Identity Theft Check

Although there are some cases of illicit PII acquisition that we cannot protect ourselves from because the potential for doing so is even not in our hands (as with government databases and the like), the majority of identity crimes come about through the acquisition of information we can control the dissemination of to a greater or lesser extent.

Letters, bank statements and other personal details in our rubbish bins are not safe. Make sure that if you put any old bank statements or indeed anything at all that gives away account numbers, security numbers or banking or insurance details of any kind have been thoroughly sanitised before disposal.

This means shredding or completely ripping up the documents in question; blacking out with ink sensitive material or using white-out for the same purpose; or else burning the documents – although this is the least environmentally friendly option.

There have been some reported cases where criminals have used information they have found in rubbish bins and dmupsters to divert statements and billing information to another address to either harvest current legitimate account details or else to delay the discovery of fraudulent accounts those criminals then set up.

Credit, debit, national insurance and medical cards can be stolen from our pockets or handbags while we are out on the street or while sitting in a restaurant/café or theatre of some kind.

Always take sensible precautions with your cash-cards, purses and wallets while out on the street, especially in cities or when walking through dense crowds of people – the favoured hunting grounds of pickpockets.

Having our credit or debit cards swiped through a compromised card reader can reveal our card details and may allow criminals to deduct more money from our account for themselves.

If you are in any sort of establishment where you have reason to be concerned, always ask for your card to be swiped in front of you. Most establishments now have portable chip-readers that require you to enter a PIN, so this shouldn’t be a problem.

Be aware that PIN numbers can also be stolen by people looking over our shoulders and cash-points and other personal information (like security questions and answers) can be gleaned by people eavesdropping in on our public transactions at banks.

Unless we take some basic precautions, it is relatively easy for others to find personal information about us that may then be used for identity crimes. In fact these details need not be stolen from us per se, and it is actually quite hard to keep personal information from someone who is determined to find them and has a modicum of know-how. The question is whether we can prevent ‘vital’ personal information from falling into the wrong hands.

For most identity crimes the criminal will need more than just your full name, email address or car number-plate. Other, less publically available documents and information will be needed in order to commence some sort of scam.

The sorts of information theft that we can’t really protect ourselves from as individuals include compromised internet search engines, or even worse, government registers and public records services or indeed any organizations that store our personal information for a legitimate reason.

It takes highly skilled and focussed criminals to access these resources and their defence is down to the companies and government bodies that administer them. There is nothing we can do as individuals to improve their protection.

Next time we’ll look at some specific areas where we CAN improve the protection of our personal information and what risks we face in our day to day lives.

PII is the information that identifies someone as an existent and ‘legal’ person, or which gives direct access to a private individual’s or company’s person or resources, and as such is the primary means to an end for identity criminals.

PII includes any piece of personal information that can lead to breaches of personal, financial and legal security. In other words, a PPII is any piece of information that can be used to identify, locate, contact and/or utilise some of the personal/private resources/possessions of a particular person, whether that person wishes you to or not.

Thanks largely to the information-technology boom of the 20th and 21st Centuries, and most specifically the development of the internet, it has become much easier for us to find out PII of other people. Indeed almost all of us have experienced at least one small element of this free dissemintaion and accessibility of personal information in the form of junk mail through our front doors and in our email inboxes. If we didn’t specifically ask for these correspondences and give our details so we could receive them, how and why did they come to us?

Simply put, there is a massive international market for PII and all kinds of individuals, legitimate companies, illicit organisations and even governments trade or otherwise disseminate our information on a regular basis – granted often for legitimate reasons that won’t effect us detrimentally, but also sometimes not.

Although there is no exhaustive and widely recognised and legal definition of what PII consists of, examples of personal information that can be put to illegal use in the wrong hands can include:

Your full name if it is uncommon
National Insurance / Identification Number
Bank / Building Society / Savings Account Numbers
Credit / Debit card numbers
Insurance policies and numbers
Home address and postal details
Driving license details
Vehicle registration plate number
Telephone numbers
E-mail addresses and passwords
Home or office computer IP address
Fingerprints
Personal signature
Private medical records

Of course this is not an exhaustive list by any measure, but all of the above can and indeed have been used for various sorts of identity crimes in the past. In the next article we will look out how these details can be acquired by criminals.

Identity crimes can be boiled down into three general categories: theft, obfuscation and manipulation.

Although there is considerable crossover to many of the points in these categories, the primary motivations between them are relatively distinct:

Theft:

This is stealing directly from the person whose personal details you have stolen or those that person has some financial agreement with. This can include taking money directly from their bank accounts or using their credit/debit or insurance details to acquire goods and services for yourself.

It can also include stealing from a company by using that company’s details to gain credit or receive services, products or any form of trade.

Obfuscation:

Criminal obfuscation is when a stolen identity is used to hide one’s own identity during a criminal activity. This could include posing as someone else when being questioned or apprehended by legal authorities or using someone else’s contact details as a drop-off point for stolen or illicit goods that will be collected later.

Identity obfuscation is a common tactic for many vice crimes (like blackmail) and also for more organised and/or lethal criminal activities such as illegal immigration and ‘people smuggling’, the international drugs trade, terrorism and even espionage.

Manipulation:

This general heading covers some of the more bizarre and hardest to legislate-against aspects of potential identity crimes, such as using someone else’s personal information to impersonate him or her in daily life, either to defame that person or gain credit for that person’s achievements.

Clearly then, identity crimes are quite diverse and it is rare that one of the above-described general ‘types’ of identity crime will exist without the others – so a theft crime invariably involves criminal obfuscation as well, etc.

Just to be clear from the outset, and to state the obvious, unless someone can take control of your mind or else create an exact clone of you, it is not possible to steal your identity. You remain ‘you’ regardless of what is stolen from you or stolen in your name.

‘Identity theft’ could perhaps more accurately be described as a sort of identity fraud that involves stealing money, items, services or resources, or to execute any other illegal act, by impersonating someone else. The theft can be from the person being impersonated or from a third party in the name of the impersonated person.

This means that the primary victim of identity theft  is the person whose identity has been ‘stolen’, as this person will either lose money from his or her bank account or will face the consequences of crimes done while using their identity. Suffice to say, misappropriating other people’s identities for personal gain is completely illegal in most countries.

The UK Home Office Identity Theft Steering Committee uses ‘Identity Crime’ as the catch-all term for Identity Theft, creating a False Identity or committing Identity Fraud.

The committee has forwarded the following definitions of the different sorts of identity crimes:

False Identity is either a fictitious (i.e. invented) identity, or else an existing (i.e. genuine) identity that has been altered to create a fictitious identity.
 
Identity Theft is when sufficient information about an identity is obtained to facilitate Identity Fraud, irrespective of whether, in the case of an individual, the victim is alive or dead.

Identity Fraud occurs when a False Identity or someone else’s identity details are used to support unlawful activity, or when someone avoids obligation/liability by falsely claiming that he/she was the victim of Identity Fraud.

It is worth noting however that these definitions are not legal binding and nor are they tied to specific criminal offences. They also apply to both individual and corporate Identity Crime.