal and public databases against the possibility of intrusion by criminals and those who have no right to access them. In fact, at the time of writing, 21 of the 25 EU Members States have already brought in their own ID cards programmes, so the UK is far from being alone in this venture.

Because of the nature of the information stored on and through them, each ID card will exceptionally hard to fake, combining as they will the cardholder’s biometric identifiers (like iris scans and fingerprints) along with other checked and authenticated PII details (such as family names and home addresses), sometimes referred to as our ‘biographical footprint’.

Although most of the PII attached to the ID card programme will be stored on the as yet still nascent National Identity Register, some basic information will also be stored on the card itself,\probably in a chip as with bank and credit cards.

The British Government’s decision to bring in a National Identity Scheme, involving the creation and distribution of ID cards to the population, was announced formally on the 17^{th of May, 2005, in the Queens Speech. The Identity Cards Act subsequently received royal assent the on the 30th of March, 2006, becoming law.}

The Government commenced the introduction of biometric residence permits for foreign nationals this year (2008), and they have said that they anticipate that they will issue the first British ID cards to citizens in 2009.

The Government has said that its reasons for pushing through the legislation and issue of ID cards are predicated upon the national interest.

They suggest that ID cards will:

- make it easier to make use of public services and ensure that only those eligible for them can access them

- help prevent identity fraud by ensuring that people are who they say they are (at banks, shops and to any civil authorities etc)

- help tackle immigration abuse, ‘people smuggling’, and illegal working in the UK

- disrupt the wider implications and uses associated with identity crime including terrorist activities

Over the next few articles we will take an in depth look at what the Government has said concerning British ID cards and the state system that will surround them. We will also look at some of the controversies surrounding ID cards and will try to ascertain just how useful they will be to the public at large.

In December 2005 representatives from a range of government departments and all the police forces in England and Wales were brought together into a network of Single Points of Contact (SPOC) for detecting and prosecuting identity related crimes in the UK.

Each of these individual ‘SPOCs’ act a focal points within the organisations they work within for issues dealing with identity fraud. So, as an example, at any point a police force could contact a SPOC at the Immigration Office or even the Security Service (MI5) to request information regarding an issue relating to a specific instance of ID.

The role of ‘SPOCs’ is also to monitor particular cases of ID crime from start to finish and to volunteer any information to other agencies that they may think relevant to any particular investigation, even if they have not been asked for that information.

Indeed the Home Office, the Identity and Passport Service and the DVLA have worked with APACS, FLA and CIFAS to produce ‘Identity Fraud - The UK Manual’, which is designed to improve the awareness and training of people within financial institutions in order to combat ID fraud at the ‘cutting edge’ (so the checking and verifying potential customers’ PII)

All of the above, when put together, means that steps have been taken to link up thinking and better co-ordinate authorities on the matter of ID crime as well create joined up, and therefore more effective, counter measures to combat it.

In order to prevent ID fraud across borders – a kind of ID fraud that is often associated with some of the worst crimes we have laws against, such as abduction, people smuggling and forced prostitution, the drugs trade and terrorism to name but a few – the UK’s Identity and Passport Service (IPS) has created and deployed a special database of all known lost and stolen passports, which is open to use by Interpol and other cross-border authorities in order to combat these sorts of crimes.

A passport validation service has become available to the public at large that allows employers, banks and other private and public institutions that are given passports as ID to check the passport they are given against a database of known stolen and lost passports. This can cut down on fake bank accounts (as one example) and is a great tool in the battle against this sort of fraud.

Likewise, all adults who wish to get a passport for the first time must now submit to an interview, cutting down on the possibility of misrepresentation to gain a passport. This will help prevent people from pretending to be someone else while applying for passports, because whereas fake-passports are detectable, a genuine passport for an identity that does not really exist or with a name and other PII for someone else is harder to detect during the immigration procedures and customs.

On June the 7th 2006 the British Government’s Identity Cards Act came into force. This Act essentially detailed various crimes pertaining to possessing and/or creating and/or intending to use documents for false identities for criminal purposes and of using someone else’s identity, or rather the genuine documentation pertaining to their identity (like their passports for instance) for the same purposes.

These offences detailed in the Act apply to all documents that can be used as Person-Identifying Information (PII) – so passports, immigration documents, birth certificates, national insurance cards, driving licenses and indeed the identity cards that will eventually be issued under the National Identity Scheme.

The Fraud Act was also passed in 2006, coming into force on January 15th of that year, stipulating three ‘new’ ways in which fraud can be enacted:

- false representation, which includes dishonestly causing loss or the risk of loss to another with intent of gaining yourself
- failing to disclose information
- abuse of position
- obtaining services dishonestly
- possessing equipment to commit frauds
- supplying articles for use in frauds

Alongside the Criminal Justice Act of 2003 that altered law so that the same penalties for stealing and fraudulently using a driving license are comparable for doing the same with another person’s passport (making them both offences criminal offences that one can be arrested and imprisoned for), these are responses to the increased ease and likelihood of fraud crimes due to the IT based social systems we have in place, that make access to our PII all the more easy.

Over the next few articles we’ll be taking an in depth look at identity cards, their introduction to the UK, the reasons for their introduction and the controversies surrounding them.

The Government’s decision to start a National Identity Scheme, which involves the phasing in of mandatory identity cards for all British citizens, was announced on May 17th 2005 in the Queen’s Speech. The actual Identity Cards Act 2006 received Royal Assent a little under a year later on March 30th 2006.

