Aided by Internet, Identity Theft Soars

April 3, 2000

Aided by Internet, Identity Theft Soars

By TIMOTHY L. O´BRIEN

aw enforcement authorities are becoming increasingly worried about a sudden, sharp rise in the incidence of identity theft, the outright pilfering of people's personal information for use in obtaining credit cards, loans and other goods.
While identity theft is hardly new -- con men have been doing it for ages -- law enforcement officials and consumer advocates say the Internet is making identity theft one of the signature crimes of the digital era. Any visitor to cyberspace can find Web sites selling all sorts of personal information and, with that information in hand, thieves can acquire credit, make purchases and even secure residences in someone else's name.

Digital Privacy
Related Articles
Ongoing Coverage of Digital Privacy
Forum
Can Privacy Be Protected Online?

The Social Security Administration said it had received more than 30,000 complaints about the misuse of Social Security numbers last year, most of which had to do with identity theft. That was up from about 11,000 complaints in 1998 and 7,868 complaints in 1997. The Social Security Administration attributes the rise to the ease with which Social Security data can be collected on the Internet.
"The Internet allows these criminals to work anonymously and from all over the world," said Gregory Regan, head of the Secret Service's financial crimes division. "We don't think that people should be afraid of using the Internet, but all of this enthusiasm should be tempered with a little bit of caution."
Kim Bradbury knows all too well the ease with which identity thieves operate. On a Friday afternoon last September, as she was feeding her 1-year-old daughter in her Northern California home, the kitchen phone rang.
Bradbury dismissed the caller, a representative of the credit card giant First USA, as just another telemarketing huckster. "No, you have to listen!" Bradbury remembers the caller insisting. "Someone has applied for a credit card in your name and it doesn't match other addresses we have for you."
In fact, someone had already used the credit card -- acquired over the Internet without Bradbury's knowledge -- to make nearly $500 in unauthorized purchases.
Over the next several months, Bradbury found she had lots of company. More than three dozen of her former co-workers at Ligand Pharmaceuticals, a San Diego biotechnology concern, also became victims of identity theft. The group discovered that their identities were used to illegally obtain about 75 credit cards, buy at least $100,000 in merchandise, open 20 cellular telephone accounts, and rent three apartments. And until very recently, Bradbury and her former colleagues had no idea who was stalking them.
"People take this situation lightly, but once it happens to you it's a nightmare," said Bradbury, a biologist and the mother of two. "I just don't know when it's going to end -- I feel so violated and I'm very, very angry."
Identity theft starts when thieves misappropriate someone's personal information -- address, date of birth, Social Security number and the like -- to get fake driver's licenses and credit cards. With that information and identification in hand, criminals are free to operate under a new name in whatever way they like.
Even a cursory tour through cyberspace turns up a host of vendors peddling personal information. One online company, Net Detective 2000, promotes itself as "an amazing new tool that allows you to find out EVERYTHING you ever wanted to know about your friends, family, neighbors, employees, and even your boss!" Net Detective did not respond to interview requests.

The New York Times

If an identity thief needs to know someone's Social Security number, for example, it is easy enough to buy it on the Internet. One Web site, docusearch.com, will retrieve a person's Social Security number in one day for $49. Dan Cohn, the director of docusearch.com, said he got the numbers from "various sources" but that none of his firm's services have contributed to identity theft. "Social Security numbers are pretty much public numbers anyway," Cohn said.
Social Security numbers matched with other personal information enable identity thieves to apply for credit cards on the Internet, often with minimal scrutiny from issuers. Shopping on the Internet with such credit cards is relatively easy because transactions are not face-to-face, thus voiding one of the simplest ways for merchants to check a customer's identity. And if an identity thief uses a credit card to briefly build up a solid credit history by paying off monthly bills, he or she then has the credibility to apply for big ticket items such as loans for cars and rental property.
Law enforcement officials also say that stolen personal and financial information can be easily transmitted worldwide on the Internet by criminal groups that have begun to specialize in identity theft because it is so lucrative. Federal investigators have encountered cases in which credit card numbers stolen in the United States have been used a day or two later in Tokyo or Hong Kong.
While law enforcement officials, consumer advocates and private risk management companies like the National Fraud Center say they have ample anecdotal evidence that identity theft is on the rise, further data backing up that claim is hard to come by. These analysts and advocates say that is largely because the problem as manifested on the Internet is still very new, because identity theft is not broken out as a separate crime in analyses of larger fraud schemes, and because it is hard to discern whether identity theft inquiries made by consumers to credit reporting companies like Equifax, Trans Union and Experian are made to prevent a crime or are the result of a crime.

