Transcript No Slide Title

IDENTITY THEFT
Marcia L. DePaula, Esquire
1
2
IDENTITY THEFT
A fraud committed
or attempted using
the identifying
information of
another person
without authority.
16 C.F.R. § 603.2
3
Scope of the Problem
 Victims
27.3 million (2000-2005)
9.3 million (estimated 2005)
 Under-reported (2005)
246,570 (filed with FTC)
7,600 (PA)
4
Scope of the Problem
 Total
fraud amount
$53.2 billion (2003)
$54.4 billion (2005)
 Discovery
of theft:
52% by monitoring of accounts
26% alerted by credit card company/bank
8% alerted when turned down for credit
5
Demographics

Average age of victim – 42 years old

Top locations: CA, NY, TX, FL

No relationship with suspect – 88%

Discovery of ID Theft – 15 months
6
TYPES OF FRAUD
Credit Card Use
 Phone or Utility Service
 Bank Accounts
 Employment Related
 Government Documents/ Benefits/
Loans


Other
7
How Information is Obtained, Part 1

•
•
•
•
•
•
68.2% of stolen information was
obtained off-line
Stolen mail or wallets
Diverted/Forged change of address forms
Credit reports
Employment records
From consumers by thieves posing
as legitimate businesses
Purchases from questionable sources
8
Pretexting
9
How Information is Obtained, Part 2

11.6% of personal information was
obtained “online”
Spyware
Online Transaction
Virus/hacker
Phishing
5.2%
2.5%
2.2%
1.7%
10
Phishing
A fraudulent reproduction
of an official e-mail or website
designed to fool recipients into
divulging personal financial data such
as bank account numbers.
Pending H.B. 2292 of 2005 – Criminal offense for a person or entity to misrepresent itself as
a legitimate business in e-mail or on the Internet in an attempt to solicit private financial or
personal information from consumers. 6/28/06
11
12
13
Skimming
Theft of credit or
debit card numbers
or access numbers
through use of a
data storage device.
14
Breaches

2/15/2005
ChoicePoint (Alpharetta, GA)
Bogus accounts established by ID thieves

2/25/2005
Bank of America (Charlotte, NC)
Lost backup tape

3/10/2005
LexisNexis, (Dayton, OH)
Passwords compromised

6/6/2005
Hacking

145,000
1,200,000
32,000
CardSystems
40,000,000
5/2006
Dept. of Veterans Affairs
Data stolen from employee’s home
15
26,500,000
How Information is Used:
 Open
new credit card account
 Establish
 Open
phone or utility service
bank account
 Loans
16
How Victims Learn of Identity Theft:
 Denial
of credit
 Contact by credit provider
 Contact by collection agency
 Contact by police
 Arrest by police
17
Legal Authority
Possesses or uses identifying
information of another person
without the consent of that other
person to further any unlawful
purpose.

Identity Theft & Assumption Deterrence
Act of 1998, 18 U.S.C.A. §1028

Pennsylvania Identity Theft
18 Pa. C.S.A. §4120 (criminal)
42 Pa. C.S.A. §8315 (civil)
18
CRIMINAL- 18 Pa. C.S.A. §4120
Possesses or uses, through any means,
identifying information of another person
without the consent of that other person
to further any unlawful purpose.

Separate Offenses – each time person possesses
or uses identifying information, but can aggregate
to determine the grade of the offense.

Use of police report as prima facie evidence that
ID information was used without person’s consent.
19
Criminal
Grading
 First Offense
Misdemeanor 1st degree if less than $2,000.00
Felony Third Degree, if more than $2,000.00

Third or Subsequent Offense
Felony of 2nd degree, regardless of value

Part of a Criminal Conspiracy
Regardless of amount—F2

Enhancement for victim over 60 years or care-dependent
20
CIVIL- 42 Pa. C.S.A. §8315

Based on “ID Theft” as defined
in criminal statute

Actual damages or $500, whichever is
greater
• Reasonable attorneys fees
• Loss of money, reputation or property
• Any additional relief the court deems necessary
21
Breach of Personal Identification Notification Act
73 P.S. §2301 et seq.
Any entity that maintains, stores or manages
computerized data that included personal
information shall provide notice of the breach of
security to residents of the Commonwealth.
Effective June 20, 2006

Covers “unencrypted and unredacted personal information”

Notice “without unreasonable delay” to consumers

Enforcement by the Office of the Attorney General under the
Unfair Trade Practices and Consumer Protection Law
22
Notice to Consumers
1.
2.
3.
4.
Written notice
Telephonic notice
Email
Substitute notice:



