Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Justice For Victims of Identity Theft

Posted by timothy on from the revenge-would-be-the-best-revenge dept.

chicksdaddy writes: The Christian Science Monitor's Passcode features a harrowing account of one individual's experience of identity theft. CSM reporter Sara Sorcher recounts the story of "Jonathan Franklin" (not his real name) a New Jersey business executive who woke up to find thieves had stolen his identity and racked up $30,000 in a shopping spree at luxury stores including Versace and the Apple Store. The thieves even went so far as to use personal info stolen from Franklin to have the phone company redirect calls to his home number, which meant that calls from the credit card company about the unusual spending went unanswered. Despite the heinousness of the crime and the financial cost, Sorcher notes that credit card companies and merchants both look on this kind of theft as a "victimless crime" and are more interested in getting reimbursed for their losses than trying to pursue the thieves. Police departments, also, are unable to investigate these crimes, lacking both the technical expertise and resources to do so. Franklin notes that he wasn't even required to file a police report to get reimbursed for the crime: "'As long as their loss is covered they move on to [handling] tomorrow's fraud,' Franklin observes. And that makes it harder for victims like Franklin to move on, 'In some way, I'm seeking some sense of justice,' Franklin said. 'But it's likely not going to happen.'"

35 of 190 comments (clear)

  1. Is it Suicide? by Anonymous Coward · · Score: 5, Funny

    I'd love to know if you could be charged with suicide if you kill somebody who has stolen your identity.

    Anybody know?

  2. I had this happen to me several years ago by JudgeFurious · · Score: 5, Interesting

    The amount only came to a few thousand dollars and it was done with a series of fake checks that the thieves printed up themselves and passed off at stores that were known at the time not to use any kind of check verification system but it still screwed my life up for months and even then nobody was really interested in catching the people who did it. The stores had pictures of them and everything but didn't pursue it (to my knowledge). My bank only wanted to get me to sign statements that I hadn't done it and they reimbursed my account all the money that had been taken.

    --
    Appended to the end of comments you post. 120 chars.
    1. Re: I had this happen to me several years ago by guruevi · · Score: 2

      What do you expect? The money has to be reimbursed regardless so the bank already incurred its loss at the expense of vendors and the tax payer. Pursuing these thieves costs thousands of dollars in personnel, court and lawyer costs only to find most of them cannot be traced, don't have the money to repay them or are outside of their legal jurisdiction. Unless you're talking millions, it's cheaper to take the loss and write it into their tax deduction.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  3. Same in the UK by Anonymous Coward · · Score: 3, Informative

    Somebody stole my credit card details, almost certainly when I was visiting Cyprus, and then made several eBay purchases for in total £1700. I eventually got my money back from the credit card company, but eBay were not interested at all. One person there that I spoke to on the phone accepted that these transactions were all fraudulent and that this was a well-known type of scam, but subsequent contacts there made it clear that they were not at all interested in pursuing the fraudster. I guess £1700 is small beer to them.

    I tried to report it to the ActionFraud system, run by the City of London Police Fraud Squad, but as soon as you admit that the bank refunded all your money they refuse even to issue a crime reference number. I was out of pocket over the number of phone calls I had to make, and letters to write to deny these purchases in writing, which I could not recover. The main loss, of course, was the time it took. But my case is almost certainly not reflected in any crime statistics.

  4. The real problem is... by Anonymous Coward · · Score: 5, Insightful

    That you have an identity to steal. Our society needs to be a "lender beware" society more than relying on individuals to protect that which isn't in their power (nor the government's power) to protect. An "identity" isn't non-abstract enough to have legal meaning. I owe you money? Prove it beyond a reasonable doubt. (something they don't have to do today) Force lenders and credit card companies to take ownership of the issue, not individuals.

    1. Re:The real problem is... by mcl630 · · Score: 2

      Excellent points AC. I'll add that we need to end using Social Security numbers as the primary identifier for all things banking, credit, and health care. SSN should only be used for dealing with the government (ie Social Security, tax filings, disability). Banking, credit, and credit reports need some other identifier that can be changed when identify theft occurs. The health care industry shouldn't be using SSN either. Using one (not easily changed) number for some many things just makes for more opportunities for it to be stolen, and once it's stolen more avenues for the criminals use that information for profit and makes it that much harder to clean it all up.

  5. Re:Get over it by YrWrstNtmr · · Score: 4, Insightful

    Until the next person who 'bought' that identity does the same thing.

    Having your space violated, either physical or online, is not always easy to get over. If your house is broken into and someone steals your TV, fine...you get a replacement TV. But you still feel 'violated'.

