Identity theft: A ‘catch phrase for the new millennium’

March 12, 2007

Contrary to popular opinion and despite well-publicized security breaches at governmental entities and major corporations, the primary methods of confiscating the information necessary to commit identity theft turn out to be old-fashioned, low tech practices, like dumpster diving, mail fraud and plain old theft.

The “catch phrase for the new millennium is identity theft,” said Sandy Sullivan, senior vice president for Frost Bank’s fraud management group in San Antonio, Texas. “Everybody thinks identity theft just started a couple of years ago. In fact it’s probably the second oldest fraud that’s out there.”

Sullivan was speaking as part of a panel of experts that convened at the Dallas Insurance Day late last fall to discuss identity theft issues. Moderated by Dr. Brenda Wells, Professor of Insurance at the University of North Texas, the panel included Sullivan; Detective Michael Dana, forgery squad investigator for the Dallas Police Department; Nancy Callahan, identity theft product manager for AIG, New York City; and Brett Morgan, senior vice president of SWBC Insurance Services, San Antonio. According to panel members, dumpster diving for information purposes is an actual occupation for some and stealing mail out of mailboxes is a big industry. And, they said, don’t count out family members and co-workers when it comes to perpetrators of identity fraud.

“In San Antonio we have a huge, huge community of meth addicts and the number one fraud that they commit is stealing mail out of the mailbox,” Sullivan said. They use the information obtained from people’s mail “to commit identity theft in order to feed their habit. … It is a big industry.”

She said there’s a similar situation with dumpster divers. “There is actually a community of people — dumpster divers — whose job it is to go into dumpsters behind businesses in order to steal their mail and other information. About three years in San Antonio, a news reporter jumped in a dumpster behind a rental car place and he pulled out over 2,000 documents that contained information on people who had rented cars from the rental car agency. … It had information that could be used in identity theft.”

Sullivan said such incidents underscore the need for people to “rethink how you do things at home, rethink how you do things in the office. There are a lot of little things you can do. If you are in an office, don’t leave your mail out on your desk, every person coming into your office can see that mail. The other thing is to shred, shred, shred.”

She said identity theft is also a crime of convenience. Sullivan related a story about a woman who contacted her, worried that she might have had her identity stolen. The woman “lived in San Antonio but actually drove from San Antonio to Houston every week to start up a new business in the Houston area,” Sullivan said. “She had rented a car to drive to Houston, and apparently dropped her driver’s license in between the front seats of the automobile and didn’t realize it. But it turned out that the gentleman who rented the car right after her was a drug dealer. When he got into the automobile to drive his product to Houston he found the driver’s license.”

He ended up giving the license to his wife, who used it to open up new accounts. “She proceeded to run up some very large bills. About six months went by … and the police found these individuals,” Sullivan said. The case ended up on the evening television news, which showed the police backing up “two huge moving vans to the house and unloading the products [the crooks] purchased using this driver’s license.

“The point of my story is that even though everybody in the audience thinks identity theft occurs because of high tech reasons, probably about 89 percent of our identity theft occurs because of low tech reasons,” Sullivan said.

When someone steals your credit card and makes purchases, or steals your checks and uses them, that is not considered identity theft, said Detective Dana of the Dallas Police Department. His department considers that forgery. Identity theft occurs when someone generates “a new account using your information, whether it’s car loans or credit cards. It’s using someone else’s identity to go buy $40,000-$50,000 cars, to open up a brand new checking or savings account,” or get a home mortgage.

“For me a lot of this boils down to fast credit. We have a whole lot of people that want credit and they want it fast,” Dana said. He added that the ease of getting credit exacerbates the problem.

Sullivan agreed. “Pre-approved credit card offers are absolutely lethal,” she said. “If you just throw those away in the trash … and a criminal goes through the trash and finds one all he has to do is change the address on that application and send it back to the credit card company. They will assume you’ve moved, they’ll change your address and send the credit card with [your] name on it to the individual who sent that application in.” The address will often be a drop box or a vacant house. That individual gets the card and goes on a spending spree using your credit, she said, and the victim may not know about it for at least 15 to 18 days.

“Much of the time it is perpetrated by family members,” AIG’s Callahan noted.

