Identity Theft
What is Third Party Fraud?
This is a fraud committed against someone or some business by people other than their employees. They can be committed against individuals, businesses, companies, governments etc. Third party frauds are not as common as occupational frauds, but on average each fraud is for a larger amount.
Some third party frauds are not meant to remain hidden forever. Some only remain hidden long enough for the fraudster to get away. The fraudster may not care if the fraud is eventually discovered as there is no relationship with the victim and they have made their getaway.
What is identity theft?
Identity theft or identity fraud is the act of assuming someone else's identity for the purpose of incurring debts, making purchases or otherwise benefiting from the use of that name. Stealing someone's identity allows the fraudster to hold themselves out to be the other person.
This paper gives a very general overview of the problem.
How is an identity stolen?
The fraudster only needs to obtain or manufacture sufficient information about a person to convince someone else that they are that person. The fraudster may know the victim and obtain information through that relationship, or they may not know the victim and have to obtain information from other sources.
Personal information can be stolen from the victim, stolen from an organization that holds information on people, purchased from someone who has stolen the information, and some of it can be obtained from public registers.
From that initial information and some manufactured documents like false drivers licenses, the fraudster can obtain other identification documents in that name. The usual aim is to manufacture or obtain sufficient information to pass security checks at financial institutions.
How is the fraud committed?
Armed with the false identity information, the fraudster can apply for credit cards, leases or loans from financial institutions and retail stores in the name of the victim. Once the fraudster opens the first account or gets the first loan, they can use it to obtain more credit from other sources. In a short time the fraudster may incur significant debts at a variety of places in the name of the victim.
Where is this personal information found?
The fraudster may work at a place that handles this type of information, like a bank or other credit provider or any business that handles personal information about their customers. The victim can not do anything to limit this exposure as the theft of the information is remote to them. The entity holding the information must maintain adequate controls over their client's personal information to keep it secure.
The fraudster may obtain discarded personal information that was not properly destroyed - from a work place or from at home. A 'dumpster-diver' is someone that goes through people's rubbish looking for personal information and could assume someone's identity without ever having come into contact with them. People can control how they discard their person information.
Fraudsters can steal mail from mail boxes. They are looking for mail from banks or other credit providers, especially offerings for pre-approved credit cards, or any other mail that contains personal information.
Computer hackers get information on vast numbers of people by hacking into databases held by businesses. They do not need personal contact with the victim, or physical access to information. They may obtain useful information from any business that keeps personal data about their customers.
Fraudsters may obtain personal information from 'social' internet sites. This information is usually placed on these sites by the victims willingly and without considering that other people may steal this information.
Is someone going through your rubbish a real threat?
Yes, dumpster-diving is a major way that fraudsters obtain personal information. Consider:
(a) how many people throw unwanted personal correspondence in their bins?
(b) who collects the garbage from those bins and how it is handled?
(c) how many people throw out credit application forms, including ones that have been pre-approved and pre-filled out with their details?
(d) how easy is it for someone to take this out of your bin and fill in their address and their signature for your credit card?
(e) what old files do you throw out and what personal information do they contain?
How can I prevent becoming a victim?
Significant amounts of personal data are held by third parties and are under someone else's control or protection. You cannot control who has access to this information and how securely it is kept. You must rely on the integrity of the entity holding this data. If in doubt, do not give personal information to third parties. Unfortunately, that makes it inconvenient to live in the modern world.
Information in your hands is easier to control. The basic rule is not to throw out anything containing personal information without destroying it or shredding it. You must also control the receipt of information to ensure that personal information is not exposed while in letterboxes. Further, you must consider what information to store or give to internet sites. This seems extreme until you become a victim of identity fraud. Exercise great care in how you receive and destroy sensitive information.
What do I do if I become a victim?
You may not know that you are a victim until the fraudster has been using your identity for a while and incurred significant debts in your name. You may only find out when the credit providers come looking to you to collect a debt in your name. You now have the problem of proving that the debt is not yours, as well as stopping further exposure.
As soon as you are aware of the fraud, you must immediately contact the credit reporting agencies to place an alert on your credit profile. Keep copies of all documents. You will need them.
You should also contact your usual banks etc. and determine if any of your actual accounts have been compromised. You may find that the fraudster did not try to access your accounts, but was content to open up new accounts in your name. These would usually be at other financial institutions, so that their mail in your name does not get confused with your real mail. You should notify other banks etc to see whether they have accounts in your name.
You should contact the police. Be prepared to deal with multiple police agencies to report the fraud. After you have learned all the facts surrounding your case, write a statement explaining the situation and insist that the statement be attached to your credit profile and hand this statement to your bankers.
Keep in mind, that you may not be able to stop the fraud immediately as new credit may be provided from institutions that do not do proper credit checks and do not find your warnings. At least you have done what you can to limit the exposure.
Disclaimer
The enclosed information is of necessity a brief
overview and it is not intended that readers should rely
wholly on the information contained herein. No warranty
express or implied is given in respect of the information
provided and accordingly no responsibility is taken by
Worrells or any member of the firm for any loss resulting
from any error or omission contained within this
fact sheet.
Acknowledgment
The material in this Fact Sheet was sourced from various
publications including those listed in the Reading List on
the Fraud Awareness page on this website.
Back to Fact Sheets
Last Updated: 9.4.2008