  6. That's partly how it should be by SecurityGuy · · Score: 5, Insightful

    The world at large should consider it mostly not your problem when someone opens a credit card account in your name. It should be as simple as saying "Nope, not me!", and it's actually the credit card company that has been defrauded, not you. That's why I really hate the term identity theft. I had that happen to me, and my identity wasn't stolen. I still had it. My credit card company was defrauded to the tune of a couple thousand dollars, but I was mildly annoyed and had to spend a few minutes confirming that a few purchases weren't made by me.

    I think it should still be considered a criminal act, and obviously things like changing your medical record or arrest record can have very serious consequences, but it's a positive that creditors understand that when this happens, THEY have a problem. I much prefer that to them coming after me and trying to stick me with the consequences of their lax security.

    1. Re:That's partly how it should be by sjames · · Score: 4, Insightful

      Exactly this.Further, the various lenders and credit reporting agencies shoul;d be forced to compensate you for the time you spend fixing their screw-up for them.

    2. Re:That's partly how it should be by swb · · Score: 4, Interesting

      There's all kinds of identity theft and only some of it is credit cards. With debit cards it really is a fraud against you because your personal bank account gets debited immediately. And there's other worse identity thefts against people -- I've read stories of people losing entire retirement accounts and home equity.

      I don't think that theft from people is generally taken seriously by the police, period, whether it's burglary, car theft, muggings/robbery or anything else. Pretty much all of those things don't rate with them at all and their policing policy is more like containment than actual interest in preventing it.

      The police waste a huge amount of manpower and resources on stupid shit like drugs and anti-terrorism and other bullshit. If those resources went into property crimes it would go a long way towards preventing them.

    3. Re:That's partly how it should be by fisted · · Score: 3, Insightful

      I had that happen to me, and my identity wasn't stolen. I still had it.

      Yeah, I couldn't agree more. It's not identity theft, it's identity copyright infringement

      --
      CLI paste? paste.pr0.tips!
    4. Re:That's partly how it should be by Solandri · · Score: 4, Insightful

      That's why I really hate the term identity theft. I had that happen to me, and my identity wasn't stolen. I still had it. My credit card company was defrauded to the tune of a couple thousand dollars, but I was mildly annoyed and had to spend a few minutes confirming that a few purchases weren't made by me.

      Actually it was the merchant which was defrauded. When you tell the credit card company that the purchase wasn't made by you, they turn around and tell the merchant to prove the purchase was made by you. If the merchant can't, the merchant eats the loss, not the credit card company. Those exorbitant interest rates credit card companies charge are to pay for deadbeats who don't pay back their credit card accounts, not fraud.

      That's the real problem. The parties in control of credit card security - the credit card companies - have shifted the negative consequences of fraud onto a third party - the merchants. The merchants have a huge incentive to minimize fraud, but have no control over it other than some rudimentary tools the credit card companies provide them (you know how gas station pumps require you to enter you home zip code? That's the credit card companies' idea of "security"). Since they don't directly suffer the consequences of fraud, they've been sitting on their asses for 40 years doing nothing about it. If they'd been forced to pay for fraud, we probably would've all gotten chip and PIN in the 1980s when two-key encryption was taking off.

      Anyhow, the personal cost of identity theft is clearing up your credit history afterward. You try to open up a new bank account, the bank sees all this activity and red flags on your credit report which you claim was due to identity theft, and just to be on the safe side the bank denies your new account. So in that respect it really is identity theft - someone has deprived you of the (presumably) clean credit linked to your identity and polluted it with their scummy one.

  7. Translation ... by gstoddart · · Score: 2

    credit card companies and merchants both look on this kind of theft as a "victimless crime"

    Which basically says "as long as we get our money back we don't give a fuck what happens to you".

    Which tells me they should be sharing some liability or they'll just keep being greedy bastards.

    --
    Lost at C:>. Found at C.
    1. Re:Translation ... by kingbilly · · Score: 5, Interesting

      As a merchant responsible quite a few online stores, I want to dispute the quoted claim and take it one step forward. We bear the losses when a chargeback occurs. That's the end of that.

      Now the part that REALLY upsets me is that it isn't even close to being feasible to report a known credit card thief!

      I have enough data (50+ stores into one shipping program) between orders and chargeback reports that I can tell you full residential street names of known credit card thief. Addresses that have 2-3 chargebacks and counting. You would think with this information I could easily report it to the authorities? Nope. No easy online forms exist. If you search for them you will find they are all setup for the victim to do the reporting. It's a damn shame because though I won't have to deal with the individual scam artist(s) anymore (by now I would have blocked them with heuristics), there was an opportunity to stop them from stealing more credit cards and causing more merchants headaches.

