The Police Chief, the Professional Voice of Law Enforcement
Advanced Search
December 2014HomeSite MapContact UsFAQsSubscribe/Renew/UpdateIACP

Columns
President's Message
Chief's Counsel
Legislative Alert
Technology Talk
From the Director
Departments
Advances & Applications
Highway Safety Initiatives
IACP News
Line of Duty Deaths
New Members
Products and Services
Product Update
Survivors' Club
Current Issue
Search Archives
Web-Only Articles
About Police Chief
Advertising
Editorial
Subscribe/Renew/Update
Law Enforcement Jobs
buyers Your Oppinion

 
IACP
 

Identity Theft and the Police Response: The Problem

By Ed Dadisho, Sergeant, Los Angeles Police Department, Los Angeles, California


ith increased use of the Internet and the convenience of automated teller machines and credit cards, identity theft has become a major problem in the United States. A large amount of commerce in the United States is conducted electronically, either at an actual business location with debit and credit cards or through the Internet, where transactions are commonly referred to as e-commerce.

Just like the traditional thief, the identity thief steals property from the victim; but the identity thief breaches the victim's most personal information: the victim's name and identification. Identity theft is an emotionally abusive crime, and its psychological effects on the victim may last for years. It is a repetitive crime, as victims receive continual notices by phone or mail from creditors. Therefore, victims suffer some of the same emotional damage as victims of repeated physical assault.

Victims of identity theft usually do not suspect the theft until it is much too late, providing ample time for the thief to commit the crime and obtain property and services from vendors. Victims of identity theft often have their credit reports left in ruins after a successful identity theft occurs. In addition, financial institutions are victims of identity theft. These institutions will eventually refund the primary victim of the charges made to their account by the thief, leaving the financial institution with the financial loss. This eventually creates more victims, since the financial institutions will increase fees for other consumers.

How will law enforcement agencies deal with this increasing problem? Some of these investigations are difficult because they may involve jurisdiction issues. For example, the victim may live in one state, but the charge on the victim's account may have been committed in another state. Jurisdiction issues can be confusing for law enforcement agencies that are not familiar with identity theft law or do not have departmental procedures for receiving and investigating complaints of identity theft.

Identification of the Problem
Determining whether a community has a problem with identity theft can be difficult because identity theft crimes are closely associated with other, seemingly nonfinancial crimes such as purse snatching, theft from motor vehicles, narcotics trafficking, and terrorism, and because identity theft is a cross-jurisdictional crime in cases where the victim resides in one community and the crime occurs in another.

The Public Interest Research Group in Michigan (PIRGIM) conducted a research survey of Michigan law enforcement officers in September 2003.1 The key findings from the study were illuminating:

Identity theft is on the rise. Every officer who responded to the question of whether the frequency of identity theft cases had changed over the past five years agreed that it had increased. Forty-seven percent of officers claimed to have witnessed a significant or tremendous increase.

Identity theft poses unique challenges to law enforcement officers. Law officers reported that very few identity theft cases are solved. The reasons given were the anonymity of the crime, the jurisdictional challenges, and companies' lax security measures and lack of cooperation with law enforcement.

Most law enforcement officers feel new policies would help deter identity theft. Officers made several recommendations, ranging from new laws and department policies to tighter security and cooperation from private financial institutions.

A study in California by CALPIRG Education Fund found similar results.2 The California law enforcement officers surveyed claimed to have seen a drastic rise in identity theft cases in their jurisdiction. California officers, like the respondents in the Michigan study, believed that most identity theft crimes are never solved. They also felt that new policies and procedures are needed to combat identity theft crimes. They recommended stricter guidelines by financial institutions to help prevent identity theft; better cooperation by financial institutions in police investigations; clarification and standardization of jurisdictional issues; and interagency databases to facilitate multijurisdictional cooperation.

What Is Identity Theft?
In its simplest definition, identity theft is the wrongful use of another person's identifying information, such as credit card, social security, or driver's license numbers, to commit financial or other crimes. Identity theft is generally a means for committing other offenses such as fraudulently obtaining financial credit or loans, among other crimes.3 The Federal Trade Commission (FTC) defines identity theft as "a fraud which is committed or attempted using a person's identifying information without lawful authority."

But many private companies disagree with such broad definitions and would prefer limiting the definition by removing attempted fraud from the FTC definition. According to the Financial Services Roundtable's response letter to the FTC dated, June 15 2004, "including attempted fraud in the definition, instances that are traditionally considered common fraud . . . such as a stolen credit card . . . would now be considered identity theft."4 Their concerns are that the FTC definition would trigger certain duties for the financial institutions, thereby allocating additional resources and system changes to respond to new identity theft complaints by consumers. This is purely a financial concern that would not merit any reason to change how law enforcement agencies report and investigate identity theft crimes.

