Defining Identity Crimes

Introduction - Background about instructor and how I got here, what I have done and what I am doing to learn more.

Pre course quiz - Hand out to students at the beginning of the course. Once the quiz is complete, go over the questions and provide the correct answers.

Unit Goal 1.1 The student will be able to recognize the types of identity crime. According to the Federal Trade Commission (FTC):  31,000 persons were victims of identity crime in 2000.  During the first seven months of 2003, 131,000 Americans were victimized.  If trends continue, by the end of 2003, those victimized will have increased almost 700% in three years.  Texas is fifth in the nation in the number of instances of identity crime reported to the FTC.

1.1.1 The student will be able to provide a definition of identity crime.

A. Identity crime is the theft or misuse of personal or financial identifiers in order to gain something of value and/or facilitate other criminal activity.

B. Types of identity crimes include identity theft, credit card/access device fraud (“skimming”), check fraud, bank fraud, false identification fraud, and passport/visa fraud.

1.1.2 The student will be able to identify types of crimes associated with identity crimes.

In many instances an identity crime is used as a facilitator, through financing or anonymity, to commit other criminal activities such as mail theft, mail fraud, narcotics/drugs, organized crime, financial fraud (money laundering), mortgage fraud, weapons trafficking, homicide, terrorism, wire fraud, or computer crime/Internet intrusions.

Identity crimes can begin with other seemingly unrelated crimes such as robbery (e.g. purse snatching or mugging), computer intrusion, mail theft, theft of trash (“dumpster diving”), or theft of documents or information from businesses, medical facilities, hotels, etc.

1.1.3 The student will be able to list personal and financial identifiers.

Personal identifiers include: name, date of birth, social security number, address, phone number, driver’s license number, passport number, mother’s maiden name, etc. Financial identifiers include: credit card numbers, bank account numbers, personal identification numbers (“PINs”), insurance account numbers, etc.

1.1.4 The student will be able to identify currents trends associated with identity crimes.

Some of the current trends associated with identity theft involve the usage of current technologies. This provides a unique challenge for consumers and law enforcement by testing their ability to keep up with technological advances and changes.

Some of the more recent scams involve stealing information by listening in on conversations made on cellular phones, surreptitiously reading other people’s faxes and e- mails, hacking into computers, conducting telephone and e-mail scams, and taking advantage of careless consumers’ online shopping and banking.

Currently, the Identity Theft Resource Center, www.idtheftcenter.org, is an excellent website for obtaining information on new trends, scams and consumer alerts on identity crimes.

Identity Crimes – Page 2 of 17 – September 2003 How Identity Crimes Occur

Unit Goal 2.1 The student will be able to recognize how identity crimes occur.

2.1.1 The student will be able to identify how identity crime is commonly perpetrated.

A. Identity crimes can occur if someone steals your wallet, purse, briefcase, etc., containing your identification, social security card, credit cards, bankcards or checkbook.

B. Identity crimes can occur if someone steals your mail, especially your bank and credit card statements, pre-approved credit offers, new checks, or tax information.

C. Identity thieves can complete a “change of address form” to divert your mail to another location.

D. Identity thieves may rummage through your trash or the trash of businesses to find personal data (also known as “dumpster diving”).

E. Identity thieves may fraudulently obtain your credit report by posing as a landlord, employer, or someone else who may have a legitimate need for (and legal right to) the information.

F. Identity thieves can find personal information in your home.

G. Identity thieves may obtain personal information that you share on the Internet.

H. Identity thieves can get information from the workplace, in a practice known as “business record theft,” by stealing files out of offices where you are a customer, employee, patient or student, by bribing an employee who has access to your files, or by “hacking” into electronic files.

I. Some identity thieves also engage in “shoulder surfing”: looking over your shoulder or from a nearby location as you enter your Personal Identification Number (PIN) at an ATM machine. This practice has gone high-tech, with some thieves utilizing hidden “spy cameras” positioned near ATMs to observe or record people as they enter their PINs.

J. Many criminals who want to obtain personal data from people online use a technique known as “spoofing”: the creation of e-mails and websites that appear to belong to legitimate businesses such as established retail companies, financial institutions, and online auctions sites. Consumers receive e-mails from thieves claiming to be legitimate businesses, and are directed to websites that appear to be run by those businesses. The consumers are then directed to enter large amounts of personal data. The thieves sending the e-mails or running the websites actually have no connection with those businesses, and their sole purpose is to obtain the consumers’ personal data so that they can engage in various fraud schemes.

