The news that a Brooklyn, New York busboy allegedly stole the identities of nearly 200 of America’s most rich and famous people, bilking them for millions of dollars with information gleaned via free Internet access at local libraries, is a signal that the personal data stored on the Internet remains a breeding ground for credit card crime — despite all assurances to the contrary.
Driven by the ease with which personal information can be obtained on the Internet, identity theft — and the resulting credit card fraud — is a growing problem for e-businesses and individuals alike.
As widely reported, 32-year-old Brooklyn man named Abaham Abdallah is being charged with criminal impersonation of Oprah Winfrey, Steven Spielberg and other wealthy people through the use of personal data collected online.
However, the rich and famous are not the only targets of Internet-based identity theft. The U.S. Federal Trade Commission (FTC) has said that identity theft cases tripled in 2000 over 1999 levels, in part due to the Internet.
Jeffrey Klurfeld, director of the FTC’s western regional office, told a U.S. Senate committee in October that the Web is a double-edged sword in the identity theft battle.
According to Klurfeld, the Internet helps educate consumers and increases the reporting of identity theft, but also aids criminals in applying for credit cards and making purchases without phoning or visiting a store or bank.
As a result, many industry observers believe that widespread consumer concern about identity theft is threatening the development of e-commerce.
The U.S. government has reported that identity theft was the single biggest consumer complaint filed on its anti-fraud Web site last year. Of the 80,000 complaints filed, 23 percent involved stolen Social Security numbers or credit card accounts.
The Internet is a virtual treasure trove of personal information for identity thieves who know how to mine its nooks and crannies.
Although some criminals, intent on stealing identifying information, hack into the databases of online merchants, others spend their days searching through publicly available information, piecing together enough data to steal a person’s identity.
Finding a person’s Social Security number can be as easy as visiting a Web site and placing an order. As an example, for US$25, visitors to Fast Break Bail can purchase anyone’s Social Security number, provided they know the person’s name and address.
Calling Uncle Sam
Even the U.S. itself has been guilty of aiding and abetting identity thieves. In May, a New Jersey man was convicted of identity theft after he used Social Security numbers obtained through the online version of the Congressional Record to procure credit cards in the names of military officers.
Determined identity thieves can also turn to the Edgar database, maintained by the U.S. Securities and Exchange Commission (SEC). A few minutes searching the database can produce the Social Security numbers of numerous U.S. business leaders.
The Net not only provides thieves access to personal information, it also gives them the perfect opportunity to shop without revealing their true identities.
Web shopping transactions are completed without encountering a store security camera, and Internet shoppers are not required to sign charge slips or even have physical possession of a credit card bearing their picture. Just the number and some other data are required.
Although most e-tailers verify that the address given by a Web shopper matches the billing address listed for a credit card, or request that passwords, birthdates or mother’s maiden names be entered before the transaction will be processed, those measures offer little protection to identity theft victims.
Many identity thieves set up fake credit accounts themselves, showing that they already have access to the personal data required to use the account. Identity thieves can also collect the personal verification data required to use the account via other online sources where that credit-related information is stored.
Where the Buck Stops
The Identity Theft and Assumption Deterrence Act, which was passed by the U.S. Congress in 1998, makes identity theft a felony. However, privacy rights advocates believe the problem will not be solved until credit card companies take action to make it more difficult for identity thieves to obtain credit cards in their victims’ names.
“I believe that in order to make a dent in identity theft, the practices of the credit industry must change dramatically,”Privacy Rights Clearinghouse director Beth Givens said in written testimony submitted to the U.S. Senate last year. “Until laws create incentives for the credit industry to change how they do business, the crime of identity theft will continue to climb at epidemic proportions.”