The Fair and Accurate Credit Transactions Act of 2003, Public Law 108-15, defines identity theft to means "a fraud committed using the identifying information of another person."

For law enforcement concerns, it is important to remember that the victim of identity theft is a person whose identity has been fraudulently assumed by another with the intent to obtain credit, goods, or services without the victim's consent. No financial loss is necessary. Identity theft includes the criminal assimilation of someone's name, address, credit card information, driver's license, social security number, or other personal data. Criminals use this information to impersonate their victims, spending as much money as they can in as short a time as possible before moving on to impersonate someone else.

How Identity Theft Begins
Knowing how identity theft occurs is vital for law enforcement's strategy to combat the crime. According to the Identity Theft Resource Center and other resources, identity thieves get information on their victims through the following means:

  • They go through the trashcan, looking for straight cut or unshredded papers, an activity more commonly known as Dumpster-diving.

  • They steal mail or wallets.

  • They listen in on conversations in public.

  • They trick victims into giving the information over the telephone or by email.

  • They buy the information either on the Internet or from someone who may have stolen it.

  • They steal the information from a loan or credit application form the victims has filled out from files at a
    hospital, bank, school, or business the victim has dealt with.

  • They get it from the victim's computer, especially one that lacks firewalls.

  • They obtain it from a friend or a relative or someone who works for the victim who has access to the victim's information.

  • The use skimming devices designed to obtain information from the magnetic strip on credit cards.5

  • They complete a change of address form with the U.S. Postal Service to divert mail to another location.

  • They buy personal information from inside sources. For example, an identity thief may pay a store employee for personal identifiers.

Once the information is obtained, the thieves will either sell the information to other criminal enterprises or they will use it to open up bank accounts, take loans, or use existing credit and debit cards to clean out the victims' accounts.

Identity Theft Law
The Identity Theft and Assumption Deterrence Act (18 U.S.C. 1028) became effective October 30, 1998, and made identity theft a federal crime with penalties up to 15 years' imprisonment and a maximum fine of $250,000. It recognized the person who had their identity stolen as the true victim. This act enabled law enforcement agencies to investigate identity theft crimes and the associated fraud that often results.
Section 5 of 18 U.S.C. 1028 mandates the Federal Trade Commission to refer complaints of identity theft to the appropriate law enforcement agencies for potential law enforcement action, and that includes local law enforcement agencies.

The Fair and Accurate Credit Act of 2003 (H.R. 2622), often referred to as the FACT Act, establishes requirements for consumer reporting agencies, creditors, and others to help remedy identity theft. The FACT Act provides certain rights and privileges to victims of identity theft to recuperate losses and damage made by the perpetrator of the crime. Some of these rights and privileges include, but are not limited to, the following:

  • One-call fraud alerts to consumer reporting agencies

  • Access to free consumer credit reports

  • Access to all application and business records evidencing any transaction alleged to be a result of identity theft

  • Access to all application and business records evidencing any transaction alleged to be a result of identity theft by law enforcement agencies

  • Blocking information resulting from identity theft on consumer credit reports

  • Access to blocked information by law enforcement agencies

This act attempts to lessen the lengthy and difficult process for the victim to recover from identity theft. But before the above rights and privileges are provided to the victim, the victim needs to have a crime report filed by a law enforcement agency, hence the importance of local law enforcement agencies' taking an active role in identity theft prevention and investigation. Identity theft victims will be told by the financial institutions to report the crime to their local police agency.

The FACT Act defines an identity theft report as "a copy of an official, valid report filed by a consumer with an appropriate federal, state, or local law enforcement agency, including the United States Postal Inspection Service, or such other government agency deemed appropriate by the Federal Trade Commission; and the filing of which subjects the person filing the report to criminal penalties relating to the filing of false information if, in fact, the information in the report is false."

Law Enforcement Challenges
Identity theft crimes differ from the traditional crimes law enforcement investigates. Unlike a regular theft investigation, where police may use tools such as fingerprint kits, canvassing the neighborhood, and interviewing witnesses, identity theft investigation is exceptional in that there are no witnesses or physical evidence at the crime scene. In fact, the crime scene may be thousands of miles away from where the victim resides. Most of the identity theft crimes occur over the telephone or computer and across jurisdictional boundaries.

Another challenge law enforcement could face is the lack of cooperation from some of the private financial institutions, and their unwillingness to increase security measures. Although the victim of the identity theft is the person whose name and identification was used, the financial institutions will pay off the actual losses. Once that occurs, the victim becomes the financial institution and unless there are major financial losses the institutions generally will not wish to prosecute.

