What Is Identity Theft? How to Prevent and Protect Your Identity

Key Takeaways:

• Identity theft is a type of fraud that occurs when someone steals your personal information and uses it to commit crimes or make unauthorized purchases.
• Personal information targeted in identity theft includes names, Social Security numbers, credit card details, bank account information, and online credentials.
• Cybercriminals exploit stolen identities for various criminal activities, including financial fraud and unauthorized transactions.
• Victims of identity theft often remain unaware of the theft until after the criminals have used their information.
• The consequences of identity theft extend beyond financial losses, including potential impersonation and unauthorized access to sensitive personal accounts.

In the current era of widespread technology and connectivity, the risk of identity theft is growing. From high-profile data breaches to sophisticated scams, these threats can lead anyone to question their safety. Far from being abstract, identity theft is a widespread risk that impacts individuals of all ages, occupations, and backgrounds, without discrimination.

The effects of identity theft are severe, often leading to loss of privacy, financial devastation, and a lengthy process to recover one’s stolen identity. Therefore, understanding identity theft is essential for maintaining personal security in the increasingly digital world we live in. Awareness is the first step to protection against these cyber threats and the significant harm they can cause.

Defining Identity: More Than Just Personal Information

An individual’s identity is a blend of characteristics, beliefs, traits, expressions, and qualities that set them apart from others. Identity encompasses the entire existence of an individual, including his personally identifiable information (PII) and other details like:

1. Personal Identifiers: This includes names, birth dates, Social Security numbers, contact details, and more.
2. Financial Information: Information like credit card details, bank account numbers, and financial records.
3. Digital Footprints: Usernames, passwords, security Q&As, social media accounts, and other online identifiers.
4. Health Records: This covers health insurance details and Medicare data.
5. Biometric Information: Unique biological traits like fingerprints, voice patterns, and facial recognition.

What Is Identity Theft?

Identity theft involves the illicit act of obtaining and using an individual’s personal information for fraudulent activities, typically without the victim’s knowledge or consent. This information can encompass elements such as your name, Social Security number, credit card details, bank account specifics, or even your online credentials.

When this stolen data falls into the hands of cybercriminals, it can be used to commit a variety of crimes. These can range from financial fraud and unauthorized transactions to impersonation and unauthorized access to sensitive accounts.

Top 9 Common Identity Theft Techniques

Identity thieves get the personal data of their victims through different means. Awareness of these methods can help individuals recognize potential threats and take proactive measures to protect their information.

Below are some of the most common ways that identity theft occurs:

1. Shoulder Surfing

Shoulder surfing involves thieves observing or recording personal information, such as PINs or passwords, by looking over a person’s shoulder while entering the information on a device or keypad. This can occur in public places, such as ATMs, retail stores, or crowded areas where individuals are less cautious about their surroundings.

2. Physical Theft

Identity thieves may steal wallets, purses, or personal belongings containing identification documents, credit cards, or other personal information. They may target individuals in crowded areas, public transportation, or even break into homes or vehicles to obtain these items.

3. Malware and Hacking

Identity thieves use malware, such as keyloggers or remote access tools, to gain unauthorized access to personal devices or networks. Once compromised, they can harvest personal information, monitor online activities, or remotely control the device for identity theft or financial fraud.

4. Social Engineering

Social engineering involves manipulating individuals psychologically to gain access to their personal information. The thief may pose as a trusted individual, such as a bank representative or IT support technician, to persuade the victim to share their private information or passwords.

5. Phishing

Phishing involves sending deceptive emails, text messages, or making phone calls that appear to be from legitimate organizations or individuals. These messages typically request personal information, such as usernames, passwords, social security numbers, or credit card details. The goal is to trick individuals into providing their sensitive information unknowingly.

6. Dumpster Diving

Identity thieves may search through trash or recycling bins to find discarded personal information documents. These documents include bank statements, credit card offers, medical records, and utility bills. Thieves use this information to assume the victim’s identity or commit financial fraud.

