UNCOVERING SECRET IDENTITIES

When Melanie Banks (named changed to protect her privacy) and her husband went to the bank in December to refinance their home, they thought it would be routine. After all, the couple, who live in Topeka, Kansas, were refinancing with their existing mortgage lender, and they prided themselves on their credit history. So it was quite a shock when the bank officer turned them down, pointing to their credit report, which listed numerous accounts in arrears.

It turns out that a woman in New Mexico had applied for credit 22 times using Bank’s name and Social Security number. In all, she had made purchases totaling $90,000, leaving a trail of unpaid debt that Banks is desperately trying to prove is not hers: a $38,000 loan for a mobile home, three car loans, credit card bills, and charges for a cellular phone and other services. The perpetrator torched her credit to the point where even the perpetrator herself was denied.

Banks is a victim of a crime of the 21^st century—identity theft. It happens when one individual uses another’s personal identification (name, address, Social Security number; date of birth; mother’s maiden name) to take over or open new credit cards and bank accounts; apply for car and house loans; lease cars and apartments; and, even take out insurance. The perpetrators don’t make the payments, and the victim is left to deal with the damage—calls from collection agencies and creditors; the endless paperwork that results from trying to expunge fraudulent accounts from a credit record; and, the agony of waiting to see if more phony accounts pop up. Meanwhile, the proliferation of black marks on a credit report can be devastating. Victims of identity theft are often unable to get loans; some run into trouble applying for a job. A few have even been arrested after the thief committed a crime in the victim’s name.

Many identity thieves use stolen personal information to obtain driver’s licenses, birth certificates, and professional licenses, making it easier to get credit. Most victims don’t even know how the criminals pulled it off. Data have been stolen from desk drawers in the workplace, mailboxes, job application forms, and the Internet. False identification cloaks a thief in anonymity, and the impostor can often use the alias for a prolonged period of time. Thieves typically have the bills sent to an address that is not the victim’s, concealing the scheme for months, even years. Most victims aren’t aware that their credit has taken a nose-dive until, like Banks, they apply for credit themselves or receive a call from a bill collector.

Proof Positive

In the 1980s, criminals who wanted free plastic simply made up counterfeit credit cards with the correct number of digits. To thwart them, the industry instituted sophisticated security measures involving holograms and algorithms. Now criminals are taking advantage of what some see as the weakest link in the credit system: personal identity. There is nothing in the system that demands proof that you are the person you say you are. Personal identifiers are now, more than ever, a valuable commodity to criminals.

Although no single agency tracks identity fraud, statistics collected by the GAO point to a growing problem. Trans Union, for example, one of the three major credit bureaus, indicates three-fourths of all consumer inquiries relate to identity fraud. Those inquiries numbered 35,235 in 1992; in 2000 there were 855,255. The costs of identity fraud can be very high: The Secret Service indicates losses to victims and institutions in its identity-fraud investigations were $1.8 billion in 2000, up from $442 million in 1995. It’s a problem that Congress has to address.

Identity fraud is a relatively new phenomenon, and it’s not a crime, except in a handful of states, such as Arizona and California, which have recently made it illegal. Legislation is pending to make it a federal crime.

Most victims call the police. But in states with no statute, some police departments refuse to take a report because the law sees the victim in a case of identity fraud as the party that granted the credit (the bank or the merchant, for example), and not the person impersonated. That’s frustrating to the victims because they often need a report to prove they are not the bad guys.

Victims need proof because the attitude they often encounter when dealing with creditors is guilty, guilty, and guilty. Every person Mike Smith (name changed to protect privacy) talks to has been skeptical, condescending, and hostile, and he is still trying to clean his credit report of 23 bounced checks, written to stores in Arizona in 1994 on a bank account opened fraudulently in his name. That really aggravates Smith who has already been turned down for a mortgage. Victims often have to play detective, coming up with clues, leads, and even the basic evidence that a fraud has been committed. You have to do all the footwork yourself.

Even the Kitchen Sink

Typically, creditors ask an identity-theft victim to fill out an affidavit certifying he or she did not incur the debt. Some require much more: One collection agency told Banks it needed a copy of her driver’s license, her Social Security card, her birth certificate, and any lease or mortgage contract for the past five years—all for a $54 cable bill. In the end, Banks neither paid the bill nor sent the copies to prove her innocence, opting to explain the $54 item on her credit report to future creditors. As with many victims of identity theft, sensitive documents were the last thing she wanted to send to a stranger.

The belligerence that victims encounter from some creditors is particularly irksome to those who suspect a creditor’s negligence in the first place. Many creditors do not take the proper steps to verify the identity of the credit applicant. Dorothy Helus (name changed to protect privacy) of Reston, Virginia, points to a credit-card application that started an impostor on a crime spree in her name: The application was preprinted with the impostor’s name and address, but the impostor had crossed off her own name (leaving her address) and written in Helus’s name, Social Security number, and occupation. The bank gave the impostor a credit card with a $20,000 credit line, leading Helus to ask: “Wouldn’t a reasonable person say something is fishy here?” Bankers, meanwhile, insist they are on the ball. All the banks have systems that detect fraud. They have to modify them for every new scheme that comes up.

Dialing for Dollars

To make matters worse, two weeks after Helus notified the bank that the account was fraudulent, the bank sold it to a collection agency, and she and her children started receiving threatening phone calls and letters. It didn’t stop there. The card triggered an avalanche of preapproved credit offers to the phony Helus’s mailbox: One different address on a credit account was all it had taken for one of the credit bureaus to switch Helus’s credit-file address to the impostor’s. They came to Helus like candy. Some credit bureaus won’t change a file address until three creditors report a new address, but a criminal on a spree can quickly cross that threshold.

It’s not easy getting a credit report back on track. The credit bureau says contact the creditor, the creditor says contact the credit bureau, and the consumer just gets ping-ponged back and forth. The bureaucracy can be maddening: Banks recently received a letter from the credit bureau Experian saying it was reinserting a disputed item. The letter did not say which of the 22 accounts it referred to.

One of the few weapons victims have to protect them is a “fraud alert,” which credit bureaus will put in consumer credit files. This notifies anyone who pulls the report that the subject is a victim of fraud and that he or she should be called to verify any credit application. The alert isn’t foolproof.

Credit bureaus might want to step up their efforts at finding a solution before more aggrieved consumers turn to the courts. Recently, in Clarksdale, Mississippi, a man won a lawsuit against Trans Union for failing to clean up his credit report. The award: $7.8 million.

Meanwhile, the credit-reporting industry has formed a taskforce to tackle identity theft. Among solutions being considered are taking files of theft victim’s off-line and sharing fraud alerts among credit bureaus more quickly. Individual creditors are also taking steps to stem their losses and prevent future ones. In San Francisco, Cellular One routinely flags suspect applications and compares details with credit reports. That’s how Irene Cole (named changed to protect privacy) in San Francisco found out her identity had been compromised: Recently, a woman applied for service using Irene Cole’s identity, but Cellular One’s fraud department thought the application looked suspicious and phoned her to check. Moreover, it alerted competitors in the area that they might be the next targets.

Identity theft is a crime that comes back to haunt its victims, and many are taking determined measures to prevent its recurrence. Banks and her husband have taken an unusual vow: When they have children, they will not get them Social Security numbers—even though that means no tax deduction. To her way of thinking, safeguarding her children’s identity is far more valuable.

Service providers have largely solved the cloning problem, but the monitoring of private affairs in cyber space is still an issue, and e-commerce has barely been addressed. Cellular security is better, but foes still lurk.