Heith Copes & Lynne Vieraitis. 21st Century Criminology: A Reference Handbook. Editor: J Mitchell Miller. Sage Publication. 2009.
In 1998, the U.S. Congress passed the Identity Theft Assumption and Deterrence Act (ITADA), which criminalized the act of identity theft and directed the Federal Trade Commission (FTC) to collect complaints from consumers. In the decade following passage of ITADA, reports of identity theft victimizations to the FTC surged. In 2001, consumers filed 86,212 complaints. Three years later, the number reported increased nearly 250% to 214,905 complaints (FTC, 2004). Data from other government agencies and private organizations also support the claim that identity theft has risen exponentially since 1998. The Social Security Administration’s (SSA) Fraud Hotline received approximately 65,000 reports of social security number misuse in 2001, more than a fivefold increase from about 11,000 in 1998 (U.S. General Accounting Office [GAO], 2002). The Privacy and American Business (P&AB) survey reports that the incidence of identity theft almost doubled from 2001 to 2002 (P&AB, 2003). Although recent FTC data suggest that reports of identity theft were relatively stable from 2003 to 2006, it is still the most prevalent form of fraud committed in the United States (36% of the 674,354 complaints filed with the FTC in 2006). In fact, identity theft has headed the FTC’s list of top consumer complaints for the past 7 years (FTC, 2007).
In response to federal identity theft legislation and rising concern by the public, state lawmakers have increasingly turned their attention to the issue by enacting bills criminalizing the act and expanding the rights of consumers victimized by this crime. In 1998, at the time the ITADA was passed, only a few states had specific laws criminalizing identity theft (GAO, 2002). Although all 50 states and the District of Columbia currently have identity theft laws, there is significant variation in what behaviors are classified as identity theft, penalties for offenders, and assistance to victims of identity theft (Perl, 2003). Lawmakers have continued to draft identity theft legislation. At the end of 2007, more than 200 bills focusing on the issue were pending at the state level.
Identity theft has also garnered the attention of the media, whose coverage of cases has risen dramatically over the past 10 years. The media regularly report on the latest scams used by identity thieves to steal personal information, the dangers of conducting routine transactions involving personal data, and the newest products and services designed to protect consumers from becoming victims of identity theft. Although much of this attention is directed toward educating consumers and marketing products, the media regularly present identity theft as an ever-increasing, ever-threatening problem. As Morris and Longmire (2008) note, the media typically present identity theft cases alongside several overlapping themes including “scorn, shock, marvel from the use of technology, and identity theft as an unstoppable problem” (p. 2). Indeed, many have referred to identity theft as the “fastest growing crime in America” (Cole & Pontell, 2006).
This chapter provides an overview of what is known about identity theft. The chapter begins with a discussion of the ambiguity and difficulties scholars have in defining the crime. This is followed by a description of the patterns and incidences of identity theft, which includes a review of the primary sources of data on the extent and costs of this crime. The next two sections discuss what is known about those victimized by the crime and those who choose to engage in it. This is followed by a description of the most common techniques identity thieves rely on to steal sensitive information and then convert it into cash or goods. The final section elaborates on legislation directed toward identity theft prevention.
Defining Identity Theft
According to ITADA, it is unlawful if a person
knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.
Although the federal statute, passed in 1998, supplied the first legal definition of identity theft, “There is no one universally accepted definition of identity theft as the term describes a variety of illegal acts involving theft or misuse of personal information” (Bureau of Justice Statistics [BJS], 2006).
Although the term identity theft is often applied to a wide range of crimes, including checking account fraud, counterfeiting, forgery, auto theft using false documentation, trafficking in human beings, and terrorism, most policymakers and researchers agree that identity theft includes the misuse of another individual’s personal information to commit fraud. The issue that has impeded development of a universally accepted definition centers on the concept of “personal information.” For example, if an offender steals a credit card, makes a purchase, and then discards the card, has the victim’s identity been stolen? Does the use of a financial account identifier or personally identifying data constitute identity theft? An offender can use a credit card number (financial account identifier) to make unauthorized purchases or use a social security number (personally identifying data) to open a new credit card account and make purchases.
