Identity Theft
What is Third Party Fraud?
This is a fraud committed by people outside an employee employer relationship. They can be committed against individuals, businesses, companies, the government or any other entity. Third party frauds are not as common as occupational frauds, but on average each fraud is for a larger amount.
Some third party frauds are not meant to remain hidden forever. Some only remain hidden long enough for the fraudster to make their get-away. The fraudster may not care if the fraud is eventually discovered as they do not have a continuing relationship with the victim and they cannot be found.
What is identity theft?
Identity theft or identity fraud is the act of assuming someone else's identity for the purpose of incurring debts, making purchases or otherwise benefiting from the use of the other person's identity. Stealing someone's identity allows the fraudster to hold themselves out to be the other person.
This paper can only give a very general overview of the problem. The size of the fraud and the number of different ways of committing the fraud cannot be covered in sucha short paper. This paper is aimed at simply raising awareness of the problem.
How is an identity stolen?
The fraudster only needs to obtain or manufacture sufficient information about a person to convince someone else that they are that other person and an identity is stolen. The fraudster may know the victim and obtain the necessary information through that relationship, or they may not know the victim and will have to obtain information from other sources or steal it from the intended victim.
Personal information can be stolen from the victim, stolen from an organization that holds information on other people, purchased from someone who has stolen the information, and some of it can be obtained from public registers.
From information obtained from or about the victim, and from some manufactured documents like false drivers licenses, the fraudster can obtain other identification documents in the victim's name. Usually the aim is to manufacture or obtain sufficient information to pass security checks at financial institutions.
How is the fraud committed?
Armed with sufficient false identity information the fraudster can apply for credit cards, leases or loans from financial institutions and retail stores in the name of the victim. Once the fraudster opens the first account or gets the first loan, they can then use that information to obtain more loans from other sources. The more documentation that the fraudster can obtain or manufacture, the more convincing the identity will look to other people.
Where is personal information found?
The fraudster may work at a bank, other credit provider or any business that handles personal information about their customers. The victim cannot do anything to limit this exposure as the theft of the information is remote to them. The entity holding the information must maintain adequate controls over their client's personal information to keep it secure from fraudsters both inside and outside their organisation.
The fraudster may obtain discarded personal information that was not properly destroyed from a work place or from the victim's home. A 'dumpster-diver' is someone that goes through people's rubbish looking for personal information and might be able to assume someone's identity without ever having come into contact with them.
Fraudsters can also steal mail from mail boxes. They are looking for mail from banks or other credit providers, especially offerings for pre-approved credit cards, or any other mail that contains personal information.
Computer hackers get information on vast numbers of people by hacking into databases held by businesses. They do not need personal contact with the victim, or physical access to information. They may obtain useful information from any business that keeps personal data about their customers.
Fraudsters may obtain personal information from 'social' internet sites. This information is usually placed on these sites by the victims willingly and without considering that other people may steal this information.
Is someone going through your rubbish a real threat?
Yes, dumpster-diving is a major way that fraudsters obtain personal information. Consider:
(a) how many people throw unwanted correspondence containing personal information in their bins, at best tearing that correspondence into a few pieces - particularly in a work environment?
(b) who collects the garbage from those bins and how it is handled?
(c) how many people throw out credit application forms, including ones that have been pre-approved and pre-completed with their details?
(d) how easy is it for someone to take this out of your bin and fill in their address and their signature for your credit card?
(e) what old personal financial files do you throw out and what information do they contain?
How can you prevent becoming a victim?
Significant amounts of personal data are held by third parties and are under someone else's control or protection. You cannot control who has access to this information and how securely it is kept. You must rely on the integrity of the entity holding this data. If in doubt, do not give personal information to or limit the amount or type of information given to these third parties. Unfortunately, that makes it inconvenient to live in the modern world.
Information in your hands can be controlled. The basic rule is not to throw out anything containing personal information without destroying it or shredding it. You must also control the receipt of information to ensure that personal information is not exposed while in letterboxes. Further, you must consider what information to store or give to internet sites. This seems extreme until you become a victim of identity fraud. Exercise great care in how you receive and destroy sensitive information.
What do you do if you do become a victim?
You may not know that you are a victim until the fraudster has been using your identity for a while and incurred significant debts in your name. You may only find out when the credit providers come looking to you to collect a debt in your name. You now have the problem of proving that the debt is not yours, as well as stopping further exposure.
As soon as you are aware of the fraud, you must immediately contact the credit reporting agencies to place an alert on your credit profile. Keep copies of all documents. You will need them.
You should also contact your usual banks and determine if any of your accounts have been compromised. You may find that the fraudster did not try to access your accounts, but was content to open up new accounts in your name. These would usually be at other financial institutions, so that their mail in your name does not get confused with your real mail. You should notify other banks etc to see whether they have accounts in your name.
You should contact the police. Be prepared to deal with different police agencies to report the fraud. After you have learned all the facts surrounding your case, write a statement explaining the situation and insist that the statement be attached to your credit profile and hand this statement to your bankers.
Keep in mind, that you may not be able to stop the fraud immediately as new credit may be provided from institutions that do not get your warnings. At least you have done what you can to limit the exposure.
Disclaimer
The enclosed information is of necessity a brief
overview and it is not intended that readers should rely
wholly on the information contained herein. No warranty
express or implied is given in respect of the information
provided and accordingly no responsibility is taken by
Worrells or any member of the firm for any loss resulting
from any error or omission contained within this
fact sheet.
Acknowledgment
The material in this Fact Sheet was sourced from various
publications including those listed in the Reading List on
the Fraud Awareness page on this website.
Back to Fact Sheets
Last Updated: 15.4.2010