2.1.2 The student will be able to identify techniques used to procure false identification.

Identity Crimes – Page 3 of 17 – September 2003 A wide variety of sources, including bookstores and Internet retailers, provide publications that give criminals step-by-step instructions on techniques for producing false documents.

Instructor Note: Show the students some of the resources that are available to criminals who want to create false documents.

Examples:

 www.paladin-press.com  Gun shows  The Modern Identity Changer by Sheldon Charrett, ISBN 0-87364-946-X #IDENTITY

Identity Crimes – Page 4 of 17 – September 2003 Laws and Statutes Governing Identity Crimes

Unit Goal 3.1 The student will be able to recognize the legal aspects of identity crimes.

3.1.1 The student will be able to identify the federal statutes dealing with identity crimes.

Federal law: 18 U.S.C. § 1028 – Identity Theft and Assumption Deterrence Act

3.1.2 The student will be able to identify the state statutes dealing with identity crimes.

State Law: Penal Code 32.51 – Fraudulent Use or Possession of Identifying Information (State Jail Felony) Business and Commerce Code, Chapter 20 - Regulation of Consumer Credit Reporting Code of Criminal Procedure, Article 55.02, Sec.2a – Procedure for Expunction

3.1.3 The student will be able to define the term “security alert,” according to the Business Code.

Security Alert – means a notice placed on a consumer file that alerts a recipient of a consumer report involving that consumer file that the consumer’s identity may have been used without the consumer’s consent to fraudulently obtain goods or services in the consumer’s name.

3.1.4 The student will be able to define “security freeze,” according to the Business Code.

Security Freeze – means a notice placed on a consumer file that prohibits a consumer reporting agency from releasing a consumer report relating to the extension of credit involving that consumer file without the express authorization of the consumer.

Identity Crimes – Page 5 of 17 – September 2003 Prosecuting Identity Crimes

Unit Goal 4.1 The student will be able to request information needed for an ID crime offense report.

4.1.1 The student will be able to list information needed for an ID crime offense report.

Taking a written report is vital to the victim(s) because credit bureaus require a police report in order to block fraudulent information and to begin repairing the victim’s credit reports. In addition, many financial institutions require a police report with an affidavit of fraud.

Instructor Note: Direct the students’ attention to the “Identity Crime Incident Detail Form” (Appendix A). Although it is not necessary to discuss every item contained in the form, a brief explanation highlighting a few sections should be discussed with students.

 Have the crime victim fill out an identity crime incident form (Appendix A). This document provides the officer/investigator with detailed information to: o Understand the type of incident that occurred, o Organize the investigative case, o Determine where evidence might be found, o Develop a theory of how the identity theft occurred, and o Determine what financial institutions should be contacted in the course of the investigation.  Ask the victim to begin gathering documentation (bank and credit card statements, letters from creditors, merchant account statements, etc.) o Ask the victim to obtain credit reports from the three major Credit Bureaus (Equifax, Experian, and Trans Union) and voluntarily give them to you. If not given voluntarily by the victim, a subpoena is needed from the courts to obtain victim credit histories.

4.1.2 The student will be able to identify the governmental and business entities that are notified in identity crimes.

A. Federal Bureau of Investigation – Notify if an identity crime is used to commit a bank fraud, governmental fraud or in furtherance of an investment scheme, insurance fraud, etc. involving losses over one hundred thousand dollars ($100,000).

B. U. S. Secret Service – Notify if there is any custody arrest of individuals associated with identity crime or identity takeover. This would involve the seizure or recovery of any amount of identity crime devices, equipment, or products such as skimmers (small electronic devices that can gather information, such as your name, address, credit limit, and PIN from your credit card); counterfeit identification documents; counterfeit credit cards; or lists of personal identifiers (e.g., names, social security numbers, dates of birth, bank account numbers, and credit card numbers).

Identity Crimes – Page 6 of 17 – September 2003 C. U. S. Postal Service – Notify if an individual is taken into custody for committing a financial crime involving the U.S. mail. Postal inspectors will respond to violations relating to identity crime, forgery, credit cards and checks, mail theft, mail fraud, and Internet fraud (when the scheme involves use of the U.S. mail).

D. Social Security Administration – Notify if the misuse of a social security number involved social security program fraud, or if there is either a significant financial loss to an individual or institution, or a significant number of counterfeit social security cards are seized.

