WHY WOULD AN IDENTITY THIEF WANT TO BE YOU?

 

Surely there are wealthier, worldlier, and wiser identities that a thief might want to adopt. Well, you don't necessarily need to have a lot for your identity to be worth something to a crook. You see, the first thing most thieves do with your information is to open new credit cards and charge up a storm, leaving a trail of receipts for expensive items that you then have to persuade someone that you didn't buy yourself.

 

Who are these people and how do they get such good data? The lowest-level thieves are stealing the old-fashioned way: They raid your garbage can for any mail you've thrown away that has personal information, or they call you and pretend to be holding a sweepstakes for which you can win a free vacation. Just provide your mailing address, Social Security number and mothers maiden name.... But by now you're too smart to fall for those methods, right?

 

While these thieves are easily thwarted by your taking precautionary measures, there is a whole new breed of more sophisticated identity thieves who are tapping into previously unlikely sources, making it imperative that you keep your personal data just that -- personal.

 

Lets cut through the clutter and discover who needs to know what. For starters, you may wonder why schools, phone companies, utilities, health clubs, insurance companies, video stores -- just about everybody, it seems -- wants your Social Security number (SSN). Some of the more prevalent legitimate uses are to get your credit rating and determine whether you pay your bills. Others want to keep track of you through name and address changes. But is it really necessary to share your SSN with your gym? Probably not, which is why you shouldn't.

 

It may sound reasonable for a utility company to ask for your SSN, but often the company uses it to sell to other companies. (A list with the numbers is more valuable than one without.) The only agencies that can require your number are motor vehicle, tax and welfare departments; transactions involving taxes also require your SSN, so banks, brokerages, and employers also have a legitimate need for it.

 

Unfortunately, once you've covered all the obvious bases, you could still fall prey to some of the newer methods of identity theft, which even include family members stealing your data. Surprisingly, more than five percent of all reported identity theft complaints lodged with the Federal Trade Commission in 2001 involved family members. The trouble caused by an ex-spouse or a disenchanted sister-in-law stealing your personal information far exceeds the hours and hours that most victims have to spend cleaning up their credit. Indeed, in these circumstances, most victims are emotionally scarred as well. And rarely do they press charges against a relative, making it a seemingly perfect crime to the criminal.

 

Poor security by reputable companies that would have seemed trustworthy also provides identity thieves with ripe data. Just this year, a major manufacturing company warned 13,000 people to be aware of identity theft after the company found that hackers posing as employees gained access to consumer credit reports from a large credit bureau. The manufacturer said that hackers used its authorization code to access peoples credit records and obtain customers personal information.

 

An altogether different violation of privacy and confidentiality occurred at Princeton University recently when an admissions officer used the personal data submitted by applicants, including their Social Security numbers, to peruse the admissions Web site at Yale.

 

And most recently, a New York City government-sponsored Web site intended to help the unemployed find jobs suffered a snafu, exposing the personal data of 1,900 job applicants. The unprotected information included name, address, Social Security number, telephone number and work and education experience -- enough to let anyone pose as the victim.

 

A savvier thief may fraudulently request your credit report claiming to be a potential landlord, employer or some other person with a seemingly legitimate right or need for your information.

 

One way to keep on top of this growing brand of criminality is to monitor your credit often by ordering your Credit Summary and reading it carefully, because the future, it seems, is bright for identity thieves. And the cost of doing business for thieves is dropping. Researchers in England, for example, recently discovered a method of tapping into smart cards, which are typically used as debit cards, as cell phone payment cards, and for other electronic transactions. The cost of this new technology: $30.00

 

The amount of information about you that's available to anyone who's locking is shocking. Some of that data is available because you have provided it, while other pieces of data are floating around in databases that have been surreptitiously created. To find out what information is allowed to be shared by corporations, banks and other data collectors, we spoke with Alan Sklar, founder and president of Creative Services, a national background-screening and security consulting firm in Mansfield, Mass. Sklars career spans nearly 30 years, and his advice on privacy can help you keep your information from identity thieves.