7. Skimming

Skimming involves capturing credit or debit card information by attaching devices to card readers, such as ATMs, gas pumps, or point-of-sale terminals. These devices record card details, including the magnetic stripe or chip data, allowing thieves to create counterfeit cards or make unauthorized transactions.

8. Data Breaches

Data breaches occur when unauthorized individuals access databases containing personal information. Cybercriminals target organizations, such as retailers, financial institutions, or healthcare providers, to obtain large volumes of personal data, including names, addresses, Social Security numbers, and payment card details. They may sell or use this stolen information for identity theft.

9. False Job Offers

Some identity thieves gather personal data by advertising fake job offers and collecting resumes and applications that contains potential victims’ information.

6 Types of Identity Theft

Identity theft can be classified into six different types:

• Financial Identity Theft
• Tax Identity Theft
• Medical Identity Theft
• Child Identity Theft
• Criminal Identity Theft
• Synthetic Identity Theft

1. Financial identity theft

Financial is the most common form of identity theft. Many identity thieves do it for the sake of making money illegitimately. Financial identity theft involves using someone’s personal information, such as social security number, credit card details, or bank account information, to carry out fraudulent financial transactions. Identity thieves use the stolen details to make unauthorized purchases, open new credit accounts, or drain victims’ bank accounts, leading to substantial financial losses and damage to credit scores.

2. Tax Identity Theft

Tax identity theft involves using stolen personal information, such as Social Security numbers, to file fraudulent tax returns and claim illegitimate refunds. Identity thieves may submit false tax documents using the victim’s information. As a result, victims may face delays in legitimate refunds and financial consequences.

3. Medical Identity Theft

Medical identity theft involves using an individual’s personal information to obtain medical services, prescribe medications, or file false insurance claims. For instance, the perpetrators may use stolen identities to receive medical treatment, purchase prescription drugs, or submit fraudulent bills to insurance companies. 

4. Child Identity Theft

Child identity theft occurs when a child’s personal information, such as their Social Security number, is stolen and used by identity thieves. As a result of their clean credit histories and the likelihood that the theft will go unnoticed for a long time, children’s identities are appealing targets. Criminals may use a child’s identity to open fraudulent credit accounts, apply for government benefits, or commit other types of fraud. This can have long-term consequences for the child, affecting their financial future and creating significant challenges in fixing the damage.

5. Criminal Identity Theft

Criminal identity theft involves using stolen personal information to create false identities and commit crimes. When identity thieves provide stolen identities to law enforcement during an arrest or investigation, false criminal records and arrest warrants may be issued in the victim’s name. This can result in the victim facing legal complications, including wrongful arrests, difficulties in employment, and challenges in clearing their name.

6. Synthetic Identity Theft

Synthetic identity theft is a sophisticated form of identity theft where criminals combine real and fake information to create synthetic identities. They may use fragments of actual personal information, such as Social Security numbers or names, along with fictitious details to establish credit accounts or obtain financial benefits. Synthetic identities can be challenging to detect and often involve multiple individuals’ stolen information, making it difficult to untangle the web of fraudulent activity.

Real Life Examples of Identity Theft

Identity theft’s impact can be varying and often devastating. According to the Federal Trade Commission’s (FTC) Consumer Sentinel Network 2022 data book, there were over 5.2 million reports, with identity theft being the most significant category.

In 2019, a person named Armstrong was found guilty of 51 counts in a federal grand jury indictment and sentenced to 259 months in federal prison. Consequently, Armstrong used stolen identities and social security numbers of children and people who had left the US to obtain credit cards, open bank accounts, set up shell companies, apply for loans, and purchase homes and cars.

In 2010, Nicole McCabe saw her name listed as one of the suspects responsible for an assassination. The assassination happened miles away from her, in a city she had never visited. However, she was lucky not to be convicted for a crime she didn’t commit because the identity theft was quickly reported and resolved.

Kenneth Gibson took advantage of his position as an IT professional for a company in Nevada to access and collect the personal information of thousands of people unlawfully. Subsequently, he used this stolen information to open 8,000 fraudulent PayPal accounts and apply for credit accounts.