The government’s first attempt to systematically collect a large, nationally representative sample of data on identity theft, the National Crime Victimization Survey (NCVS), includes three behaviors in its definition of identity theft: (1) unauthorized use or attempted use of existing credit cards, (2) unauthorized use or attempted use of other existing accounts such as checking accounts, and (3) misuse of personal information to obtain new accounts or loans or to commit other crimes (BJS, 2006). By including the unauthorized use or attempted use of existing credit cards, the NCVS considers financial account identifiers as personal identification. Other researchers, however, have employed the definition of identity theft specified by the federal statute but only include offenders who had used personally identifying data to commit their crimes. Offenses where financial account identifiers were used (e.g., credit card fraud and check fraud) were treated separately. In sum, there is no consistent definition or use of the term identity theft across agencies or organizations that collect data, which makes gauging the extent and patterning of identity theft difficult.
Patterns of Identity Theft
Numerous agencies and organizations collect data on identity theft, including government agencies, nonprofit organizations/advocacy groups, popular trade and media sources, and credit reporting agencies. However, the use of varying definitions of identity theft and methodologies used by these data collectors produce varying estimates of the extent of identity theft and its costs to businesses and citizens.
Pursuant to the ITADA, the FTC began compiling consumer complaints related to identity theft in 1999. The data are collected from victims who report their victimization via phone or the FTC Web site. Included in the database is information about the victim, contact information for the local police department that took the victim’s report, type of offense, and the companies involved. The database is made available to all law enforcement agencies in an effort to assist in their investigations of identity theft cases. Officers have access to information about identity theft offenders and victims, including details of their experiences.
A second source of data on identity theft is the Internet Crime Complaint Center (IC3), an alliance between the National White Collar Crime Center (NW3) and the Federal Bureau of Investigation (FBI). The IC3 receives complaints related to all Internet crime, including identity theft. Data are collected online and include information on the victim and offender by state, demographic characteristics, monetary losses, and law enforcement contact. Complaints are submitted from either the person who believes he or she was defrauded or from a third party to the complainant.
Several nonprofit and for-profit research groups such as the California Public Interest Research Group (CALPIRG), Javelin Strategy & Research, Gartner Inc., Harris Interactive, and the Identity Theft Resource Center (ITRC) have also collected data on identity theft through Internet, mail, and telephone surveys and face-to-face interviews. The data collected by these groups are based on information from victims of identity theft. Although not as long running and extensive as the FTC’s data collection program, the ITRC has conducted annual victimization surveys since 2003, but these surveys are limited to “confirmed” victims of identity theft who have worked with the ITRC. In addition, CALPIRG has conducted a study of police officers and their experiences with identity theft cases.
Extent of Identity Theft
In 2007, the FTC released a report on estimates of the incidence and costs of identity theft. According to the report, approximately 8 million people experienced identity theft in 2005 and total losses were nearly $16 billion (Synovate, 2007). Estimates from the NCVS vary from the FTC report. According to the NCVS, in 2005, an estimated 6.4 million households, representing 5.5% of the households in the United States, discovered that at least one member of the household had been the victim of identity theft during the previous 6 months. The estimated financial loss reported by victimized households was about $3.2 billion (BJS, 2006).
It is difficult to ascertain the financial costs of identity theft since estimates vary across the available data. However, all indicate that this is an extremely costly crime. According to estimates from the FTC’s Identity Theft Clearinghouse, the total financial cost of identity theft is over $50 billion a year, with the average loss to businesses being $4,800 per incident and an average of $500 of outof-pocket expenses to the victim whose identity was misused (Synovate, 2003). In the 2006 survey, estimates were considerably lower with the average amount obtained by the offender equal to $1,882 and the average victim loss totaling $371 (Synovate, 2007). The FTC cautions, however, that these changes may be attributed to differences in methodology between the 2003 and 2006 surveys. According to the most recent data from the NCVS (BJS, 2007), the estimated loss for all types of identity theft reported by victimized households averaged $1,620 per household. Households that experienced misuse of personal information reported an average loss of $4,850, while theft of existing credit card accounts resulted in the lowest average losses ($980). These figures represent losses that may or may not have been covered by a financial institution, such as a credit card company.
