Identity theft: A “catch phrase for the new millennium”

Contrary to popular opinion and despite well-publicized security breaches at governmental entities and major corporations, the primary methods of confiscating information necessary to commit identity theft are old-fashioned, low-tech practices, like “Dumpster diving,” mail fraud and plain old theft.

The “catch phrase for the new millennium is identity theft,” said Sandy Sullivan, senior vice president for Frost Bank’s fraud management group in San Antonio, Texas. “Everybody thinks identity theft just started a couple of years ago. In fact it’s probably the second oldest fraud that’s out there.”

Sullivan was part of a panel of experts that convened at the Dallas Insurance Day late last fall to discuss identity theft issues. Moderated by Dr. Brenda Wells, professor of insurance at the University of North Texas, the panel included Sullivan; Detective Michael Dana, forgery squad investigator for the Dallas Police Department; Nancy Callahan, identity theft product manager for AIG, New York; and Brett Morgan, senior vice president of SWBC Insurance Services, San Antonio.

The panelists said diving for information in trash bins is an occupation for some, and stealing mail out of mailboxes is a big industry. Family members and co-workers sometimes are perpetrators of identity fraud.

“In San Antonio, we have a huge, huge community of meth addicts and the No. 1 fraud that they commit is stealing mail out of the mailbox,” Sullivan said. They use the information obtained from people’s mail “to commit identity theft to feed their habit. … It is a big industry.”

Sullivan added, there is “a community of people — Dumpster Divers — whose job it is to go into Dumpsters behind businesses to steal their mail and other information. About three years in San Antonio, a reporter jumped in a Dumpster behind a rental car agency and pulled out more than 2,000 documents that contained information on people who had rented cars. … that could be used in identity theft.”

Sullivan said such incidents underscore the need for people to “rethink how you do things at home, rethink how you do things in the office. There are a lot of little things you can do. If you are in an office, don’t leave your mail out on your desk, every person coming into your office can see that mail. The other thing is to shred, shred, shred.”

She said identity theft is also a crime of convenience. Sullivan related a story about a woman who contacted her, worried that her identity had been stolen. The woman “lived in San Antonio but actually drove from San Antonio to Houston every week to start up a new business in the Houston area,” Sullivan said. “She had rented a car to drive to Houston, and dropped her driver’s license between the front seats of the automobile and didn’t realize it. The gentleman who rented the car right after her was a drug dealer. When he got into the automobile to drive his product to Houston, he found the driver’s license.”

He ended up giving the license to his wife, who used it to open up new accounts. “She proceeded to run up some very large bills. About six months went by … and the police found these individuals,” Sullivan said. The case ended up on the evening television news, which showed the police backing up “two huge moving vans to the house and unloading the products [the crooks] purchased using this driver’s license.

“The point of my story is that even though everybody in the audience thinks identity theft occurs because of high tech reasons, probably about 89 percent occurs because of low tech reasons,” Sullivan said.

When someone steals your credit card and makes purchases, or steals your checks and uses them, that is not considered identity theft, it’s forgery, said Detective Dana of the Dallas Police Department. Identity theft occurs when someone generates “a new account using your information, whether it’s car loans or credit cards. It’s using someone else’s identity to buy $40,000 to $50,000 cars, to open up a brand new checking or savings account,” or get a home mortgage.

“For me, a lot of this boils down to fast credit. We have a whole lot of people that want credit and they want it fast,” Dana said. He said the ease of getting credit exacerbates the problem.

“Pre-approved credit card offers are absolutely lethal,” Sullivan agreed. “If you just throw those away in the trash … and a criminal goes through the trash and finds one, all he has to do is change the address on that application and send it back to the credit card company. The [company] will assume you’ve moved, change your address and send the credit card with [your] name on it to the individual who sent that application in.” The address will often be a drop box or a vacant house. That individual gets the card and goes on a spending spree, and the victim may not know about it for at least 15 to 18 days.

“Much of the time it is perpetrated by family members,” AIG’s Callahan noted.