Consequences Victims Face With Identity Theft

Identity theft can have a devastating impact on victims, both financially and emotionally. Here are some of the most common consequences individuals face with identity theft, including:

1. Emotional distress
2. Credit score damage
3. Financial losses
4. False accusations
5. Wrong criminal sentencing
6. Damage to reputation
7. Psychological issues
8. Issues with getting employment

How to Prevent Identity Theft? 

Identity theft is a growing concern, and it’s essential to take precautions to protect yourself from it. Here are 12 ways to help prevent identity theft:

1. Secure Your Documents

Keep important documents that contain your personal information in a safe place at home and work. Avoid carrying unnecessary identification cards like your Social Security or Medicare cards unless needed. Store these cards securely at home to minimize the risk of loss or theft.

2. Be cautious when sharing information

Avoid sharing personal, financial, or health plan information over the phone, through mail, or online unless you have a trusted relationship with the person or organization requesting it. Be cautious of unsolicited requests for sensitive data via emails, phone calls, or social media. In these channels, legitimate organizations will never ask you to provide sensitive information. When in doubt, verify the legitimacy of the request independently.

3. Review Your Credit Card Receipts

Carefully examine your credit card receipts to ensure that they don’t display your full account number. If a receipt shows more than the last four digits, report it to the appropriate authorities immediately.

4. Strengthen Your Passwords

Create strong, unique passwords for all your online accounts. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using obvious choices like birthdates or sequential numbers. Consider using a reliable password manager to store and manage your passwords securely.

5. Keep Software and Devices Updated

Regularly update your computer, smartphone, and other connected devices with the latest security patches and software updates. In some cases, hackers can access your information via outdated software, which has vulnerabilities that they exploit. To protect yourself against cyber threats, install reputable antivirus and anti-malware software.

6. Shred Unnecessary Documents

Shred receipts, credit offers, loan and credit applications, insurance forms, bills, medical records, bank statements, and similar documents when they are no longer needed. Using a “cross-cut” shredder ensures that the information is unrecoverable. This will prevent dumpster diving thieves from gaining access to your sensitive data.

7. Monitor Your Financial Statements

Regularly review your bank statements, credit card bills, and other financial accounts for any suspicious transactions or unauthorized activities. If you notice anything out of the ordinary, report it immediately to your financial institution.

8. Check Your Credit Reports

Regularly check your credit reports from the major credit bureaus (Equifax, Experian, and TransUnion) for any suspicious activity or unauthorized accounts. You can obtain a free credit report annually from each bureau.

9. Beware of Phishing Attempts

Be cautious of emails, messages, or websites that appear legitimate but are actually designed to deceive and trick you into revealing sensitive information. Look out for spelling errors, suspicious links, or requests for personal data. Always verify the legitimacy of requests independently, especially when dealing with financial institutions or sensitive accounts.

10. Enable Two-Factor Authentication (2FA)

Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification. This can include a unique code sent to your phone, in addition to your password.

11. Use Secure Networks

Only make online purchases from reputable websites with secure checkout processes that have URLs beginning with “https://” to indicate a secure connection. Avoid accessing sensitive accounts or conducting financial transactions on public Wi-Fi networks, as they are often unsecured and vulnerable to interception. Instead, use a trusted and secure network or a virtual private network (VPN) for added protection.

12. Educate Yourself

Stay informed about the latest identity theft techniques, scams, and security best practices. Educate yourself on the common signs of identity theft and how to detect fraudulent activity.