It is also difficult to get a clear assessment of the actual costs incurred by victims of identity theft. In most cases, the victim whose information was misused is not legally responsible for the costs of the fraudulent transaction by identity thieves; rather, it is typically the credit card company or merchants who lose money. Victims may incur expenses from time spent resolving problems created by the theft. These problems may include the need to close existing accounts and open new ones, disputing charges with merchants, and monitoring their credit reports. A survey with CALPIRG found that the average amount of time spent by victims to regain financial health was 175 hours, which takes an average of 2 years to complete. According to the Identity Theft Resource Center’s 2003 survey, the average time spent by victims clearing their financial records is close to 600 hours. In addition to time spent resolving problems created by the identity theft, victims may experience a great deal of emotional distress, including feelings of anger, helplessness and mistrust, disturbed sleep patterns, and a feeling of lack of security (Davis & Stevenson, 2004).
It appears that residents in certain regions of the United States are at a heightened risk of being victimized. According to the FTC (2007) data, Arizona (147.8), District of Columbia (131.5), Nevada (120.0), California (113.5), and Texas (110.6) had the highest identity theft victimization rates per 100,000 residents, while the lowest victimization rates were reported in West Virginia (39.3), Iowa (34.9), South Dakota (30.2), North Dakota (29.7), and Vermont (28.5). The NCVS data demonstrated that households in the West were approximately 1.5 times more likely than those in the Northeast, Midwest, or South to experience identity theft, and urban (6%) and suburban (6%) households were more likely to have a member experience identity theft than rural households (4%) (BJS, 2007). Many have blamed the methamphetamine epidemic in the Western United States for this finding. However, this link has not been substantiated with sound research and data.
Clearance rates (percentage of crimes for which an arrest is made) for identity theft are low. Available evidence suggests that offenders are seldom detected and rarely apprehended. Allison, Schuck, and Lersch (2005) reported an average clearance rate of 11% over a 3-year period. Similarly, law enforcement officials interviewed by Owens (2004) and Gayer (2003) estimated that only 10 and 11%, respectively, of identity theft cases received by their departments were solved. There are several obstacles that make the investigation of identity theft cases and the likelihood of arrests difficult (U.S. GAO, 2002). For example, identity theft cases can be highly complex, or the offender may have committed the theft in a different jurisdiction from where the victim resides, making it difficult to secure an arrest warrant. In addition, departmental resources may be directed toward the investigation of violent and drugrelated offenses rather than identity thefts.
According to Anderson’s (2006) analysis of the FTC’s 2003 data, consumers ages 25-54, those with higher levels of income (particularly those with incomes greater than $75,000), households headed by women with three or more children, and consumers residing in the Pacific states are at the greatest risk for identity theft. Older persons, particularly those aged 75 and older, and persons in the Mountain states are at the least risk for victimization. Educational attainment and marital status had no effect on risk of victimization (Anderson, 2006). Similarly, Kresse, Watland, and Lucki’s (2007) study of identity thefts reported to the Chicago Police Department from 2000-2006 found that over 65% of victims were between the ages of 20 and 44 and that young people (under age 20) and older persons (over 65) were underrepresented among identity theft victims. The NCVS reported that households headed by persons ages 18-24 were most likely to experience identity theft, while households headed by persons ages 65 and older were least likely to experience it. Households in the highest income bracket, those earning $75,000 or more, were also most likely to be victimized (BJS, 2007).
Anyone can become a victim of identity theft, including newborns and the deceased. These groups are unique in that the people whose information is used illegally are not likely to incur any out-of-pocket expenses. Instead, their information is used by thieves to defraud others, usually businesses, or to hide from law enforcement. Historically, deceased victims have been thought to be the targets of choice for identity thieves, who obtain information about deceased individuals in various ways, including watching obituaries, stealing death certificates, and even getting information from Web sites that offer Social Security Death Index files, though this practice has decreased substantially in the past several years. In addition, some thieves may take advantage of family members. Often the family is unaware of the victimization, and if they do know about it, it may have little effect on their lives.
