PC World > Columns > Consumer Watch

Taking names

You are what you have, know, are or do. Those are the categories used by security specialists to break down the riddle of identity.

By Geoff Palmer / Monday, March 01 2004

• TomTom announces free iPhone app update
• Hackers outwit Windows 7 activation
• Fifth-generation iPod nano gets a firmware fix
• High-tech shirt inventor is NZ’s Brightest Spark
• Can GPS technology save the Snow Leopard?

LATEST Feature

• Michael Jackson is riskiest celebrity of 2009
• Panda launches free 'cloud' antivirus scanner
• Can GPS technology save the Snow Leopard?
• AMD graphics chip shortage hitting PC vendors
• App Store officially passes 100,000 app mark
• Microsoft lays off 800 people
• Canon intros photo printing app for iPhone, iPod touch
• Mozilla unveils first Firefox 3.6 Beta
• Babelshot makes your iPhone's camera a translator
• Wikipedia edit system should be in place by year's end

You are what you have, know, are or do. Those are the categories used by security specialists to break down the riddle of identity. Asking for an ID card (what you have), your mother’s maiden name (what you know), fingerprints and a retina scan (what you are), or your signature (what you do) are the only verifications available. But what happens when that process is compromised?

Driver licences have become a sort of de facto identity card in New Zealand, a near-universal adult photo ID. But you’d best not trust any issued prior to last November. That was when Fair Go reporter Chris Wright posed as Wellington City Missioner and former TV chef Des Britten. In response to an application to replace a lost licence, the Land Transport Safety Authority (LTSA) issued one bearing Britten’s particulars with Wright’s photograph and signature. A disturbing proof of how easy identity theft really is.

It’s a huge problem. According to the UK’s Home Office, identity theft costs the country £1.3 billion annually and is growing at the rate of 165% a year. Last November, in the biggest case yet for Britain’s National Hi-Tech Crime Unit, six men were convicted of identity theft and fraud after they used information from a mortgage auction website. Using the names of recently deceased people, they opened bank accounts while simultaneously applying to redirect their victims’ mail. The credit cards, loans and overdrafts they obtained allowed them to net almost £350,000 in two years.

It’s not just the dear departed who are at risk. Federal Trade Commission figures released in January show identity theft has become the most prevalent form of fraud reported in the US, accounting for 42% of the more than half-a-million complaints received last year.

It can take many forms. The most prevalent — accounting for more than 30% of the US cases — is either applying for credit cards in another person’s name or simply using the victim’s existing credit card accounts. In 10% of cases, the thieves were after free cellphones; in 8%, victims’ bank accounts were plundered.

Internet-wise, the most common scam — accounting for 15% of internet-related rip-offs — is using stolen identities to sell non-existent goods via web auction sites. As one US couple discovered, all you need is a bogus bank account, a box number and some bargain-priced non-merchandise. By the time they were caught they’d got away with more than $US93,000.

The internet gets a lot of flak for the ease with which identity thefts can be perpetrated but the biggest source of information for ID thieves is still the humble rubbish bin — reckoned to be the key source in at least 70% of all US cases. Credit card statements, bank statements and utility bills are just some of the gold waiting to be mined. What’s more, they’re also useful as secondary sources of identification, required, for example, by the LTSA. There are even gems in junk mail. I regularly receive inducements from a certain life insurance company pre-printed with my full name and date of birth.

Still, many people retain a laissez-faire attitude to identity theft — until they lose money or be become a victim themselves. The problem is that that burden of proof is becoming more difficult.
There are no slips of paper containing obviously forged signatures for a start. MasterCard reckons 60% of all frauds committed stem from what are termed card-not-present transactions: purchases by telephone or via the internet. And if your identity is stolen, just sorting out the mess can take, according to one US estimate, around 175 hours of your time; the equivalent of more than four weeks full-time work. To say nothing of the stress and worry.

If you do become a victim you’d better put it right because computer records have a habit of hanging around. There are many stories of unpaid phone bills from student flat days coming back to haunt the miscreants years later when they apply for hire purchase or a mortgage. A photo ID can be used to obtain other forms of identification such as video rental or library cards. As well as the danger of creating an almost self-perpetuating chain of fraudulent IDs, such cards may not be used immediately. The repercussions could continue for years.

The chain identity is only as strong as its weakest link. Systemic flaws in just one part — such as those at the LTSA — put us all at risk.

Fraud tips
A search of the Ministry of Consumer Affairs and other .govt.nz sites turned up nothing useful on avoiding or dealing with identity theft, however the US governments’ Internet Fraud Complaint Centre has some excellent guidelines at http://www.ifccfbi.gov/strategy/fraudtips.asp