Steps to Take if You Are a Victim of Identity Theft

Discovering that you have become a victim of identity theft can be traumatic. However, taking immediate action to mitigate the damage and restore your identity is important. Here are the crucial steps to take when you are a victim of identity theft:

1. Report it immediately to your local law enforcement agency and file a complaint with the Federal Trade Commission (FTC) at identitytheft.gov.
2. Notify your financial institutions and ask them to freeze or close the affected accounts to prevent further unauthorized transactions.
3. Contact credit bureaus —Equifax, Experian, and TransUnion— to report identity theft and place a fraud alert on your credit reports.
4. Change the passwords and PINs for your online accounts, including banking, email, and social media. 
5. Inform other organizations or entities that may be affected by the identity theft. This could include utility companies, healthcare providers, and government agencies. 
6. Take other necessary steps peculiar to your identity and different accounts.
7. Remain alert in monitoring your financial accounts, credit reports, and other sensitive information.

Identity Theft Laws and Regulations

Different jurisdictions have laws that address identity theft and provide legal recourse to victims. It is common for states and countries to have specific laws and regulations that may vary from region to region. In the United States, the following laws apply:

1. Identity Theft and Assumption Deterrence Act (ITADA): The ITADA, enacted in 1998, makes identity theft a federal crime. It prohibits the unauthorized use of another person’s identifying information with the intent to commit unlawful activity. It also establishes penalties for identity theft offenses, including fines and imprisonment.
2. Fair Credit Reporting Act (FCRA): The FCRA regulates the collection, sharing, and use of consumer credit information. It grants consumers rights regarding their credit reports, including the right to access their reports, dispute inaccurate information, and place fraud alerts or credit freezes on their credit files. The FCRA also imposes obligations on businesses that use consumer credit information.
3. Health Insurance Portability and Accountability Act (HIPAA): HIPAA establishes privacy and security standards for protecting individuals’ health information. It requires healthcare providers, insurers, and other entities to safeguard sensitive health data and notify individuals in the event of a breach.
4. Computer Fraud and Abuse Act (CFAA): The CFAA addresses various computer-related offenses, including unauthorized access to computer systems and theft of sensitive information. It criminalizes hacking, identity theft involving computers, and other cybercrimes.
5. Identity Theft Penalty Enhancement Act (ITPEA): The ITPEA increases penalties for identity theft offenses and allows for additional punishment when the crime involves terrorism, drug trafficking, or other serious offenses. It aims to discourage and punish individuals engaged in identity theft-related activities.

International and Cross-Border Identity Theft Regulations

However, there are some laws and regulations that apply to broader jurisdictions or have international implications, including:

1. Payment Card Industry Data Security Standard (PCI DSS): Major credit card companies created the PCI DSS as a global security standard to safeguard cardholders’ data. It sets requirements for businesses that process, store, or transmit payment card information to maintain secure systems and protect against data breaches.
2. European Union’s General Data Protection Regulation (GDPR): The GDPR is a comprehensive data protection regulation that applies to all EU member states. It sets forth strict requirements for collecting, processing, and storing personal data and provides individuals with enhanced rights and protections.
3. Financial Action Task Force (FATF) Recommendations: The FATF is an intergovernmental organization that sets international standards for combating money laundering, terrorist financing, and other financial crimes. These recommendations often have implications for identity theft prevention and detection.
4. Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108): This international treaty establishes principles for protecting personal data and governs its cross-border flow among the member states.

Conclusion

Identity theft is a pervasive and ever-evolving threat that demands heightened awareness and proactive measures to protect ourselves and our loved ones. By understanding the nature of identity theft, implementing preventive strategies, and staying informed about the legal recourse available, individuals can significantly reduce their vulnerability and preserve their identities in an increasingly interconnected world.

Identity.com

In the digital age, identity theft is a serious problem that must be addressed. As an identity-focused blockchain company, we create solutions built on blockchain that will reduce such occurrences. This is one of the reasons we embraced blockchain. As a company, we develop and build identity management systems that focus on keeping users’ privacy private and with strong security, making data/identity theft a more strenuous adventure. We contribute to a more user-centric future via identity management systems and protocols. We also belong to the World Wide Web Consortium (W3C), the standards body for the World Wide Web.

The work of Identity.com as a future-oriented company is helping many businesses by giving their customers a hassle-free identity verification process. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable gateway passes. Please get in touch for more info about how we can help you with identity verification and general KYC processes.