Child identity theft occurs when an offender uses a child’s identifying information for personal gain. Using data from the Consumer Sentinel Network, Newman and McNally (2005) report that in 2004, there were 9,370 identity theft victims who were under the age of 18 (4% of all cases reported). The Identity Theft Resource Center estimates that they receive reports on 104-156 child victims a year. Similarly, Kresse et al. (2007) report that only 3.5% of victims were under the age of 20.
The perpetrator of child identity theft is typically a family member who has easy access to personal information. According to Pontell, Brown, and Tosouni (2008), over three quarters of those who stole the identities of victims under the age of 18 were the parents. Similarly, the ITRC 2006 survey data indicated that in child identity theft cases, 69% of the offenders were one or both parents or a stepparent. In 54% of these cases, the crime began when the victim was under 5 years of age (ITRC, 2007). However, strangers also target children because of the usually lengthy amount of time between the theft of the information and the discovery of the offense. Evidence suggests that child identity theft is relatively rare, but when it does occur, it takes a considerable amount of time to discover. Typically, the cost to the child whose identity was obtained illegally does not take place until the child applies for a driver’s license, enrolls in college, or applies for a loan or credit.
The paucity of research on identity theft coupled with the low clearance rate makes it difficult to have a clear idea of what those who engage in this offense are like. From what is known about offenders, there is considerable diversity in regards to the race, age, gender, and criminal background of identity thieves. To gain an understanding of the type of individual who commits identity theft, Gordon, Rebovich, Choo, and Gordon (2007) examined U.S. Secret Service closed cases with an identity theft component from 2000-2006. They found that most offenders (42.5%) were between the ages of 25 and 34 when the case was opened. Another one-third fell within the 35-49 age group. Using data from a large metropolitan police department in Florida, Allison et al. (2005) found that offenders ranged in age from 28 to 49 with a mean age of 32.
Both studies found similar patterns regarding race. Gordon et al. (2007) found that the majority of the offenders were black (54%), with white offenders accounting for 38% of offenders and fewer than 5% of offenders being Hispanic. Allison et al. (2005) found that the distribution of offenders was 69% black, 27% white, and less than 1% Hispanic or Asian. The two studies differed in terms of the gender of offenders. Gordon et al. found that nearly two thirds of the offenders were male. Whereas, Allison et al. found that 63% of offenders were female. Gordon et al. also examined the place of birth of the offenders. They found that nearly a quarter of offenders were foreign born. The countries most represented by foreign-born offenders, in rank order, were Mexico, Nigeria, the United Kingdom, Cuba, and Israel.
In their qualitative study of identity thieves, Copes and Vieraitis (2007, 2008) sought to gain an understanding of federally convicted identity thieves’ experiences by asking offenders to describe their past and current family situations. They found that most offenders were currently married or had been married in their lifetimes: 25% of the offenders were married, 31% were separated/divorced, 32% had never been married, and 5% were widowed. Approximately 75% of the offenders had children. With respect to educational achievement, the majority of offenders had at least some college education.
Prior arrest patterns indicated that a large portion of the offenders had engaged in various types of offenses, including drug, property, and violent crimes. Yet the majority of them claimed that they only committed identity thefts or comparable frauds (e.g., check fraud). In total, 63% of the offenders reported prior arrests and most were arrested for financial fraud or identity theft (44%), but drug use/sales (19%) and property crimes (22%) were also relatively common (Copes & Vieraitis, 2008). This finding is consistent with that of Gordon et al. (2007), who found that while the majority of defendants had no prior arrests, those who did have criminal histories tended to commit fraud and theft-related offenses.
Copes and Vieraitis (2007) also questioned identity thieves about their prior drug use. Approximately 58% had tried drugs in their lifetime—mostly marijuana, cocaine in various forms, and methamphetamine. Only 37% reported having been addicted to their drug of choice. Of those offenders who said that they were using drugs while committing identity theft, 24% reported that the drug use contributed to their offense. Gordon et al. (2007) did not ask specifically about drug use, but they did discover that nearly 10% of the defendants they studied had previous arrests for drug-related offenses.