 

Q. When did identity theft become such a worrisome crime?

 

A. Identity theft isn't a new crime; we've always had it. What may have changed is the media attention its been receiving, so it seems much more prevalent. Also, the electronic age has created new mechanisms for identity theft. The Internet, ATM machines and the world of electronics, all the places where were transferring personal information, are part of the current boom in identity theft.

 

Q. What is legal for someone to find out about you?

 

A. We now have federal laws that protect consumers on what businesses and entities can do or not do. The primary one is called the Fair Credit Act. It has shaped the criteria for companies, businesses and banks on what we can do and how we can do it. The regulation is there to protect the information and privacy of customers. Part of the act requires these organizations to disclose how they're protecting your information.

 

Q. What makes some in formation public and other data private?

 

A. Something's public if we can walk into a public domain and obtain it. To protect ourselves, we have to be more aware of what we provide people. For instance, anyone can walk into a courthouse and obtain information. Most court documents are public, thus they're accessible. So :if you've been in a criminal or civil case, the records are probably public. Because of the quantities of public data, the professional person who is looking to steal identities is usually going to find it.

 

Q. What obligations do companies have to safeguard information?

 

A. First and foremost, they have to make sure they're doing everything that's reasonable in protecting personal data.

 

That includes keeping personal files under lock and key. keeping any electronic data as secure as possible. and disclosing to consumers what information they're utilizing and what they're selling oft in a list or some other form. Its clear to companies that the rights of privacy are becoming more and more important to the consumers,

 

Q. What should consumers do to protect themselves?

 

A. The first thing we always tell people is that the key to stealing your identity begins with your Social Security number, so that's the first thing to protect. The best way to protect it is quite simple: When asked for it, don't just give it out. Instead, be picky about who gets it. There are different ways to protect your identity; one is to request a copy of your credit report once a year to see if anything is on your report indicating someone's using your information,

 

Also, be careful when you're using an electronic transmission, such as an ATM. If someone's standing behind you, use your code more carefully. Be aware that this is some of the key information that people want. All the credit card applications that give you automatic credit should be shredded or people will rummage through your trash to get them. A personal home shredder is a good idea and not that expensive.

 

Q. Isn't it against the law to go through someone's trash?

 

A. Once the trash is out on the curb, Its in the public domain. Its not illegal to go through someone's trash then, but it is to use the information found in it.

 

Q. So what else should we do to protect ourselves?

 

A. Report lost and stolen credit cards immediately. Some people think its more of a pain if they think they may find the card, but by then your identity may be taken.

 

Beware of scams over the telephone and the Internet. Thieves are becoming more clever in getting information from people. Some will offer a trip or prize, so don't answer questions over the telephone about personal information. Its also not secure to give information over the Internet. Be careful about online transactions. The larger, more reputable companies have the appropriate security in place, but some of the smaller sites have been created just to get information for theft.

 

Joan Baker* played by the rules. She was always careful with her personal belongings. She made a habit of shredding receipts and financial statements and never lost a purse, ID card or wallet. That's why what happened to her last February was so difficult for her to comprehend.

 

Baker, 50, was going about her regular afternoon routine in her California home when she received a phone call from the credit department of a major department store. They wanted to know if she had opened an account the day before. She hadn't. But over the course of two days, someone had used her name to rack up $10,000 in merchandise debt. She had "not a shred of an idea" how they got bold of her information.

 

But there was no time to look back, because the thieves had used her identity to open multiple credit card accounts, causing her an enormous amount of aggravation. Although Baker, as well as most victims of identity theft, wasn't liable for their charges, she was left with a stack of paperwork, which took hours and hours to complete. Police reports, credit reports, the companies involved -- they all required her to tell her story again and again. And worse, she lost her trust in others. You think you're safe." she says, and you're not. Whenever anybody calls me now, I'm very, very cautious."

 

Baker now uses cash or writes personal checks for her purchases. She has destroyed all of her credit cards, some of which she had owned for 20 years. And she says she would have to "think really hard" before opening another account.

 

ID theft isn't entirely new, but it has grown more prevalent in an age where transmission of information is virtually instantaneous. In 1992, the credit bureau TransUnion received about 35,000 calls about identity theft from victims and those concerned about potential crime, according to the Identity Theft Resource Center. In 2001, they received more than a million.