For its part, the credit card industry points out that credit card fraud stemming from identity theft is only a small percentage of the hundreds of billions of dollars in credit card purchases each year. Moreover, recognizing that identity theft could easily get out of hand, several of the country's largest credit card issuers are now building a database with assistance from the Secret Service so they can share information and identify common geographic locations where credit card fraud occurs.
Consumers rarely face monetary losses related to identity theft because merchants or banks are typically the ones stuck with bogus credit card charges. In addition, credit card issuers are generally vigilant about monitoring customers' purchasing patterns and flagging questionable transactions very quickly.
Still, the real damage felt by consumers like Bradbury and other victims of identity theft is not monetary -- it's emotional. Victims say they not only must face the reality that their financial privacy has been compromised by an anonymous thief, but also often endure lengthy, painstaking struggles to clean up credit records that have been tarnished by identity thieves. In some of the worst cases, when identity thieves commit crimes and use their false identities to mislead police, victims of identity theft suddenly find themselves saddled with criminal records.
After Bradbury received her first warning from First USA that someone was illegally making charges in her name, she said she called the three big credit reporting agencies to have the charges removed from her records. But the agencies required a fraud report from First USA to do that, and Bradbury says that it took First USA about 16 weeks to generate the report at a time when she had been hoping to obtain a car loan.
Bradbury concedes that First USA caught the problem early on, but also complains that the company made it much too simple for a thief to get a card online in her name in the first place. In an online pitch for one of its credit cards, First USA tells potential applicants, "Why wait? Receive a response in 60 seconds." First USA, a unit of the Chicago banking giant Bank One, declined to comment on Bradbury's experience, citing client confidentiality, but said that it practiced effective antifraud procedures.
Between September and earlier this year, Bradbury was besieged with credit inquiries from gasoline companies, public utilities, and cell phone companies, all the result of an identity thief making charges in her name.

Related Article
Beanie Baby Scams and Identity Thefts
(September 22, 1999)
"I wondered who had done this to me -- was it someone who had come into my home or gone through my mail or had worked with me?" Bradbury recalls. "I was in complete terror because I knew what they could do with this because it had happened to a friend of mine. I knew they could open up a bank account and bounce checks and do all sorts of things."
Bradbury said she was initially told by credit card companies and the San Diego police department that they could not help track down the identity thief because such cases were too hard to investigate. But after a San Francisco real estate agent called her in December to tell her someone was trying to rent an apartment in her name, Bradbury took action herself.
She noticed that two of the bogus credit applications in her name had the same address, which she traced to the last name "Charlton." Then the real estate agency told her that one of the women trying to rent an apartment in her name said that she worked for Ligand Pharmaceuticals -- Bradbury's old employer -- and was supervised by a Roxanne Charlton.
As it turned out, Bradbury says, Charlton, a lab assistant at Ligand, had found a box with personnel records for Bradbury and 37 other former employees that was left unprotected in a storage closet at the company.
Charlton was arrested by San Diego police on March 24. She had the box of personnel records stored in her car.
According to the police and Bradbury, Charlton and some accomplices used some of the information gleaned from the records to get credit cards and cell phones on the Internet. False identity cards and driver's licenses also were allegedly generated by Charlton's group, and they successfully rented three apartments in other people's names. Charlton's group also allegedly bought at least $100,000 worth of consumer electronics products and sent the goods to other apartments that had been rented over the Internet.
Charlton was charged with identity theft, suspicion of possession of stolen credit card numbers and possession of narcotics. She was released on a $60,000 bond, and could not be reached for comment. Ligand declined to comment on the matter, citing a police investigation.
The arrest of Charlton is of little comfort to Bradbury. She said she and others who were victimized were worried that Charlton may have shared their personal information with other identity thieves who are still on the prowl.
"I just don't know when it's going to end," she said. "We're all a little scared."

Ask Technology questions and tell other readers what you know. Join Abuzz, a new knowledge network from The New York Times.

Help/Feedback | Classifieds | Services | New York Today