In movies such as Mission Impossible II and Charlie’s Angels, secret agents and spies are able to impersonate each other with the aid of specialized latex masks that allow them to slip on another person’s face as if they were putting on a pair of gloves. But in the real world, impersonating someone is actually easier.
Criminals bent on stealing your identity don’t need well-crafted masks that copy every curve, contour and wrinkle on your face – the best only need your address and phone number. To such thieves, dumpsters are akin to treasure troves and databases are like gold mines.
Identity theft, the unauthorized collection and use of your biographical information, is one of the fastest growing areas of consumer fraud.
Once criminals have an important piece of ID or documentation, such as a social insurance number or a discarded phone bill, they’ll shore up that data by gathering as much information as they can about you. Then they’ll call credit card companies to increase your spending limit, establish lines or credit or maybe go on a shopping spree at a major retailer by acquiring store credit in your hitherto good name.
And to prevent you from catching on, they’ll file a false change of address form with the post office. The bills and debt will rack up, and you will be none the wiser.
While the exact figures on how extensive a crime identity theft is depends on who you talk to and how they define it, there is one fact no one seems to dispute – identity theft is on the rise, dramatically so.
The reason for the increase is unclear, but technology may be at least one factor. While identity theft can be a very low tech crime – such as getting pre-approved credit card applications out of mailboxes or dumpsters – databases collected by companies are also a lucrative source of biographical data.
“You know, if it makes it easier for the banking community (or other business), it makes it easier for the criminal as well,” said Bernie Murphy of the anti-rackets section of the Ontario Provincial Police in Orillia, Ont.
We as a society rely on being able to bank on the phone and get credit quickly. And this requires that a large number of people have legitimate access to personal data, Murphy said. The databases are double-edged swords.
“It’s a battle between marketing and security. Our personal security is put at risk for marketing purposes. But we’re a consumer society, and there are a lot of benefits to the fact that they (businesses) maintain these things. You end up on preferred customer lists, and you end up getting news about promotions, and things like that. We’re all happy to receive these things in the mail and there’s always the potential cost.”
One of the problems is banks and other institutions usually don’t ask very tough questions when they’re verifying someone’s identity.
The last time you called the bank to enquire about your account or ask for increased credit, they probably asked you for your mother’s maiden name, your work telephone number, your home address and your social insurance number – not difficult information to obtain for those bent on victimizing others.
But as with the databases, the easy questions have their advantages for legitimate consumers already plagued by an over-abundance of PINs.
“If you ask tougher questions, a lot of people won’t know the answers,” said Ann Cavoukian, the Toronto-based information and privacy commissioner of Ontario.
But businesses can implement some relatively simple steps that would minimize identity theft, Cavoukian said.
For instance, when consumers call to have their addresses changed, a simple call back to their current phone number could reduce the problem.
There are other steps that IT managers can take as well. Along with gearing up their networks to guard against hacking, managers also need to be vigilant about internal breaches.
It’s pretty easy for organized groups to get somebody into a position where they have access to large databases, Murphy said.
That’s why careful hiring practices and audit trails are of paramount importance, according to Sonja Schindeler, vice-president of product development at TransUnion of Canada in Scarborough, one of Canada’s two major credit bureaus.
Even if companies rigorously screen whom they hire, an employee’s circumstances can change. By tracking who has access to what on which date, companies are given a starting point if they discover their systems have been compromised, Schindeler said.
The cost of not properly protecting information can be high, as Joe, a victim of identity theft who did not want his real name used, well knows.
Joe and his wife were waiting for joint credit cards to show up in the mail. They never arrived. Instead he got a call from his bank asking him if he had activated the card.
That’s when Joe learned that his identity had been stolen. And a check on his credit history revealed some startling findings.
“Under my name, holy mack, there was a pile of debt that I didn’t have anything to do with.”
The list of companies at which the perpetrator or perpatrators went shopping on credit obtained in Joe’s name is like a who’s who of major retailers in Canada.
Trying to put the record straight hasn’t been an easy task. And even though Joe’s file is now flagged, and the thief or thieves have moved on, Joe still feels the consequences.
“When the phone rings, I get nerves in my stomach,” he said.
To avoid Joe’s situation, consumers need to be more vigilant. They should routinely review their credit card statements and do a credit bureau check-up once a year, Cavoukian said. And consumers should be especially careful of the demographic information they hand out over the Internet, she said.
Both consumers and companies should shred documentation containing personal information before throwing it away.
But no matter what consumers and businesses do to protect themselves, such crimes will continue, Murphy said.
“The guys that carry out these types of crime, we often compare them to water on a roof. They say that water will always find a hole on your roof. And it’s the same thing with these guys, they will always find a hole in the system.”