Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

« Managing risk in the ACH network: Minneapolis Fed study uses FedACH data to identify better benchmarks | Main | The confluence of payments, social networks, and malware: Elements of a perfect storm? »

July 6, 2010

Identity thieves still using low-tech tactics to get into your wallet

If you make it easy for people to steal from you, they will.
-Frank W. Abagnale

Identity theft continues to be a major problem in the United States and, in most instances, does not involve a complex operation. Although the risks with online financial transactions receive a lot of focus, recent surveys have shown that identity thieves perpetrate their crimes using more traditional methods of access like stealing wallets or purses. In addition, too many victims are unfortunately serving as unwitting accomplices by giving personal information to the criminals over the phone.

According to Javelin's 2009 Identity Fraud Survey Report, the number of U.S. identity fraud victims increased 22 percent in 2008 to 9.9 million adults. Among the reasons cited for this upsurge in incidents are the economic downturn, the secondary market for financial information, and the availability of fraud toolkits online.

Although how-to guides on defrauding consumers are readily available on the Internet, identity thieves are taking a decidedly low-tech approach. Javelin also reported that of the 35 percent of identity theft victims surveyed who knew how their information was accessed, only 11 percent had their information stolen by an online hacker. In fact, 43 percent of identity theft was perpetrated via a lost or stolen wallet, checkbook, or credit card.

Convicted fraudster able to steal identities from behind bars
A recent FBI case involving a massive, two-year identity theft and bribery scheme provides an example of how fairly unsophisticated tactics are used to perpetrate fraud. The already-convicted fraudster who orchestrated the crime received a 309-year prison sentence, which is reportedly the fourth-longest in the history of white collar crime in the United States.

According to the FBI press release, the crime started in a Louisiana prison, where the perpetrator was serving time for a previous fraud conviction. A joint FBI-Department of Justice (DOJ) investigation revealed that he used the personal and financial information (such as dates of birth, Social Security numbers, and bank account numbers) of 61 individuals, churches, financial institutions, and businesses to attempt to steal more than $20 million. How was a prisoner able to get this information? Good question. Apparently, as the saying goes, he did it with the help of his friends (or co-conspirators) and a few phone calls.

One typical ruse involved the perpetrator calling a bank and pretending to be an elderly stroke victim who had been hospitalized. He would claim that he did not have his checkbook and needed access to his account. Most banks did not fall for it, but some did. He also called individual victims directly sometimes, saying he was a state trooper who needed to verify personal details after an identity theft arrest.

The perpetrator had several accomplices in the operation, including a corrections officer that he bribed with $10,000 to use his cell phone when prison officials put him on lockdown. Through the collaborative efforts of federal, local, and state law enforcement agencies, the perpetrator and at least eight coconspirators were charged in the investigation.

Common sense precautions key to avoid becoming a victim
The FBI case is a compelling reminder for people to be "crime smart" by not sharing personal information over the phone unless they can verify the identity of the caller. However, phone sense is just one of many ways that businesses and individuals must be vigilant in protecting themselves against becoming victims of identity theft. The DOJ has used the acronym "SCAM" to encapsulate four steps to reduce or minimize this risk. First, be stingy about giving personal information to others unless there is a reason to trust them. Second, check financial information regularly to monitor for unauthorized transactions. Third, ask periodically for a copy of your credit report to determine whether someone has wrongfully opened accounts in your name. Fourth, maintain careful records of banking and financial accounts in case you need to dispute a transaction.

It is possible to follow these steps and still become an identity theft victim. However, an added benefit of taking these proactive measures is that victims are typically faster at detecting fraud against themselves than are entities such as law enforcement, lenders, and creditors. In fact, Javelin's 2009 identity theft report found that the detection time of fraud through police or law enforcement was 264 days compared to eight days when the victims were monitoring their accounts electronically (that is, via the Internet or ATM). Ultimately, customers who actively monitor their accounts not only reduce the risk of fraud but also minimize their losses if they are victimized.

By Jennifer Grier, senior payments risk analyst in the Atlanta Fed's Retail Payment Risk Forum

July 6, 2010 in fraud , identity theft | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference Identity thieves still using low-tech tactics to get into your wallet :


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search

Recent Posts



Powered by TypePad