E. Federal Trade Commission – Have identity crime victims file a report with the Federal Trade Commission (Appendix B). Encourage them to use the FTC website (www.consumer.gov/idtheft). At the website, victims can file an online complaint and obtain helpful information such as a victim’s guide (”When Bad Things Happen to Your Good Name”) and the FTC Sample Affidavit. The FTC also has a hotline: 1-877-IDTHEFT (1-877-438-4338).

The FTC is the central collection point for the Identity Theft Data Clearinghouse, the federal government’s database for tracking identity crime complaints. The database, web site, and toll-free hotline were created pursuant to the Identity Theft and Assumption Deterrence Act of 1998, and began operation November 1, 1999.

Another valuable resource offered by the FTC to law enforcement is Consumer Sentinel, an identity crime investigative cyber-tool for law enforcement. Consumer Sentinel members include more than 475 law enforcement agencies in Australia, Canada, and the United States. This site can help law enforcement build cases and detect trends in consumer fraud and identity crime. Consumer Sentinel gives law enforcement officials access to more than 700,000 complaints, including consumer complaints from numerous Better Business Bureaus, the National Fraud Information Center, and Canada’s PhoneBusters. Information about Consumer Sentinel is available at 1-877-701-9595 and online (www.consumer.gov/sentinel/).

F. Texas Department of Public Safety - This agency is responsible for the issuance of state driver’s licenses and identification cards. It is also responsible for the storage and expunction of criminal records. Contact the Texas Department of Public Safety at 512-424-2000 and online (www.txdps.state.tx.us/contact.htm).

Other state and local agencies may provide additional assistance with investigating identity crimes.

G. Consumer Credit Reporting Agencies – Tell victims to have a “fraud alert” placed on their credit reports. The fraud alert will show up on their credit report when companies make inquiries about their credit and may stop additional fraud. The three major credit-reporting agencies are:

Experian 1-888-397-3742 (or online at www.experian.com) Trans Union 1-800-680-7289 (or online at www.transunion.com) Equifax 1-800-525-6285 (or online at www.equifax.com)

Identity Crimes – Page 7 of 17 – September 2003 H. Financial Institutions (e.g., banks, credit card companies, financial advisors) – Advise the victims to contact their financial institutions to report any suspicions of identity crime. The financial institution can check to see if there has been any unusual activity. Victims should establish passwords for their accounts.

I. Utility Companies (e.g., power, water, phone, and cable companies, etc.) – Victims may want to contact their utility companies to report instances of possible identity crime. The utility companies can check for any unusual account activity.

Identity Crimes – Page 8 of 17 – September 2003 Identity Crimes Prevention

Unit Goal 5.1 The student will be able to recognize techniques for educating victims and the public on identity crime.

5.1.1 The student will be able to identify techniques for educating victims and the public on identity crime.

Law enforcement agencies should be proactive in their approach to educating the public about identity crime. Current techniques used to educate the public about other crimes can be used to facilitate information on identity crime. Some of these techniques may include public service announcements (PSAs), community policing involvement, etc. Law enforcement agencies can make use of the vast amount of information already available on the Internet to guide the public and victims of identity crime.

5.1.2 The student will be able to list guidelines for personal protection against identity crime.

Emphasize the fact that the more a person becomes aware about his/her financial records the better prepared he/she will be if they become a victim of identity crime.

Inform the public that they should:

 Not give out personal information over the phone or on the Internet - this includes their social security number, driver’s license number, date of birth, place of birth, home address, mother’s maiden name, and any passwords  Limit the amount of personal information on their checks - it is recommended that you do not put your driver’s license, identification card or social security number on your checks  Check credit histories and bank records frequently and look for signs of inaccurate or suspicious activity  Keep detailed records of banking, check writing, credit card use, and ATM use  Destroy carbon copies of credit card receipts  Purchase a home shredder or completely destroy any item that may have personal identifiers rather than discarding them in the trash

Note: Some insurance companies offer optional coverage to their policyholders to assist them with certain expenses incurred if they become victims of identity crime.

5.1.3 The student will be able to list the steps to take if identity crime occurs.

Instructor Note: Direct the student’s attention to the handout “ID Theft Affidavit” (Appendix B). The forms provide victims with detailed instructions on completion and submission of the affidavit. Emphasize the fact that the affidavit should be sent to the companies or businesses where the fraud was perpetrated.

