|
|
|
|
| The Basics | How thieves steal their own identities
|
(Page 2) of 2
 Previous
"I know I'm a 40-ish man with a valid Social Security number, so if I change one digit I can create another number that could have been issued 40 years ago," Cook said. Using this method, "you could create a hundred new identities in an hour."
The thieves may begin building these synthetic identities using "low threshold" accounts, like prepaid cellular phones, that don't require much authentication, said Edentify CEO Terrence DeFranco. Eventually, they start applying for credit. They may pay their bills on time for several months or more to build up a good credit rating that they can later exploit.
You end up paying for it
So why should you care about all this? While it's true these thieves may not directly target your good name, you could still pay the price:- Somebody has to pay for these losses, and it might be you. The affected companies might raise prices (hurting consumers), lay off workers (hurting employees and the local economy), or suffer from lower profits (hurting shareholders).
- The fabricated identities might be close enough to yours to wind up being mistaken for you.
To understand how this works, you have to know a little bit about how the huge databases that contain so much information about our identities are managed.
The databases try to ensure that all the various bits of information about you -- your name, Social Security number, address, credit-account information, whatever -- wind up in the right file. To do that, the software programs that aggregate this data must have some built-in wiggle room to account for things like miskeyed numbers and name variations.
A database that's tracking my information, for example, would benefit from being able to figure out that Elizabeth Pulliam, Liz Weston and Liz Pulliam Weston are all the same person. If a clerk mistyped my Social Security number or address while entering data from a credit application, the database might be able to recognize that and include the information with my file anyway.
But that ability to accommodate variations could wind up hurting me if a thief creates, say, a Beth Weston with a Social Security number only a digit or two different from mine. (The thief might have created this doppelganger deliberately, or -- in the case of more common names -- the resemblance could be a coincidence.) If "Beth" maxes out her $10,000 credit line, pays with a phony check and then maxes it out again before disappearing, that $20,000 default could show up in my credit file.
A profitable but illegal business
You also should know that the reason these frauds are so prolific is because the rewards can be high -- hundreds of thousands or even millions of dollars in ill-gotten gains -- while the risks are extremely low.
These thieves are rarely caught, let alone prosecuted, said Ted Crooks, a fraud expert with Fair Isaac, which created the FICO credit-scoring formula as well as software to detect fraud. Financial institutions and other businesses are often reluctant to admit when they've been defrauded.
Lenders that manage to detect the occasional thief in the act may threaten prosecution, Crooks said, but typically as a way to force restitution. Once the thief gives the money back, Crooks said, he's often free to pursue other corporate victims.
Lee Dagostini of Waukesha County, Wis., was one of the rare exceptions, and he might never have been caught if police hadn't literally stumbled onto his identity-creation business while pursuing a burglar.
Cops investigating a report of a break-in at the office building where Dagostini rented a suite found numerous credit cards with different names on Dagostini's desk, according to the Milwaukee Journal Sentinel, along with bank statements and mail drop addresses in a nearby file cabinet.
Prosecutors said that for at least nine years, Dagostini was in the business of creating phony identities. He constructed at least 31 fictitious people to obtain more than 250 credit cards, defrauding issuers of more than $1.2 million. Even after his arrest, they say, Dagostini kept going by arranging to cash a $20,000 convenience check from one of the fraudulent accounts and depositing it in a bank account opened for his mother-in-law.
Dagostini pleaded guilty in 2005 to credit card fraud, mail fraud, money laundering and conspiracy to commit money laundering and was sentenced to 155 months in prison.
We might see more fraud prosecutions if businesses were forced to publicize their losses, as they're now forced by several states to publicize security breaches. We also can try to contain any personal fallout from this kind of fraud by pulling our own credit reports once or twice a year and disputing any errors or bogus accounts.
But we're unlikely to put an end to this profitable, if illegal, business. Criminals are just too good at exploiting weaknesses in the system, DeFranco said; plug one hole, and they'll keep hammering away until they find another.
"They're smart," DeFranco said, "and they're motivated."
Liz Pulliam Weston's column appears every Monday and Thursday, exclusively on MSN Money. She also answers reader questions in the Your Money message board.
|
|
|
|