    2. Re:Translation ... by kingbilly · · Score: 3, Interesting

      Rarely comment on slashdot, forgot about proofreading.

      Wanted to add that I'm 99.99% certain of some known thief locations. When we go back to look at reports we will see sometimes 5+ chargebacks from one address. Different credit cards with different billing addresses, but same shipping address.

      Anyway I don't need the doubters to believe if I'm sure enough or not, the point I want to make is that it isn't easy for me to simply report it to a tip line. At least not as easy as I wish I could be. And definitely not easy(fast) enough that my boss would be okay with me "saving the world" on his dime.

    3. Re:Translation ... by kingbilly · · Score: 3, Interesting

      On last thing to add to that (damn I wish we could edit). When the BANKS initiate the chargeback process - none of them even care about the shipping address*. Do you realize what that means? They took enough information in the chargeback report to confirm the obvious - the place the card was used - but did not record who the merchandise was shipped to. Hint: It's the thief. The thief shipped it to themselves, and no one but me, the merchant you are criticizing, even cares.

      So don't loop us in with the banks. We bear the chargeback - now we are out the merchandise and the money (and occasionally with some processors - an additional chargeback fee. The bank does nothing. And without important data like a shipping address, how could they in the future if they decided to?




      *Sure, not every online transaction is for goods but you would think they would at least have a standardized way of collecting the information to eventually report it to authorities.

  8. What we need is,,, by gurps_npc · · Score: 2
    The right to get a "Victim Social Security # Change".

    Specifically, we need the right to - at our option, not the government - go into the social security office and say "my identity was stolen, take my picture, DNA and finger prints, give me a picture ID social security card".

    Once you have a VSS#, no one is allowed to open an account under that VSS# unless they do so in person, so the account opener can see the photo and/or finger prints match what the SSA have on file.

    Obviously, this must be at the citizen's option, not the governments.

    Such a system would put a hard wall up protecting victims of identity theft from further exploitation.

    --
    excitingthingstodo.blogspot.com
    1. Re:What we need is,,, by Lunix+Nutcase · · Score: 5, Informative

      No, what we need is for companies/schools/etc. to stop using a SSN as a secret identifier. Your social security card even explicitly says it is not meant to be used as such a thing.

    2. Re:What we need is,,, by Average · · Score: 2

      As said above, SSA doesn't have any sort of biometric verification of "who you are".

      And, as said above, your SSN shouldn't be used as an identifier. If we need a common citizen ID number, fine, but it shouldn't be anything but identifying (i.e., effectively public knowledge).

      It's the gorram 21st century. We've had public-key encryption figured out for over 30 blessed years now. Most people in the first world are carrying around several crypto smartcard devices already (EMV compatible credit cards and other smartcard tech).

      Much of the world now has ID cards with cryptographic chips in them. When you open a line of credit, you prove, through RSA/elliptic-curve signatures that you are YOU via your ID chip. If you lose your ID, it gets put on the centralized revoke list, the issuing agency goes through whatever in-person process to verify you are you, and gives you a new ID. This can extend to online purchasing, online voting, etc, etc.

      But, we're so freaked out about government black helicopters that we just accept the whole fraud thing as inevitable.

  9. Re:Get over it by slazzy · · Score: 3, Informative

    They tend to "lock down" credit once your identity has been stolen it is unlikely to happen again anytime soon. Totally agree with you on the space violated thing though.

    --
    Website Just Down For Me? Find out
  10. Police don't solve crime by jelwell · · Score: 2

    It should probably be pointed out that police aren't in the business of solving crime. Take a look at Clearance Rate.
    http://www.statista.com/statis...
    http://en.wikipedia.org/wiki/C...

    In particular a choice quote from an NPR story:
    ----
              "In the '60s and '70s, no one thought that the police should be held responsible for how much crime there was," Wellford says. Back then, he adds, police focused on calls for service and solving crimes.
              In more recent years, he says, police have been pushed to focus more on prevention, which has taken precedence over solving crimes — especially non-violent offenses.
              In short, the falling crime rate we've enjoyed may come at a cost: police indifference when you report your stereo was stolen.
    ----

    If it's not the police's job to solve crime, then whose job is it? Apparently it's the victim's job.
    Joseph Elwell.

  11. Don't fall for that one... by CODiNE · · Score: 3, Interesting

    Franklin notes that he wasn't even required to file a police report to get reimbursed for the crime: "'As long as their loss is covered they move on to [handling] tomorrow's fraud,' Franklin observes.