Identity Crimes – Page 9 of 17 – September 2003  Notify the police – Make a report. Get the names of the officers you contact and the police report number for your records. Be specific as to which kind of identity crime happened, such as bad checks, credit card abuse, or the misuse of your name, driver’s license, or identification card.  Notify creditors and merchants – Cancel credit cards and close your accounts. Contact the creditors and merchants that are affected. Get the names of any employees you have contact with, and ask for a reference number on each item that you are disputing.  Notify your banks and financial institutions – Change affected bank accounts. Advise the banks of the situation and find out what is required to clear anything that affects your banking services. This could relate to checks, ATM cards, debit cards, etc.  Check your credit – Notify the major credit reporting agencies as well as local credit reporting companies, and advise them of your situation. You may be able to request that a block be put on any attempt to gain credit under your name and your date of birth without your confirmation.  Check with the Social Security Administration – Make sure that earned income benefits are accurate. Check to see if there is any action on your social security number that should not be there. Get as much information as you can, and follow through with what is requested of you.

Identity Crimes – Page 10 of 17 – September 2003 References and Resources Consulted

Abbott, Greg (Texas Attorney General), “A police report is crucial in cases of identity theft”

Chicago Police, “Police Officer’s Handbook – Identity Theft”

Federal Trade Commission, “ID THEFT – When bad things happen to your good name”, September 2002

Identity Theft Resource Center (www.idtheftcenter.org)

Texas Department of Public Safety, Public Information Office, “Steps to Help Prevent Identity Theft”, April 9, 2002

U.S. Department of Justice, “Identity Theft: A Quiz for Consumers”

U.S. Department of Homeland Security, U.S. Secret Service, “Identity Crimes Interactive Resource Guide”

Statutory References

U.S.C. Title 18, Chapter 47 – Identity Theft and Assumption Deterrence Act.

Texas Penal Code 32.51 – Fraudulent Use or Possession of Identifying Information

Texas Code of Criminal Procedure 55.02 – Expunction of Records

Texas Code of Criminal Procedure 60.19 – Information Related to Misuse of Identity

Texas Business and Commerce Code (Sections 20.01, 20.03, 20.031 thru 20.038) – Definitions and rules governing “Security Alerts” and “Security Freezes”, Amendments to Chapter 35D – Confidentiality of Social Security Number

Identity Crimes – Page 11 of 17 – September 2003 Identity Theft: A Quiz For Consumers

1. When I keep my ATM cards and credit cards in my wallet, I never write my PIN (Personal Identification Number) on any of my cards. YES ( ) NO ( )

2. When I leave the house, I take with me only the ATM and credit cards I need for personal or business purchases. YES ( ) NO ( )

3. When I get my monthly credit-card bills, I always look carefully at the specific transactions charged to my account before I pay the bill. YES ( ) NO ( )

4. When I get my monthly bank statements, credit-card bills, or other documents with personal financial information on them, I always shred them before putting them in the trash. YES ( ) NO ( )

5. When I get mail saying I’ve been pre-approved for a credit card, and don’t want to accept or activate that card, I always tear up or shred the pre-approval forms before putting them in the trash. YES ( ) NO ( )

6. I request a copy of my credit report at least once a year. YES ( ) NO ( )

7. If the volume of mail I get at home has dropped off substantially, I always check with my local post office to see if anyone has improperly filed a change-of-address card in my name. YES ( ) NO ( )

8. If I think that I may be a victim of identity theft, I immediately contact:

the Federal Trade Commission to report the situation and get guidance on how to deal with it, YES ( ) NO ( ) the three major credit bureaus to inform them of the situation, YES ( ) NO ( ) my local police department to have an officer take a report, and YES ( ) NO ( ) any businesses where the identity thief fraudulently conducted transactions in my name. YES ( ) NO ( )

How did you score on this quiz? If you checked even two or three of the “NO” boxes, it means that you need to take more of the precautions that are described in this course. Remember that identity thieves, unlike robbers or fraudsters, don’t have to have any personal contact with you in order to commit their crimes. The more you do to protect your personal information, the lower the odds that you’ll become a victim of identity theft.

This quiz was adapted from a U.S. Department of Justice publication available at the website below.

www.usdoj.gov/criminal/fraud/idquiz.html

Identity Crimes – Page 12 of 17 – September 2003 Identity Crimes Test

1.1.0 1. According to the FTC, Texas was ______in the nation in the instances of identity fraud reported for 2002. A. first B. fifth C. tenth D. twentieth

1.1.1 2. Identity Crime is the theft or misuse of personal or financial identifiers in order to gain ______. A. something of value B. a personal identification number C. an access code D. an access identification number

1.1.2 3. Which of the following is true about identity crime? A. It is mostly limited to the Internet. B. It frequently begins with a seemingly unrelated crime. C. It is not related to violent crime or terrorism. D. It has become a major cause of insurance rate increases.

