Identity theft Happens Predominantly Offline

prostoalex writes "Worried about identity theft online? Relax, say the Feds. You're much more likely to have your identity stolen offline (72% of the cases). In half of all the cases, it's the friendly relatives, neighbors and friends who steal the identity of the victim. Moreover, those watching their financial accounts online lose approximately $551 per incident. The average rockets to $4543 for those relying on paper statements from their banks and credit card companies."

It amazes me how bad retailers are

[hsmith]

I worked in retail for awhile, I learned a trick for myself. I write "ASK FOR ID" on the back of all my credit/debit cards.

RARELY do i have someone ask to see my identification, no matter where I go. it amazes me how easily it is to get away with small things like this.

But I do urge everyone to do that with their credit cards, it may not always be checked, but it is better than a scribble on the back. But while in london, I almost had a pub owner take my CC because my name was't "ASK FORD ID", arg.

Re:It amazes me how bad retailers are

[hal2814]

I sign my name and then put ASK FOR ID next to it. Interestingly enough, I was in London on vacation back in 2000. I had one shop (or is it a "shoppe" over there?) request that I write out ASK FOR ID next to my signature so it matched what was on the card. Are the credit card companies just stricter over there or something?

Re:It amazes me how bad retailers are

[FuzzyBad-Mofo]

I believe that writing "please see id" on the back of a credit card is a perfectly valid signature, for the same reason initialing, checking a box online, or marking "x" on a contract is valid. A "signature" does not have to literally be your name, only your "mark." Or are you going to argue that electronic checkboxes do not represent a valid signature?

Re:It amazes me how bad retailers are

[LetterJ]

Then do you also sign the receipt with "please see id"? Because, given the ease with which many state ID cards are forged, checking the name on the card with the name on some sort of ID is less of an indication that the card is owned by the presenter than if the already signed card is signed in the same way as the presenter signs.

If I steal your wallet and the cards are signed "please see id", all I need to do is print out a quick fake ID with your name, but my signature of your name and my picture and unless someone's good at checking out of state ID's, no one will even notice. If your wallet is full of signed cards, I have to risk signing in front of the cashier and having it look nothing like the back.

with friends like those...

[ScentCone]

friendly relatives, neighbors and friends who steal the identity of the victim

I suppose that relatives that dumb aren't smart enough to sit down and use those browser-cached passwords to access your PayPal account while you're in the bathroom and send themselves some money anyway.

I'm actually surprised that co-workers aren't a bigger piece of the statistical pie on this one. They often have access to records, PCs, the all important "work number" and so on. I've run across those incidents, and am amazed they're not more common.

Irrelevant statistics.

[physicsphairy]

The types of scam and identity theft are different. The comparison means nothing. "Don't worry about leaving stacks of money on your lawn! 99.9% of thefts are of a different type! Leaving your retirement fund in $20 wads on your front porch is completely safe!"

Consider that an online banking site may *not actually* be an online banking site. A physical bank, on the otherhand, is without fail, a physical bank. However, I don't have to worry about someone rooting through my garbage to find bank statements if all my data is online.

So both systems have their inherent vulnerabilities. The fact is that you are really paranoid, you are ultimately safest doing everything in person and taking proper measures to destroy relevant documents.

All this study says is that there is a higher incidence of paper based identity theft. Which is to be expected: how many low-level criminals do you think know javascript, for example?

ID theft through the mail

[Jere+H]

My brother had an incident of identity theft which happened through the mail. A gang drove around and picked up envelopes containing payment for bills and had checks printed using the correct checking account information. They even printed drivers licenses with their own picture and changed the birthdate to about 10 years older than my brother's age.
He caught the unauthorized activity by chance when he deposited a check at the bank and they told him he had a negative balance. Around $480 of unauthorized activity had taken place. They froze the account at that moment, he went and filed a police report, and the bank canceled payment of all of the fraudulent items.
He received calls and letters for months saying he had written bad checks and that he would have a warrent put out for his arrest if he did not pay. He had to mail dozens of copies of the police report and a copy of the notarized statement he made saying he did not write the checks or authorize electronic payment of the items purchased on the internet. The postage totaled about $30. The money from his account was eventually all returned to him, but all of the time spent on the phone with companies trying to get the issue straightened out is a huge hassle, and the money for postage and telephone calls to various out-of-state companies comes out of your own pocket.

Are they really "friendly" relatives?

[hal2814]

I had a friend in college whose dad opened up a credit card account in my friend's name, charged it up, and let it default. My friend talked to legal services on campus (I'm not sure how good our campus legal services is but our law school is pretty good for a public school). They basically told him that he sould either pay it off or claim fraud and let the credit card company haul his dad off to jail. I can't imaging putting my child in that situation. He asked me what he should do but I didn't know what to tell him. That's a pretty sorry situation for a relative to put you in, especially your own father.

Experience with a Canadian government contractor

[westendgirl]

Following the dot-com bust, my husband and I both lost our jobs. We enrolled with an agency that has been hired by the Canadian government to help IT industry professionals find work. Three years later, we both received emails from that agency. Someone had broken into their office, stealing their computer, which had thousands of applications, resumes, social insurance numbers (social security), and other details. The agency claimed that the server was stolen for resale value only and not for the data on it. They said that there was no reason to change your SIN or do anything other than watch your bank and credit card statements. To top it off, the agency's emails to me and my husband said "Dear " -- and the names belonged to other people, so they had further compromised privacy. After talking to police and federal fraud investigators, I pushed the Canadian Privacy Commissioner and Human Resources Development Canada to force the agency to act responsibly. The agency had no right to tell people that their data was safe or that they only had to watch their bills. The police and fraud investigators recommended monitoring social insurance number data and credit reports and putting fraud alerts on our credit files. Of course, this was a real pain for us -- we were in the midst of buying our first home and all of our financial applications were delayed by the credit alert -- but better safe than sorry.

It irks me that the agency is still under contract to the government. The privacy policy they had us sign when we applied actually said that our data would be totally safe and secure. (Of course, that's an insane promise, but they shouldn't put it in writing!) And the agency completely bungled the way they told people about the data theft -- even counselling people to do nothing, which conflicted with the government/police recommendations. Thousands of people were affected, but I bet my husband and I were the only ones who knew to check with police, instead of doing nothing.

I agree...

[Anita+Coney]

In work in a Court and every ID theft case I've seen in the last five years were committed by co-workers.

True Story

[temojen]

A guy came up to the counter where I was working at (big chain convenience store) and asked for 6 cartons of cigarettes. Each of them a different brand, and all of them were brands the teenagers smoke. The total would be just over $300 CDN.

I began to get them together (under the counter -- we'd had people grab & dash cartons off the counter the week before). Then the guy handed me a visa card. I read the card, looked at him, and said:

"So Susan, have you got any ID?"

His response was something along the lines of "It's because I'm black, isn't it?". Ummm, no, it's because I just saw you talking to those kids outside, and these are the brands they smoke, and this is not your credit card. He insisted that it was his wife's card; I insisted his wife could pick it up from the RCMP then (an RCMP car pulled up coincidentally), and he ran off.

my ID theft merry-go-round

[peter303]

A "wife" I never met put her name on my checking account some years ago. I had to file a police report before the bank would cancel the bad checks. I lived in city #1, my bank was in city #2, and the band checks were passed in city #3. You wouldnt believe how hard it was to get oneof these three police stations to take a report. Forged checks are so commonplace that no one wants to bother.
I'd hate to multiple this by many accounts, if a larger identity was stolen.