It's a daunting task for any law enforcement agency when a victim comes in to the front desk and complains about identity theft. With the new federal FACT Act law, victims are required to have a police report documenting the identity theft in order to have certain privileges afforded to them. Beginning in December of 2004, local law enforcement agencies were required to provide police reports to victims of identity theft in compliance with the FACT Act. Police agencies must have personnel trained in completing identity theft crime reports, investigating identity theft crimes, and collection of evidence and case preparation for possible prosecution.

Information Resources
There are many resources on identity theft information. One of the best resources for law enforcement is a publication called "Identity Crime: An Interactive Resource Guide." The resource guide was published by a cooperative effort with the U.S. Secret Service, U.S. Postal Service, the Federal Trade Commission, and the IACP. This publication can be obtained through any of the above agencies at no cost to law enforcement. It will help officers with the basics of identity theft reporting and investigating.

The FTC is another excellent resource for law enforcement. They have many publications to assist police departments and victims of identity theft. Some of these publications can be used to help police agencies educate the public about identity theft during crime prevention meetings. Another resource that is available to law enforcement is the FTC's Identity Theft Data Clearinghouse. The clearinghouse is a rich source of information for investigations and should be used by local departments. The FTC, in conjunction with the U.S. Secret Service and other government law enforcement agencies, mines the clearinghouse data to uncover significant patterns of identity theft activity, develops investigatory reports based on the data, and refers the reports to the appropriate criminal law enforcement officials for investigation and prosecution.

The FTC also shares the clearinghouse information with law enforcement agencies nationwide via the FTC's secure law enforcement Web site, Consumer Sentinel (www.ftc.gov/sentinel).

The NW3C is another excellent resource for police agencies. The NW3C is a private, nonprofit organization funded by Congress to assist and train local law enforcement agencies in white collar and computer crimes. NW3C has several publications and other multimedia training tools available to any local law enforcement agency. NW3C provides some of the most relevant and comprehensive training in computer crimes around the nation. Their training is recognized by experts in the field, and the best part is that the training is free to law enforcement agencies.

The Future
There is no question that identity theft is a growing problem for law enforcement, and all indications are that it will continue to grow beyond local agencies' resources and abilities. Fortunately, there are many public and private organizations that are available to help law enforcement agencies with this dilemma. It is imperative for local law enforcement agencies to train officers and investigators in reporting, investigating, and preparing cases for courts to handle identity theft crimes. It is also imperative that law enforcement agencies begin a community awareness program to fully educate the public on identity theft prevention, and the process if identity theft does occur.

An article in the February issue of the Police Chief will discuss prevention, and a March article will be a comprehensive look at investigating identity theft crimes. ?

1PIRGIM, "Policing Privacy: Michigan Law Enforcement Officers on the Challenges of Tracking Identity Theft," by Megan Owens (February 2004).
2CALPIRG Education Fund, "Policing Privacy: Law Enforcement's Response to Identity Theft," by Janet Gayer (May 2003).
3IACP National Law Enforcement Policy Center, "Identity Theft," a model policy for law enforcement agencies (January 2002).
4The Financial Services Roundtable represents 100 of the largest financial services companies providing banking, insurance, and investment products and services to the American consumer.
5A device used to skim credit card information from the magnetic strip. The information is then downloaded to a computer.

Editor's note: Guest Editor Ed Dadisho is a sergeant with the Los Angeles Police Department. Through a grant from the IACP Foundation, Sergeant Dadisho was detailed as a fellow from the Los Angeles Police Department to the IACP. As part of his work at the IACP offices in Alexandria, Virginia, Sergeant Dadisho completed a comprehensive three-part article on identity theft. The January article discusses the problem; the February article will discuss prevention; and the March article will discuss investigation.

Top

 

From The Police Chief, vol. 72, no. 1, January 2005. Copyright held by the International Association of Chiefs of Police, 515 North Washington Street, Alexandria, VA 22314 USA.








The official publication of the International Association of Chiefs of Police.
The online version of the Police Chief Magazine is possible through a grant from the IACP Foundation. To learn more about the IACP Foundation, click here.

All contents Copyright © 2003 - International Association of Chiefs of Police. All Rights Reserved.
Copyright and Trademark Notice | Member and Non-Member Supplied Information | Links Policy

44 Canal Center Plaza, Suite 200, Alexandria, VA USA 22314 phone: 703.836.6767 or 1.800.THE IACP fax: 703.836.4543

Created by Matrix Group International, Inc.®