1.1.3 4. Which of the following is a financial identifier? A. Billing address B. Social security number C. Passport number D. PIN (Personal Identification Number)

1.1.4 5. Current trends of identity theft involve ______. A. medical and insurance records B. technological devices C. altered credit cards D. elderly victims

Identity Crimes – Page 13 of 17 – September 2003 2.1.1 6. Which of the following is an example of business record theft? A. Taking patient files from a hospital B. Obtaining credit information by posing as a landlord C. Filling out a false change of address form D. Stealing a bank statement from someone’s mailbox

2.1.2 7. Which of the following would be easy for a criminal to find online or in a store? A. A list of the codes used in private medical records B. Samples of the paper used to print currency C. A book explaining how to falsify documents D. Software for forging signatures

3.1.1 8. The federal statute dealing with identity theft is a part of which federal act? A. Identity Theft and Assumption Deterrence Act B. Credit Reporting and Abuse Act C. Electronic Funds Transfer Act D. Computer Fraud and Abuse Act

3.1.2 9. Fraudulent Use or Possession of Identifying Information (Texas Penal Code 32.51) is a ______. A. Class C misdemeanor B. 3rd degree felony C. Class B misdemeanor D. state jail felony

3.1.3 10. A ______is a notice placed on a consumer file that alerts a recipient of the report that the consumer’s identity may have been used without the consumer’s consent to fraudulently obtain goods and services in the consumer’s name. A. report tag B. security alert C. consent notice D. sentinel

Identity Crimes – Page 14 of 17 – September 2003 3.1.4 11. A ______means a notice placed on a consumer file that prohibits a consumer-reporting agency from releasing a consumer report relating to the extension of credit involving the consumer file without the express authorization of the consumer. A. security alert B. authorization notice C. security freeze D. validation lock

4.1.1 12. Credit bureaus require a ______in order to block fraudulent information and to begin repairing victim’s credit reports. A. certified written request B. ten-day credit freeze C. full credit check D. police report

4.1.2 13. An officer should notify the ______if an individual is taken into custody for committing a financial crime involving the U.S. mail. A. U.S. Postal Service B. FBI (Federal Bureau of Investigations) C. FTC (Federal Trade Commission) D. U.S. Secret Service

4.1.2 14. Which of the following is one of the three major credit-reporting agencies? A. Sentinel B. Phone Busters C. Trans Corp D. Equifax

4.1.2 15. The central collection point for the Identity Theft Data Clearinghouse is maintained by what agency? A. FTC (Federal Trade Commission) B. U.S. Secret Service C. FBI (Federal Bureau of Investigations) D. Social Security Administration

Identity Crimes – Page 15 of 17 – September 2003 4.1.2 16. The FTC provides law enforcement with an identity theft investigative cyber-tool called ______. A. Internet Sentinel B. Cyber Sentinel C. Consumer Sentinel D. Fraud Sentinel

4.1.2 17. The ______is responsible for the storage and expunction of criminal records. A. FBI (Federal Bureau of Investigations) B. Department of Public Safety C. Social Security Administration D. FTC (Federal Trade Commission)

5.1.1 18. Law enforcement agencies should be ______in their approach of educating the public about identity theft. A. proactive B. reactive C. neutral D. responsive

5.1.2 19. As a guideline to personal protection against identity theft, it is recommended that a person should ______. A. include their driver’s license number on their personal checks B. avoid generating unnecessary bank records C. shred previous years’ bank and ATM records D. destroy carbon copies of their credit card receipts

5.1.3 20. A victim of identity theft should ______. A. contact the U.S. Postal Service B. notify the FBI (Federal Bureau of Investigations) C. notify their bank or financial institution D. destroy their checks and credit cards

Identity Crimes – Page 16 of 17 – September 2003 Test Key

1. B - fifth 2. A - something of value 3. B - It frequently begins with a seemingly unrelated crime. 4. D - PIN (Personal Identification Number) 5. B - technological devices 6. A - taking patient files from a hospital 7. C - A book explaining how to falsify documents 8. A - Identity Theft and Assumption Deterrence Act 9. D - state jail felony 10. B - security alert 11. C - security freeze 12. D - police report 13. A - U.S. Postal Service 14. D - Equifax 15. A – FTC (Federal Trade Commission) 16. C - Consumer Sentinel 17. B - Department of Public Safety 18. A - proactive 19. D - destroy carbon copies of credit card receipts 20. C - notify their bank or financial institution

Identity Crimes – Page 17 of 17 – September 2003