    Good luck to you when they go ahead and sell your debt to a collections agency even AFTER writing it off as a loss. They may waive the bill from your perspective but the debt doesn't go away. Once the collections agencies come after you they won't leave you alone until you show them that police report. Oh and guess what, a record was never made when they waived the debt for you so you're all on your own now.

    It may be different with a credit card company, but that's exactly what happened to me with T-Mobile AND Sprint. (Yeah, yeah... fool me twice...)

    --
    Cwm, fjord-bank glyphs vext quiz
  12. Re:Get over it by blue+trane · · Score: 2

    I'm sure Mastercard's insured. I bet no one loses money. The private sector creates money out of the hot air they use to make promises to themselves.

  13. Re:Boo Hoo by ShanghaiBill · · Score: 2

    The companies are hedged, I bet. Insured. I bet no one loses any money. The insurance companies reinsure and profit no matter what happens

    No. A bank is not going to be insured against these kind of small day-to-day losses. That would make no sense, since they would pay more for the insurance, than they would receive in reimbursements. As much as possible, the bank tries to push the losses onto the merchant, which is often legitimate since the merchant is responsible for checking that the CC actually belongs to the holder. If you have been shopping in the last few decades, you would know that that is rarely done, but for big purchases, like an iPhone, it is inexcusable for them to not check.

    We really need to move to chip-and-pin, which will go a long way to stopping CC fraud. Many countries have already done that.

  14. Victimless crime??? by tekrat · · Score: 2

    Why is Identity Theft a victimless crime, but not downloading a song or a movie? The RIAA makes a big stink every time someone listens to Brittany Spears illegally, but somehow getting free merchandise in someone else's name , that's "victimless"?

    Look at the rights an individual has versus a corporation. Apparently the FBI cares more about preserving the rights of a big company to make profits than it does about the average Joe.

    --
    If telephones are outlawed, then only outlaws will have telephones.
  15. Re:Get over it by smaddox · · Score: 4, Informative

    Every time you pay for dinner at a restaurant with your credit card, you're giving your waiter everything they need to steal your identity, especially if they ask to see your ID before serving you alcohol. Credit cards were designed in the pre-internet era. It blows my mind that we haven't moved on to something more secure.

  16. ID theft != victim-less crime, but profitable by Stolpskott · · Score: 2

    The merchant and the card provider have to pay somebody to do the admin work, insurance companies have actuaries and risk analysis people adjusting premium rates for it, and a lot of people are employed virtually full-time processing the results of ID theft - the last company I worked at (a bank) had a team of 20 people at head office, whose sole role within the organisation was to handle ID theft issues and make sure that the message got out to the right departments and counterparties. They had nothing to do with the cancelling and reissuing of cards and so on - there is a completely separate team for that.
    So ID theft is big business, not just for the thieves, but for the people cleaning up after the theft as well.
    So the victim gets a few days of inconvenience every time? Ah, big deal...
    However, it does depend on what is bought with the stolen CC details. Consider the scenario where that person's credit card details are used to purchase access to a kiddie porn site. Maybe nobody notices the details have been lost, until the police come busting down his door after raiding the ISP for the provider and finding his details. Before it is verified that the card details were stolen, he gets smeared across some tabloid rag as a child molester, and his personal and professional reputation is destroyed. Even once the "oh, oops, the CC details were stolen, looks like he might not be a kiddie rapist after all" message drops, not everyone will hear it, and his life becomes hell.
    Or the guy who finds that his CC details were used to buy a kilo of weed. He is not going to be too popular with his manager at work, although the guys in IT support will definitely want to be friends until they realize he didn't actually buy.

  17. Re:Boo Hoo by ShanghaiBill · · Score: 4, Insightful

    Banks are fully hedged. When Goldman Sachs stood to lose a few billions ...

    Just because they were bailed out on billions, it does not follow that they are going to get a bail out for a thousand dollar credit card fraud.

  18. Re:Get over it by dpidcoe · · Score: 2

    I've had my credit card information stolen maybe 5 times (probably from a hacked website as I never lost my card.)

    I almost guarantee it was stolen from physically using it rather than a hacked website. You know when you pay for a meal at a sit down restaurant and they take the card into the back? All they need to do is photograph both sides of the card and they have all the info they'll ever need to go on an amazon shopping spree. If they wanted to get slightly more risky, they could carry in a magstripe reader (the electronics are tiny now, it could fit in a pocket no problem) and use that to make perfect clones of the card.