Young adults and children are often vulnerable because they have no credit history. Dana, who said he’s seen parents use their children’s identities, says lack of verification is an issue. “Why does a six year-old kid have a credit problem? Why does an 85 year-old man have a credit problem? … Nobody’s verifying.”

A business liability

Callahan said the issue of identity theft “pretty much started out as a consumer issue.” Then regulators and legislators got involved and “the main response so far has been a series of state laws that are collectively called the breach notification laws. There are about 30 states now that require companies that have information that can be used in identity theft — drivers license numbers, bank account numbers, Social Security numbers — if that information has been compromised they have to tell the individuals about the information breach. So it’s created a burden on our industry,” she said, especially for those involved in personal lines.

It has become a business liability issue, Callahan said. As such, products on the commercial side “fall more into traditional liability, property/casualty insurance product. To a certain extent it’s been out there for a number of years but it’s expanded.” The policies help businesses manage their exposures to identity theft and privacy liability, and to a certain extent information security. She said estimates of the cost of remedial services for an information breach are around $180 per customer record. The average total cost to correct the problem for businesses with 35,000 – 250,000 customers is around $4.8 million.

On the personal lines side identity theft insurance has been on the market for four or five years, Callahan said. They usually have a strong emphasis on the “service component because if you do attack the problem and you are persistent in insisting that it’s not your debt, you are not responsible for it.”

SWBC’s Morgan said the thing agents need to question “from an E&O standpoint [is] if you’re not providing identity theft and it’s available in the market, why not? And has your agency decided where it belongs and where is should be sold? I’d hate to see you in a situation where you had a client and had an opportunity to buy identity theft from AIG or Travelers on the homeowners policy and we as an agency system didn’t provide him with that opportunity.”

He said new products are coming out daily, some are in the benefits line, some attached to homeowners products and some are on a property/casualty platform. “There’s sort of a question about who should be selling this,” Morgan said. “Questions about — whether it should go on a benefits platform or whether it should go on a property and casualty platform? Because of the type of losses that we deal with, probably the property/casualty industry has a better way of dealing with the products.” He added that coverage for an individual as an add-on to the homeowners policy costs around $25 – $50 per year for limits that range from $15,000 to $25,000.

Prevention is the key

A report recently released by Javelin Strategy & Research indicates there was a reduction in the U.S. last year in the use of people’s private information to open fraudulent new accounts. According to the 2007 Identity Fraud Survey Report identity theft in 2006 was a $49.3 billion fraud, down an estimated 12 percent from 2005’s $55.7 billion.

But at nearly $50 billion, identity fraud is still a big business, and one that’s perpetrated more through traditional physical channels, such as in-person transactions and by the direct theft of personal data by individuals, rather than online, according to the report. And young people and those earning more than $150,000 are the most at risk.

If you’re a victim of identity theft and credit has been accessed in your name, “you may not be responsible for those charges but you have a big headache,” Dana said, so prevention is key. Beyond guarding their personal information, Dana said the number one thing he tells people when he does a presentation is to pull their credit report on a regular basis. “If you’re having a problem with someone opening a new account you’re going to know it.” He said individuals can order a credit report every for months for free from one of the three credit agencies (see side bar).

A fraud alert can be placed on one’s credit file if there has been a problem with compromised information. The file is still open and vendors with access can still see the consumer’s credit history and credit score. But, he said, the alert will signal to them to follow certain procedures before opening new accounts or making changes to existing accounts.

People who have been victims of identity theft can have their credit file shut down completely with a security freeze, Dana said. With a security freeze, no one can access your credit account unless you actively let them. You get a pin number and a password for when you want to open it up. So if you want to make a purchase by using credit, you have to set a window of time that your account can be viewed by the potential creditors.

Another resource, Sullivan said, is the Federal Trade Commission Web site, ftc.gov. She said they have “wonderful packet of information,” which her bank prints out and gives to their customers. “It tells you what to do so you are not a victim of identity theft and it tells you what to do if you are a victim. And it includes a 1-888 number to call to stop getting pre-approved credit card offers in the mail.”

Topics Auto Fraud Property Casualty

Was this article valuable?

Here are more articles you may enjoy.

From This Issue

Insurance Journal

Insurance Journal Magazine