LP101: Identity Theft

information security policy, fraud with credit cards

Identity theft involves the unauthorized or illegal use of key elements of another individual’s personal information (social security numbers, driver’s license numbers, birth dates, bank statements, etc.) and assuming that individual’s identity for personal gain. The information can then be used to obtain credit, merchandise and services in the name of the victim, or to provide the perpetrator with false credentials.

Identity theft is the most popular—and the most profitable—form of consumer fraud. Armed with this key personal information, a dishonest individual can open a bank account, obtain credit cards, apply for a loan, and remove funds from various financial accounts for financial gain. This type of identity theft is primarily categorized in two ways:

  • True Name identity theft involves the use of personal information to open new accounts. The perpetrator might open a new credit card account, obtain a loan, open a new credit card account, establish cellular phone service, or otherwise create new accounts or establish new resources for personal gain.
  • Account Takeover identity theft involves the use of another’s personal information to gain access to the victim’s existing accounts and resources. Often the perpetrator will change the mailing address on an account and attempt to run up a huge bill before the victim realizes that their information has been compromised. The Internet has made this type of theft much easier, as the stolen information can be used for making transactions without any personal interaction.

In recent years, the Internet has helped accelerate identity theft as personal information can be easily obtained if not properly secured when making online transactions. Data breaches often lead to instances of identity theft. This type of identity theft can have widespread impact, is commonly referred to and makes the most headlines. However, it is just as likely that an identity thief can gain information by using more old fashioned methods.

- Sponsor -

Retrieving personal information by stealing mail or searching through the trash for discarded items (dumpster diving) is one of the easiest ways for the identity thief to gather information. Another popular method is “shoulder surfing”, which simply involves the thief being next to someone in a public place and looking over their shoulder while they are filling out personal information on a laptop, form, or other informational document.

Protecting Consumers

Strict laws and regulations have been enacted to protect the consumer against identity theft, holding business owners and merchants responsible for ensuring that documents and receipts are properly maintained in order to prevent exposure. Businesses failing to comply with these laws can be held liable and can be subject to costly fines as well as negative publicity.

In 1998 Congress passed the Identity Theft and Assumption Deterrence Act, which made it a crime for any person to “knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any application of State or local law”. Identity theft was also distinguished as a separate crime against the victim whose identity was stolen. Prior to this legislation, identity theft was only considered a crime against the company that was defrauded. These charges would apply in addition to other violations, including credit card fraud, mail fraud, computer fraud, and other related crimes.

LPF LogoBy capitalizing on opportunities to enhance our knowledge and education, we are making an investment in our own future. To learn more about developing your leadership skills and the certification process, visit the Loss Prevention Foundation.

Stay Updated

Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.