    Hell, when I worked for a small photography company there was an order form that had people write their card info down as one of the payment options. We weren't trained to handle the forms with any particular security in mind. If I'd been inclined to steal card numbers, 60 seconds with my smartphone could have given me more than numbers than I'd know what to do with (plus emails, passwords, and PIN numbers during little league season since the form had the kids name and DOB on it and we all know how good people are at picking passwords).

    It could even be stolen via someone putting a skimmer over the magreader and keypad at a gas station. I've seen pictures of the things in action. Most were built such that unless you know what that gas stations keypad and card reader should look like, you'd really have no way of telling if there's a skimmer or not short of prying at both the reader and the keypad to see if they come off.

    This is why I always laugh when the less tech savvy individuals I know seem to think they're somehow being safer by never using their credit cards online. If the site is encrypted and properly secured (I'd assume the big ones like amazon, newegg, etc. are), and your computer isn't loaded with viruses, there's less danger using your card online just because the human element is out of the equation.

  19. Re:Get over it by gordo3000 · · Score: 2

    yep, I had a citibank issued card years ago. And a couple months after canceling it someone got hold of the info (didn't fish it out of the trash, I hold all old cards for quite a while before dumping them) and started charging it.

    Citi had a rule that even though it is a canceled card, if any charges come in during the next 3 months, they will automatically reactivate the card. well a few months later I got a letter saying I was months behind and when I called, they said this was standard policy. When I tried fighting them, they reported me as delinquent. Lucky I have money and don't need credit for any big purchases in the US, else I'd have been screwed. It took 3 years of fighting them to get it corrected and probably 60+ hours of my time. Because, even once they finally admit they f'ed up and clear the account, you are probably stuck with all the leg work of contacting each credit bureau to confirm they corrected the record (they didn't' at 2 of them and I had to do a bunch of back and forth getting letters that it was an error) and then contacting any credit issuer who may be giving you bad terms because of it (easy for me, less so if you have a large number of loans).

  20. Re:Get over it by Stan92057 · · Score: 2

    And how much do they pay for this kinda insurance? Nothing. YOU and everyone else are paying for it through vastly over priced products and services.Someone has to loose someone has given a product or service away for nothing. AND your time aggravation to get your credit fixed its more then just money that's lost. Theses scum criminals need to answer and pay for the crimes they commit.

    --
    Jack of all trades,master of none
  21. Re:Get over it by amxcoder · · Score: 3, Insightful

    Until you get mugged because you are carrying hundreds of dollars of cash around. No one will reimburse that either when it's cash. It's all your loss. Don't get me wrong, I'm not against cash in the least, but there is no fool proof method. Before debit and ATM cards were all the rage, more people got mugged for the cash they carried on them. Now that cards are more prevalent, less people have cash on them to drive the "muggings" market, but CC and bank card fraud is through the roof.

  22. Compare to other crimes... by jopsen · · Score: 2

    Compared to other crimes... this isn't such a bad one. Note that:
    A) The loss is your time,
    B) Your bank/credit company absorbs and amortizes the money stolen (only perusing it further if it makes sense financially),
    C) Apart from your time (A) no property was destroyed or lost.

    Compare this to a burglar who turns your home upside down, makes it impossible to assess what was lost, and then think that this burglar sells your MacBook for 10% of the asking price... Lost of property destroyed and lots of value is lost in such a crime. Not to mention psychological stress of someone invading your private home.
    Or compare to a spammer, just think how many man-hours (distributed over many people) a typical spammer destroys, spamming is an extremely destructive crime (And lots of "legit" companies still send spam in one form or another).


    I'm not saying identity theft is a nice crime, there are certainly bad examples of people building up a lot of debt and rather than just using a few fake checks and credit card purchases.
    IMO, large part of the problem here is also companies willingness to let you take up debt without proper proof of identity. And companies fighting back aggressive and sending you to collection when you refuse to talked to them because you declare it fraud.

    Note, I'm not saying fraud shouldn't be investigated, and that there aren't extreme cases that warrant a lot of investigative resources. But in many cases, such as simple credit card fraud, this is one of the least destructive crimes.

  23. Re:Get over it by pnutjam · · Score: 2

    Just imagine them as high frequency traders, skimming the float. Feel better now.

    It's not much different

    --
    Cheap storage VM.
  24. Deadbeats are not who you think they are by dfsmith · · Score: 2

    Those exorbitant interest rates credit card companies charge are to pay for deadbeats who don't pay back their credit card accounts, not fraud. (Empasis added.)

    FYI: In credit card parlance, a deadbeat is someone who pays off their card every month. The people who don't pay it back are customers [citation needed!].