ID Theft Most Common Offline, Experts Say

Although part of the recent spike in reports of identity theft can be attributed to the Internet, offline methods of stealing personal data still provide a more significant information stream for criminals, according to National Fraud Center chairman of the board Norm Willox.

Speaking before identity theft workshops assembled by the U.S. Federal Trade Commission (FTC) and the Social Security Administration last week, Willox cautioned government officials to avoid “simplistic” or overreaching solutions that combat only part of the growing problem.

“In devising solutions intended to aid individual victims of identity theft, we must exercise care that the solution is not only effective but that it is also not detrimental to society,” said Willox. “We should endeavor to use the surgeon’s scalpel and not the lumberjack’s axe.”

Dumpster Diving Reigns

According to Willox, National Fraud Center research indicates that the Web is not the usual avenue for identity thieves to obtain information. Instead, long-established means of gathering data — such as “dumpster diving” or using a well-placed employee — remain the most popular retrieval methods.

“Nevertheless, common sense indicates that as the use of the Internet continues to grow, particularly through e-commerce, the use of the Internet as both a source and mechanism to commit identity theft will grow proportionally,” Willox warned.

One of the most significant risks posed by the Web is the potential access it provides to third party hackings and the compromise of security systems, he said.

“We simply do not have reliable data or statistics to determine the effect that the Internet is having on identity theft,” Willox told regulators.

Social Security Number Firestorm

Willox’s comments came as a heated debate over ways to tackle identity theft roiled Capitol Hill.

Last Thursday, President Bill Clinton threatened to veto a controversial congressional appropriations bill that would make it illegal to sell or display a Social Security number without an individual’s permission. Sen. Richard Shelby (R-Alabama) said at a press conference that loopholes “would actually validate the sale of Social Security numbers beyond [what is allowed] in current law.”

In 1999, the Social Security Administration’s Office of the Inspector General reported more than 62,000 instances of misuse of Social Security numbers.

Put Away Occam’s Razor

Willox, however, argued that the complete elimination of Social Security numbers from business databases is a fundamentally flawed approach.

“Identity theft will not go away with a veritable flip of the switch,” said Willox. “The fact that many good and intelligent people have been working on this problem for several years, only to witness it escalate, should by itself cause us to question such a simplistic approach.

“We in the fraud prevention business need Social Security numbers and other personal identifying information to develop the tools to detect identity thieves,” Willox added, because they are the primary means for companies, utilities and the government to determine with whom they are conducting business.

Tackling the Problem

According to Willox, identity theft policymakers and enforcement officials should adopt a three-pronged approach to tackling identity theft: 1) limiting access to personal information while developing verification and validation software to prevent an identity thief from completing a fraudulent transaction; 2) investigating and prosecuting suspects; and 3) aiding individuals who have been victimized by identity theft.

Willox noted that the longer it takes for an individual to discover that an identity theft has occurred, the more difficult it is for the victim to correct the situation.