Young adults and children are often vulnerable because they have no credit history. Dana, who said he’s seen parents use their children’s identities, said lack of verification is an issue. “Why does a six year-old kid have a credit problem? Why does an 85 year-old man have a credit problem? … Nobody’s verifying.”

A business liability
Callahan said identity theft “started out as a consumer issue.” Then, regulators and legislators got involved and “the main response so far has been a series of state laws that are collectively called the breach notification laws. About 30 states require companies that have information that can be used in identity theft — driver’s license numbers, bank account numbers, Social Security numbers — to tell the individuals if that information has been compromised. It’s created a burden on our industry,” she said, especially in personal lines.

It has become a business liability issue, Callahan said. As such, products on the commercial side “fall more into traditional liability, property/casualty insurance product. To a certain extent, it’s been out there for a number of years, but it’s expanded.” The policies help businesses manage their exposures to identity theft and privacy liability, and to a certain extent, information security. She said estimates of the cost of remedial services for an information breach are about $180 per customer record. The average total cost to correct the problem for businesses with 35,000 to 250,000 customers is around $4.8 million.

In personal lines, identity theft insurance has been on the market for four or five years, Callahan said. Policies usually have a strong emphasis on the “service component because if you do attack the problem and you are persistent in insisting that it’s not your debt, you are not responsible for it.”

SWBC’s Morgan said the thing agents need to question “from an E&O standpoint [is] if you’re not providing identity theft and it’s available in the market, why not? Has your agency decided where it belongs and where it should be sold? I’d hate to see you in a situation where you had a client and had an opportunity to buy identity theft … on the homeowners policy and as an agency system did not provide him with that opportunity.”

He said new products emerge daily, some in the benefits line, some attached to homeowners products and some on a property/casualty platform. “There’s sort of a question about who should be selling this,” Morgan said, “whether it should go on a benefits platform or whether it should go on a property/casualty platform. Because of the type of losses that we deal with, probably the property/casualty industry has a better way of dealing with the products.” He added that coverage for an individual as an add-on to a homeowners policy costs about $25 per year to $50 per year for $15,000 to $25,000 limits.

Prevention is key
A report released by Javelin Strategy & Research indicates there was a reduction last year in the use of American’s private information to open fraudulent new accounts. According to its “2007 Identity Fraud Survey Report,” identity theft in 2006 amounted to $49.3 billion in fraud, down about 12 percent from 2005’s $55.7 billion.

But at nearly $50 billion, identity fraud is still a big business that is perpetrated more through traditional physical channels, such as in-person transactions and by the direct theft of personal data by individuals, rather than online, according to the report. Young people and those earning more than $150,000 are the most at risk.

If you’re a victim of identity theft and credit has been accessed in your name, “you may not be responsible for those charges but you have a big headache,” Dana said.So, prevention is key. Beyond guarding personal information, he said people should regularly pull their credit report. “If you’re having a problem with someone opening a new account, you’re going to know it” He said individuals can order a credit report for free from one of the three credit agencies (See “Identity theft advice from the Federal Trade Commission” on page 66).

A fraud alert can be placed on a person’s credit file if there has been a problem with compromised information. The file is still open, and vendors with access can still see the consumer’s credit history and credit score. But, he said, the alert will signal the vendor to follow certain procedures before opening new accounts or changing existing accounts.

Victims of identity theft can have their credit file shut down completely with a security freeze, Dana said. With a security freeze, no one can access the credit account unless the owner authorizes it using a pin number and password. If the owner wants to make a purchase using credit, he said there is set a window of time that the account can be viewed by the potential creditors.

Sullivan said the Federal Trade Commission Web site (www.ftc.gov) has a “wonderful packet of information,” which her bank prints out and gives to customers. “It tells you what to do so you are not a victim of identity theft and it tells you what to do if you are a victim. And it includes a 1-888 number to call to stop getting pre-approved credit card offers in the mail.”

Topics Fraud Property Casualty