To be successful at identity theft requires that the would-be offenders not only secure identifying information but also convert it into goods or cash. Identity thieves have developed a number of techniques and strategies to do just this. Researchers and law enforcement agencies have collected information, primarily from victimization surveys and interviews with offenders, on the techniques identity thieves commonly employ.
Acquiring Identifying Information
The first step in the successful commission of identity theft is to obtain personal information on the victim. This task is relatively easy for offenders to do. Offenders obtain this information from wallets, purses, homes, cars, offices, and businesses or institutions that maintain customer, employee, patient, or student records. Social security numbers, which provide instant access to a person’s personal information, are widely used for identification and account numbers by insurance companies, universities, cable television companies, the military, and banks. The thief might steal a wallet or purse; or work at a job that affords him or her access to credit records; or purchase the information from someone who does (e.g., employees who have access to credit reporting databases commonly available in auto dealerships, realtors’ offices, banks, and other businesses that approve loans); or may find victims by stealing mail, sorting through the trash, or searching the Internet.
The most common way that offenders commit identity theft is by obtaining a person’s credit card information. They then use this information to forge credit cards in the victims’ names and use them to make purchases. According to the Privacy & American Business (2003) survey of victims, 34% of victims reported that their information was obtained this way. In addition, 12% reported that someone stole or obtained a paper or computer record with their personal information on it, 11% said someone stole their wallet or purse, 10% said someone opened charge accounts in stores in their name, 7% said someone opened a bank account in their name or forged checks, 7% said someone got to their mail or mailbox, 5% said they lost their wallet or purse, 4% said someone went to a public record, and 3% said someone created false identification to get government benefits or payments.
The FTC data has also shed light on strategies of offending from the victim perspective. This data show that of those who knew how their information was obtained (43%), 16% said their information was stolen by someone they personally knew, 7% during a purchase or financial transaction, 5% reported their information was obtained from a stolen wallet or purse, 5% cited theft from a company that maintained their information, and 2% said the information was obtained from the mail (Synovate, 2007). Other techniques have been identified, such as organized rings in which a person is planted as an employee in a mortgage lender’s office, doctor’s office, or human resources department to more easily access information. Similarly, these groups will simply bribe insiders such as employees of banks, car dealerships, government, and hospitals to get the identifying information. Others have obtained credit card numbers by soliciting information using bogus emails or simply by shoulder-surfing, which involves peering over someone’s shoulder while the person types in a credit card number.
Researchers have also sought the offenders’ perspective in determining how they obtain information (Copes & Vieraitis, 2007, 2008). These interviews indicate that offenders use a variety of methods to procure information and then convert it into cash or goods. According to Copes and Vieraitis (2007), most identity thieves used a variety of strategies and seldom specialized in one method. The most common method used to obtain victims’ information was to buy it, although some offenders acquired identities from their place of employment. It was common for offenders to buy identities from employees of various businesses and state agencies that had access to personal information such as name, address, date of birth, and social security number. Offenders also purchased information from persons they knew socially or with whom they were acquainted “on the streets.” In some cases, the identity thieves bought information from other offenders who had obtained it from burglaries, thefts from motor vehicles, prostitution, or pickpocketing.
After obtaining a victim’s information, offenders often use it to acquire or produce additional identity-related documents, such as driver’s licenses or state identification cards, in an attempt to gain cash or other goods. Often offenders apply for credit cards in the victims’ names (including major credit cards and department store credit cards), open new bank accounts and deposit counterfeit checks, withdraw money from existing bank accounts, apply for loans, open utility or phone accounts, or apply for public assistance programs.
In 2006, the most common type of identity theft was credit card fraud (25%) followed by “other” identity theft (24%), phone or utilities fraud (16%), bank fraud (16%), employment-related fraud (14%), government documents or benefits fraud (10%), and loan fraud (5%). Although not directly comparable due to differences in methodology, units of analysis, and definition of identity theft, data from the NCVS indicate that of the 6.4 million households reporting that at least one member of the household had been the victim of identity theft, the most common type was unauthorized use of existing credit cards (BJS, 2007).