If cost of notice would exceed $100,000;
or
Affected class is over 175,000; or
Entity does not have sufficient contact info
23
SOCIAL SECURITY NUMBERS
Senate Bill 601 (Adopted 6/29/2006 ; Effective 180 days)
No person, entity, state agency or political subdivision will do any of the
following:

Publicly post or display any person’s social security number

Print an individual’s social security number on any card required for the person
to access products or services provided by the entity

Require an individual to transmit his social security number via the internet
unless encrypted or the connection is secure

Require an individual to use his social security number to access an internet
website unless a password or other authentication device is also required

Print an individual’s social security number on any materials mailed to the
individual, unless required by State or Federal law
24
Fair and Accurate
Credit Transactions
Act (FACTA)
15 U.S.C.A. §1681
25

Requires merchants to truncate credit and debit card
numbers on receipts for purchases.

Requires industry standards governing the “accuracy
and integrity” of information furnished to credit
reporting agencies.

Allows consumers to place fraud alerts on their credit
files and block information caused by identity theft or
fraud.

Entitles consumers to one free credit report annually.
Begins September, 2005 for PA residents
Website: www.annualcreditreport.com
26
BUSINESSES – 15 U.S.C. §1681g(e)(6)

Provide transaction information to victim

Within 30 days of written request

No charge to consumers

Confirm requester is a victim


Proof of identity
Police report & completed affidavit
27
Business may decline to provide information
where:

No “Good Faith Belief” of Identity

Based upon a misrepresentation of fact

Internet navigational data or similar info
about a person’s visit to a website

Prohibited by law
28
DEBT COLLECTORS & CREDITORS –
15 U.S.C. §1681t(b)(5)(F)
 Prohibited
from selling or
transferring “ID Theft debt”
 Notify
creditor and victim of a
fraudulent debt or debt incurred
as a result of ID Theft
29
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
Any person who maintains or
otherwise possesses consumer
information for a business purpose
must properly dispose of such
information by taking reasonable
measures to protect against
unauthorized access to or use of the
information in connection with its
disposal.
Effective date – June 1, 2005
30
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
“Person”
Any person over which the FTC has
jurisdiction, that for a business
purpose, maintains or possesses
consumer information
Lenders, consumer reporting agencies, record
management, landlords, utility companies
31
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
“Consumer Information”
Any record about an individual,
whether in paper, electronic, or other
form, that is a consumer report or
derived from a consumer report or a
compilation of such records
Social Security Number, Driver’s License,
Telephone Number
32
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
“Disposal”

Discarding or abandonment of
consumer information

Sale, donation, or transfer of any
medium including computer
equipment, upon which consumer
information is stored
33
FACTA DISPOSAL RULE -16 C.F.R. §682.1 ET SEQ.
“Reasonable Measures”
Information cannot be read or
reconstructed after disposal

Shredding, burning, and pulverizing of documents

Destruction or erasure of electronic media
34
TIPS FOR ORGANIZING YOUR CASE






Follow up in writing with all
contacts you made.
Keep copies of all
correspondence/forms.
Write down the name, date and
substance of any conversations.
Keep originals of supporting
documentation.
Set up a filing system.
Keep old files, even if you believe
your case is resolved.
35
Resolving Credit Card Disputes

Provide documentation to creditor
(police report + ID Theft affidavit)

Insist on a letter from the creditor
(closing the disputed account + discharging
fraudulent debts)

Dispute in writing unauthorized
charges on credit card
within 60 days
36
Remedial Actions by Victims
1. File Police Report
2. Contact fraud departments of credit bureaus



EQUIFAX – 1-800-525-6285
EXPERIAN – 1-888-397-3742
TRANS UNION – 1-800-680-7289
3. Close accounts
4. Call the FTC’s ID Theft Clearinghouse
1.877.438.4338
www.ftc.gov/opa/2002/02/idtheft.htm
37
Protecting yourself

Never provide personal or financial
information to those you don’t know,
especially unsolicited telephone or Internet
requests.

Check your monthly bills and statements for
questionable charges.

Don’t have your bank pin number written
down on something you carry in your wallet,
purse or briefcase.

1-888-5-OPT-OUT
(1-888-567-8688) To opt-out of preapproved credit offers
38
Key Contacts




Bureau of Consumer Protection:
1-800-441-2555
Social Security Administration:
1-800-269-0271
Federal Trade Commission:
1-877-ID THEFT
www.consumer.gov/idtheft/pdf/affidavit
39