washingtonpost.com
Getting to Know Identity Thieves

By Michelle Singletary
Thursday, November 1, 2007

No doubt many of us have heard enough about identity theft to know that we have to protect our private information.

Hopefully, you're savvy enough to recognize bogus e-mails -- the ones that seem to come from your bank, an online auction site or a foreign lottery official announcing you've won a large cash prize. They are, you must know, just attempts to steal personal information.

But the Internet isn't the only method identity thieves use. A new survey reiterates that crooks out to steal your personal data are just as likely to get it by old-fashioned ways.

Only about half of the cases of identity theft involve the World Wide Web or technological devices (credit card encoders, for example), according to the Center for Identity Management and Information Protection.

Non-technological means are used in the other attempts to steal someone's identity. The criminal might simply redirect your mail by filling out a change of address card at the post office. Or he -- it's most likely a male -- will make off with your mail from your mailbox or go through your trash to find discarded documents that contain information he can use to open up credit card accounts. In 20 percent of the non-technological cases in the study, theft of mail, a change of address card or dumpster diving was the method of theft.

The center, with a grant from the federal Bureau of Justice Assistance, reviewed 517 closed Secret Service cases from 2000 to 2006. I should note that the data used for the report do not represent all of the identity theft cases that were investigated and prosecuted during this time by the Secret Service and other law enforcement agencies.

But at least there's more research being done in this area. The center, which was founded last year and operates from Utica College in New York, was created to conduct research on identity theft and fraud. In addition to Utica, its partners are LexisNexis, IBM, the credit bureau TransUnion, the Secret Service, the FBI, the U.S. Marshals Service, the U.S. Postal Inspection Service, Carnegie Mellon University, Indiana University and Syracuse University.

This is the first time the Secret Service has allowed the review of its closed case files on identity theft and fraud. The Secret Service is the primary federal agency tasked with investigating identity theft and fraud and related activities.

"These findings shed new light on how identity-theft-related crimes take place, what motivates the perpetrators and who is being victimized, and dispel some common myths about identity theft," said Gary Gordon, founder and executive director of the center.

The research center divided its finding into three categories: the crime, the victims and the offenders.

I want to start with the offenders because the more you know about the criminal trying to steal your personal information, perhaps the better you can protect yourself.

Identity thieves are young. In 42.5 percent of cases, the offenders were 25 to 34, and 18.5 percent were 18 to 24. Only 6 percent were older than 50.

Two-thirds of the identity thieves were male. Twenty-four percent of the offenders were born outside of the United States, and 71 percent had no arrest history.

It's also important to know how this crime is committed. In 274 of the Secret Service cases, the center was able to pinpoint how the thief obtained a person's information. A business -- service, retail, financial industry or a corporation -- was the point of compromise 50 percent of the time.

A company's database was the source of identity information in a third of the cases. In about 44 percent of the cases, information or documents were stolen from retail stores, car dealerships, gas stations, casinos, restaurants, hotels, hospitals and doctors' offices.

You still need to watch your peeps -- as in relatives and friends -- people you should be able to trust. A family member or friend was the thief in 16 percent of the 274 cases.

A third of the time, thieves got their information from financial organizations: banks, credit unions and credit card companies. The offenders then used the fraudulently obtained information to obtain new credit card accounts, to apply for and obtain fraudulent loans, to create fake checks, and to transfer funds.

According to the case analysis, there was a one-in-three chance that victimization was a result of the work of an insider.

What I learned from this report was this: You can't trust any business or anybody, even family members. Despite all the claims of privacy, encryption technology and security firewalls, you've got to be your own information bodyguard.

¿ On the air: Michelle Singletary discusses personal finance Tuesdays on NPR's "Day to Day" program and online athttp://www.npr.org.

¿ By mail: Readers can write to her at The Washington Post, 1150 15th St. NW, Washington, D.C. 20071.

¿ By e-mail:singletarym@washpost.com.

Comments and questions are welcome, but because of the volume of mail, personal responses are not always possible. Please note that comments or questions may be used in a future column, with the writer's name, unless a specific request to do otherwise is indicated.

View all comments that have been posted about this article.

© 2007 The Washington Post Company