The most common strategy for converting stolen identities into cash is to apply for credit cards. Most offenders use the information to order new credit cards, but they also use the information to get the credit card agency to issue a duplicate card on an existing account. They use credit cards to buy merchandise for their own personal use, to resell the merchandise to friends or acquaintances, or to return the merchandise for cash. Offenders also use the checks that are routinely sent to credit card holders to deposit in the victim’s account and then withdraw cash or to open new accounts. Offenders have been known to apply for store credit cards such as those of department stores and home improvement stores. Other common strategies for converting information into cash or goods include producing counterfeit checks, which offenders cash at grocery stores, use to purchase merchandise and pay bills, open new bank accounts to deposit checks or to withdraw money from an existing account, and apply for and receive loans.
The limitations of currently available data make the relationship between the victim and offender difficult to assess. Research on the topic has produced mixed results regarding whether the offenders knew victims before stealing their information. To date, the available data suggest that the majority of victims do not know their offenders. The FTC reported that 84% of victims were either unaware of the identity of the thief or did not personally know the thief; 6% of victims said a family member or relative was the person responsible for misusing their personal information; 8% reported the thief was a friend, neighbor, or inhome employee; and 2% reported the thief was a coworker (Synovate, 2007). Although the figures are lower than those reported by the FTC study, two additional studies also reported that the majority of victim-offender relationships involved individuals who did not know each other. Both Allison et al. (2005) and Gordon et al. (2007) reported that the majority (59%) of victims did not know the offender. The most recent data from the ITRC (2007) also indicate that 60% of victims did not know the offender. In contrast, in Kresse et al.’s (2007) study of identity thefts reported to the Chicago police department, in over 60% of the cases where the means or method of theft was known (282 of 1,322), the victim’s identity was stolen by a friend, relative, or person otherwise known to the victim. According to a victim survey administered by Javelin Strategy and Research (2005), for those cases where the perpetrator was known, 32% were committed by a family member or relative; 18% were committed by a friend, neighbor, or in-home employee; and 24% were committed by strangers outside of the workplace.
Identity Theft Legislation
A wide range of federal laws relate to identity theft, including those pertaining to social security fraud, welfare fraud, computer fraud, wire fraud, and financial institution fraud. This review focuses on specific laws designed and enacted to criminalize the act of identity theft. The first federal law to combat identity theft occurred in 1998 with the passage of the Identity Theft Assumption and Deterrence Act (18 USC § 1028). This act has made it easier for law enforcement to investigate the crime and for victims to recover any losses from it. This law made identity theft a separate crime against the person whose identity was stolen, broadened the scope of the offense to include the misuse of information and documents, and provided punishment of up to 15 years of imprisonment and a maximum fine of $250,000. Under U.S. Sentencing Commission guidelines, a sentence of 10 to 16 months of incarceration can be imposed even if there is no monetary loss and the perpetrator has no prior criminal convictions (U.S. GAO, 2002). Violations of this crime are subject to investigations by federal law enforcement agencies, including the U.S. Secret Service, the FBI, the U.S. Postal Inspection Service, and the Social Security Administration’s Office of the Inspector General.
In an effort to protect consumers against identity theft and assist those who have been victimized, Congress passed the Fair and Accurate Credit Transactions Act (FACTA) in 2003. The act grants consumers the right to one credit report free of charge every year; requires merchants to leave all but the last five digits of a credit card number off store receipts; requires a national system of fraud detection to increase the likelihood that thieves will be caught; requires a nationwide system of fraud alerts to be placed on credit files; requires regulators to create a list of red flag indicators of identity theft, drawn from patterns and practices of identity thieves; and requires lenders and credit agencies to take action before a victim knows a crime has occurred. In addition, FACTA created a National Fraud Alert system.
In an effort to stop credit grantors from opening new accounts, FACTA also allows consumers to place three types of fraud alerts on their credit files. Individuals who suspect they are, or are about to become, victims of identity theft, can place an “initial alert” in their file. If individuals have been victims of identity theft, and have filed reports with law enforcement agencies, they can then request an “extended alert.” After an extended alert is activated, it will stay in place for 7 years, and the victims may order two free credit reports within 12 months. For the next 5 years, credit agencies must exclude the consumer’s name from lists used to make prescreened credit or insurance offers. Finally, military officials are able to place an “active duty alert” in their files when they are on active duty or assigned to service away from their usual duty station.
