 | |||||||||||
|
To print article, click Print on your browser's File menu. Go back | |||||||||||
|
|||||||||||
|
Recent articles by Liz Pulliam Weston: • How to retire on a wounded portfolio, 3/2/2006 • Banks hang fraud victims high and dry, 3/2/2006 • Unclaimed billions: How much is yours?, 2/28/2006 More... |
|||||||||||
| The Basics | ||||||||||||||
| How thieves steal their own identities | ||||||||||||||
|
Identity thieves usually start with themselves, slowly altering their own data to bilk lenders. Here's how the crime can still hurt you. By Liz Pulliam Weston Everybody knows identity theft is a big issue, with an estimated 9 million victims in the U.S. last year. What you may not know is that identity manipulation is an even bigger issue, at least for the businesses that wind up paying for fraud. Identity manipulation comes in two basic forms:
In the second example, fraudsters create new identities virtually from scratch -- although they may use aspects of their own identities as a starting point. In some cases, they carefully cultivate these fictitious personas over months or even years, building up their credit ratings and credit limits in anticipation of a big "bustout:" maxing out the credit lines and disappearing with the goods and cash. Fabricated identities are useful to thieves In fact, thieves are far more likely to use fabricated identities to commit fraud than they are to steal other people's true identities, according to ID Analytics, a fraud-prevention company that has created software to detect such "synthetic" identities. The company estimates 88.3% of all identity fraud cases use synthetic identities, which it believes are also responsible for 73.8% of the dollars lost by U.S. businesses. Related news and commentary on MSN Money
In a separate study, another fraud-detection company, Edentify, estimated that 2% of all non-credit account applications, such as those for opening checking and other bank accounts, involved manipulated identities. People trying to escape their pasts might use IRS-issued taxpayer-identification numbers in lieu of Social Security numbers or alter their own numbers by a digit or three to evade detection. They often use mail drops or relatives' addresses instead of their own to put even more distance between their old and new identities.
These folks may justify their actions as a "fresh start," but what they're doing is committing fraud, said Maxine Sweet, spokeswoman for Experian, one of the three largest credit bureaus. (Experian, like the other bureaus, uses fraud software to spot taxpayer ID numbers as well as other suspicious data that can indicate identity manipulation.) Altering Social Security numbers More ambitious fraudsters conduct similar scams on a grander scale. To help establish false identities, thieves can buy lists of valid but often unused Social Security numbers from crooked Internet sites, or they can use what's known as "SSN tumbling," said Mike Cook, ID Analytics co-founder. That means starting with a Social Security number they know is real, then changing one digit at a time for each new persona. "I know I'm a 40-ish man with a valid Social Security number, so if I change one digit I can create another number that could have been issued 40 years ago," Cook said. Using this method, "you could create a hundred new identities in an hour." The thieves may begin building these synthetic identities using "low threshold" accounts, like prepaid cellular phones, that don't require much authentication, said Edentify CEO Terrence DeFranco. Eventually, they start applying for credit. They may pay their bills on time for several months or more to build up a good credit rating that they can later exploit. You end up paying for it So why should you care about all this? While it's true these thieves may not directly target your good name, you could still pay the price:
The databases try to ensure that all the various bits of information about you -- your name, Social Security number, address, credit-account information, whatever -- wind up in the right file. To do that, the software programs that aggregate this data must have some built-in wiggle room to account for things like miskeyed numbers and name variations. A database that's tracking my information, for example, would benefit from being able to figure out that Elizabeth Pulliam, Liz Weston and Liz Pulliam Weston are all the same person. If a clerk mistyped my Social Security number or address while entering data from a credit application, the database might be able to recognize that and include the information with my file anyway. But that ability to accommodate variations could wind up hurting me if a thief creates, say, a Beth Weston with a Social Security number only a digit or two different from mine. (The thief might have created this doppelganger deliberately, or -- in the case of more common names -- the resemblance could be a coincidence.) If "Beth" maxes out her $10,000 credit line, pays with a phony check and then maxes it out again before disappearing, that $20,000 default could show up in my credit file. A profitable but illegal business You also should know that the reason these frauds are so prolific is because the rewards can be high -- hundreds of thousands or even millions of dollars in ill-gotten gains -- while the risks are extremely low. These thieves are rarely caught, let alone prosecuted, said Ted Crooks, a fraud expert with Fair Isaac, which created the FICO credit-scoring formula as well as software to detect fraud. Financial institutions and other businesses are often reluctant to admit when they've been defrauded. Lenders that manage to detect the occasional thief in the act may threaten prosecution, Crooks said, but typically as a way to force restitution. Once the thief gives the money back, Crooks said, he's often free to pursue other corporate victims. Lee Dagostini of Waukesha County, Wis., was one of the rare exceptions, and he might never have been caught if police hadn't literally stumbled onto his identity-creation business while pursuing a burglar. Cops investigating a report of a break-in at the office building where Dagostini rented a suite found numerous credit cards with different names on Dagostini's desk, according to the Milwaukee Journal Sentinel, along with bank statements and mail drop addresses in a nearby file cabinet. Prosecutors said that for at least nine years, Dagostini was in the business of creating phony identities. He constructed at least 31 fictitious people to obtain more than 250 credit cards, defrauding issuers of more than $1.2 million. Even after his arrest, they say, Dagostini kept going by arranging to cash a $20,000 convenience check from one of the fraudulent accounts and depositing it in a bank account opened for his mother-in-law. Dagostini pleaded guilty in 2005 to credit card fraud, mail fraud, money laundering and conspiracy to commit money laundering and was sentenced to 155 months in prison. We might see more fraud prosecutions if businesses were forced to publicize their losses, as they're now forced by several states to publicize security breaches. We also can try to contain any personal fallout from this kind of fraud by pulling our own credit reports once or twice a year and disputing any errors or bogus accounts. But we're unlikely to put an end to this profitable, if illegal, business. Criminals are just too good at exploiting weaknesses in the system, DeFranco said; plug one hole, and they'll keep hammering away until they find another. "They're smart," DeFranco said, "and they're motivated." Liz Pulliam Weston's column appears every Monday and Thursday, exclusively on MSN Money. She also answers reader questions in the Your Money message board. | ||||||||||||||
MSN Money's editorial goal is to provide a forum for personal finance and investment ideas. Our articles, columns, message board posts and other features should not be construed as investment advice, nor does their appearance imply an endorsement by Microsoft of any specific security or trading strategy. An investor's best course of action must be based on individual circumstances.