The intention of the National Identity Scheme is to provide British residents, including foreign nationals, with a means to provide proof of their identity when necessary in a quicker, simpler and more secure manner, and also to make it much harder for criminals to create false identities or utilise someone else’s PII for criminal ends.

ID cards of different sorts are used in most other countries in the global north-west and have been for many years. The British system is intended to be even more hi-tech than these existing ID card systems in other countries, including such hard to fake details as a photo, holograms, a PIN and certain biometric information (such as fingerprints) which will be stored electronically in the card. The intention is that even if the card is stolen, all these details together will make it very hard for the thief to use the card without falling foul of the security measures implicit within it.

The Government regards the introduction of ID cards as a vital step in combating the growing number and manner identity crimes of the 21st Century. Although the exact details of what the British ID cards will consist of has not been decided upon yet, it is more than likely that they will be plastic and roughly the same size as a credit card, bearing the holder’s photograph and with a computer chip (like chip-based credit and debit cards) that will hold the bearer’s personal information.

Although there are some cases of illicit PII acquisition that we cannot protect ourselves from because the potential for doing so is even not in our hands (as with government databases and the like), the majority of identity crimes come about through the acquisition of information we can control the dissemination of to a greater or lesser extent.

Letters, bank statements and other personal details in our rubbish bins are not safe. Make sure that if you put any old bank statements or indeed anything at all that gives away account numbers, security numbers or banking or insurance details of any kind have been thoroughly sanitised before disposal.

This means shredding or completely ripping up the documents in question; blacking out with ink sensitive material or using white-out for the same purpose; or else burning the documents – although this is the least environmentally friendly option.

There have been some reported cases where criminals have used information they have found in rubbish bins and dmupsters to divert statements and billing information to another address to either harvest current legitimate account details or else to delay the discovery of fraudulent accounts those criminals then set up.

Credit, debit, national insurance and medical cards can be stolen from our pockets or handbags while we are out on the street or while sitting in a restaurant/café or theatre of some kind.

Always take sensible precautions with your cash-cards, purses and wallets while out on the street, especially in cities or when walking through dense crowds of people – the favoured hunting grounds of pickpockets.

Having our credit or debit cards swiped through a compromised card reader can reveal our card details and may allow criminals to deduct more money from our account for themselves.

If you are in any sort of establishment where you have reason to be concerned, always ask for your card to be swiped in front of you. Most establishments now have portable chip-readers that require you to enter a PIN, so this shouldn’t be a problem.

Be aware that PIN numbers can also be stolen by people looking over our shoulders and cash-points and other personal information (like security questions and answers) can be gleaned by people eavesdropping in on our public transactions at banks.

Unless we take some basic precautions, it is relatively easy for others to find personal information about us that may then be used for identity crimes. In fact these details need not be stolen from us per se, and it is actually quite hard to keep personal information from someone who is determined to find them and has a modicum of know-how. The question is whether we can prevent ‘vital’ personal information from falling into the wrong hands.

For most identity crimes the criminal will need more than just your full name, email address or car number-plate. Other, less publically available documents and information will be needed in order to commence some sort of scam.

The sorts of information theft that we can’t really protect ourselves from as individuals include compromised internet search engines, or even worse, government registers and public records services or indeed any organizations that store our personal information for a legitimate reason.

It takes highly skilled and focussed criminals to access these resources and their defence is down to the companies and government bodies that administer them. There is nothing we can do as individuals to improve their protection.

Next time we’ll look at some specific areas where we CAN improve the protection of our personal information and what risks we face in our day to day lives.

PII is the information that identifies someone as an existent and ‘legal’ person, or which gives direct access to a private individual’s or company’s person or resources, and as such is the primary means to an end for identity criminals.

PII includes any piece of personal information that can lead to breaches of personal, financial and legal security. In other words, a PPII is any piece of information that can be used to identify, locate, contact and/or utilise some of the personal/private resources/possessions of a particular person, whether that person wishes you to or not.

Thanks largely to the information-technology boom of the 20th and 21st Centuries, and most specifically the development of the internet, it has become much easier for us to find out PII of other people. Indeed almost all of us have experienced at least one small element of this free dissemintaion and accessibility of personal information in the form of junk mail through our front doors and in our email inboxes. If we didn’t specifically ask for these correspondences and give our details so we could receive them, how and why did they come to us?

Simply put, there is a massive international market for PII and all kinds of individuals, legitimate companies, illicit organisations and even governments trade or otherwise disseminate our information on a regular basis – granted often for legitimate reasons that won’t effect us detrimentally, but also sometimes not.

Although there is no exhaustive and widely recognised and legal definition of what PII consists of, examples of personal information that can be put to illegal use in the wrong hands can include:

Your full name if it is uncommon
National Insurance / Identification Number
Bank / Building Society / Savings Account Numbers
Credit / Debit card numbers
Insurance policies and numbers
Home address and postal details
Driving license details
Vehicle registration plate number
Telephone numbers
E-mail addresses and passwords
Home or office computer IP address
Fingerprints
Personal signature
Private medical records

Of course this is not an exhaustive list by any measure, but all of the above can and indeed have been used for various sorts of identity crimes in the past. In the next article we will look out how these details can be acquired by criminals.