In 2004, the Identity Theft Penalty Enhancement Act (ITPEA) established a new federal crime, aggravated identity theft. This act prohibits the knowing and unlawful transfer, possession, or use of a means of identification of another person during and in relation to any of more than 100 felony offenses, including mail, bank, and wire fraud; immigration and passport fraud; and any unlawful use of a social security number. The law mandates a minimum 2 years in prison consecutive to the sentence for the underlying felony. In addition, if the offense is committed during and in relation to one of the more than 40 federal terrorism-related felonies, the penalty is a minimum mandatory 5 years in prison consecutive to the sentence for the underlying felony.
States have also passed laws in efforts to protect consumers and victims of identity theft. In 2006, states continued to strengthen laws to protect consumers by increasing penalties and expanding law enforcement’s role in investigating cases. Laws were also enacted to assist victims of identity theft, including prohibiting discrimination against an identity theft victim, allowing victims to expunge records related to the theft, and creating programs to help victims in clearing their names and financial records. To date, 39 states and the District of Columbia have enacted laws that allow consumers to freeze their credit files. As of November 1, 2007, the three major credit bureaus, Equifax, Experian, and TransUnion, offer the security freeze to consumers living in the 11 states that have not adopted security freeze laws and to all consumers in the 4 states that limit the option to victims of identity theft.
The effectiveness of legislation pertaining to identity theft has not yet been determined. These laws have provided law enforcement with the tools to fight identity thieves, but whether identity thieves have desisted because of these laws is still unclear. If identity thieves are like other fraudsters, and indicators suggest that they are, then they will adapt to law enforcement strategies aimed at stopping them. Thus, ITADA, FACTA and ITPEA will likely be amended to adjust to changing technology and adaptations of thieves.
Identity theft is a widespread problem affecting approximately 8 million people each year. A common scenario involves an offender who obtains or buys a victim’s personally identifying information from an acquaintance or employee of an agency with access to such information. The offender then uses the information to acquire or produce additional identity-related documents such as driver’s licenses and state identification cards, make checks, order new credit cards, and cash checks. The victim is likely to be between the ages of 18 and 55 with an income greater than $75,000 and does not know the offender.
Like most offenders, identity thieves are motivated by a need for money. For some identity thieves, the need for money is fueled by a desire to maintain a partying lifestyle characterized by drug use and fast living. Others use the proceeds of their crimes to support a conventional life, including paying rent, mortgages, or utilities, or buying the latest technological gadgets. Although the desire for money is a common motivation among street-level and white-collar offenders, the selection of identity theft as their crime of choice may be attributed to the ease with which they can justify their actions. Many identity thieves are able to justify their crimes by denying that they caused any “real harm” to “actual individuals.”
Most official attempts to control identity theft have been in the form of legislation. Federal and state lawmakers have approached the problem by passing legislation defining identity theft as a crime, delineating penalties for offenders, and increasing protection to consumers and victims of identity theft. In addition to legislative action, numerous nonprofit agencies, organizations, and private companies have launched campaigns to educate consumers on how to protect their personally identifying information. Although limited, the currently available data suggest that certain situational crime prevention techniques may be useful in decreasing the incidence of identity theft. Specifically, increasing the effort and risks of acquiring information and converting information to cash or goods, eliminating ways in which information is acquired and converting information to cash or goods, and advertising the potential legal consequences of identity theft may help reduce identity theft.
To understand the crime of identity theft and thus increase the likelihood that policymakers and law enforcement are effective in reducing this crime, more research needs to be done. First, a number of laws have been passed to provide help to consumers and victims of identity theft and to assist law enforcement; however, the effectiveness of these laws has not yet been assessed. Although much of this legislation is relatively new, future research should evaluate the degree to which legislation is an effective strategy in reducing identity theft. Second, there is very little research on identity thieves themselves. Researchers should consider further developing this line of inquiry by expanding the work of Copes and Vieraitis (2007) to include active offenders and offenders convicted at federal, state, and local levels.