 

While there is no absolute way to protect your identity. there are some simple measures you can take to make it more difficult for criminals to obtain your personal information.

 

• Shred liberally. For less than $20 you can buy a small home office shredder. Get rid of old receipts, unwanted mail, and particularly preapproved credit cards. Those documents contain vital personal information. Also take a minute to tear up an envelope before you throw it in the trash, and don't forget to remove receipts from inside shopping bags.

 

• Carefully examine monthly financial statements. Don't assume charges are correct if you cant identify them. They could be an early clue into fraud. Use your membership and request your credit report on a regular basis. That's one sure way to keep track of your spending record,

 

• Don't give out your Social Security number without a fight. Companies ask for it all the time, but often they don't need it. If you must give in, offer to provide the last four digits only. Keep your Social Security card in a safe place, and take a look at your health insurance card. Often those ID numbers are Social Security numbers, in which case you should photocopy the card and white out the number. That goes for all of your important documents,

 

• Pick complicated PIN numbers. Don't choose birthdays or pet names. Once someone gets hold of important information, its only a matter of time before they try to crack into all of your accounts.

 

*The name has been changed to protect anonymity.

 

If you think your personal information at the DMV is safe, read this!!

 

The state Department of Motor Vehicles on Thursday revoked Allstate Insurance Co.'s electronic access to confidential drivers' records, after finding in a nine-month investigation that the company had violated state confidentiality rules 131 times.

 

DMV Director Steven Gourley said he would ask the state attorney general's office to seek fines against Allstate before its access would be restored. He said the maximum fine allowed per violation is $100,000, but made no estimate of what the fine would total.

 

Allstate is California's third-largest auto insurer, with 2.2 million policyholders, or 10.5% of the state's insured drivers.

 

Company spokeswoman Emily Daly said that while "Allstate regrets that its security and customer confidentiality procedures, including the requirement to follow appropriate DMV regulations, were not followed in some cases ... we would have preferred that the department accept our offer to work through appropriate resolution of these issues before taking today's actions."

 

Although Gourley said Allstate retains the right to obtain the records manually by submitting requests in writing to DMV offices, the company said, "The processing delays that will result from the department's actions will only cause inconvenience to California drivers."

 

Gourley said the DMV initiated its investigation after a complaint that "an Allstate customer's confidential address had been released, which resulted in a written threat to that person."

 

When DMV investigators began visiting Allstate offices, he said, they found frequent cases of DMV passwords being used in public view, and uncovered instances in which Allstate employees had sought the records of relatives and friends without good business reason.

 

The release of DMV records was restricted in 1989 after an obsessed fan of actress Rebecca Schaeffer hired a private investigator to obtain her home address from the DMV, showed up on her doorstep and, when she appeared, shot and killed her.

 

Up until that time, such DMV records were public information, and any member of the public could ask for and receive them.

 

Now, after the death of the 21-year-old actress, only those with a reason to have them can get them through an elaborate system of codes and passwords. Auto insurers frequently need drivers' records to show whether a person is a good risk, or to check if someone making a claim against the company has been involved in other accidents.

 

Gourley said Thursday that companies sign contracts with the DMV to keep such information private.

 

"It turned out in our investigation that they were not keeping tabs on the confidentiality," he said. "They were putting our password numbers on the computer so anyone could see them or access them."

 

A few of the Allstate offices visited also "wouldn't let our auditors in, or they threw them out," Gourley said. "That alarmed me. When they're so defensive, it arouses our suspicions."

 

Late Thursday afternoon, a senior spokesman for Allstate, Peter Debreceny, said the company has initiated discussions with the DMV in an attempt to settle the matter. The discussions have "been good, and the prospects are promising," he said.

 

But Gourley said he would be in no hurry to resolve the matter, short of getting full satisfaction.

 

Consumers Union's advocate on auto insurance, Norma Garcia, said, "Our position is that these are very serious allegations, and we would hope that there will be a full inquiry by both the DMV and the Department of Insurance. Release of information of this sort is very sensitive."