Category Archives: Identity Theft

Child Identity Theft: How shady credit repair companies are stealing kids’ Social Security Numbers

Shady, fly-by-night credit repair companies that promise fast credit score improvements (700-800 in just a couple months!) may be sinking to a new low here. It seems they’re harvesting valid but inactive Social Security numbers, many from children too young to have opened financial accounts.

They sell the numbers as “CPNs,” or “Credit Profile Numbers” (sometimes the “P” is “privacy” or “protection”). They tell their customers how to piggyback their credit on the clean CPN, which has the effect of making them appear more creditworthy. Once they burn through the credit for that number, they just purchase another one (I wonder if they use a credit card).

There are several articles on the topic all over the Internet. The Sun News out of South Carolina has a good one that explains it very well. However, there are still a few questions I have about this crime:

  1. Am I to understand that simply calling it a “CPN” instead of a Social Security Number somehow makes this practice legal?
  2. How are they obtaining the SSNs of all these children? Are they using a logarithim to generate the numbers, or is your Social publicly available until you turn 18?
  3. If it is, do I have to personally go to Washington D.C. and rap my knuckles on every single noggin in Congress (and yell “Helloooo, McFly, anybody home?!” in every single ear) until this is remedied with Federal intervention?

In any case, it’s time to check your kids’ credit reports. Yes, today. You don’t want to wait until they get turned down for an auto loan fifteen years later for allegedly defaulting on $45,000 worth of credit card debt.

This has been a pretty big story in the fraud prevention world. Look for more information to surface over the next few weeks.

Toward a definition of identity theft.

The other day I heard a warning that having someone steal your checkbook is the “worst form of identity theft.”

Honestly, I’m not entirely sure that is identity theft.

I suppose I’m something of a purist in this case. To me, “identity theft” occurs when someone obtains your personal identifying information without your permission, and uses it to open new financial accounts, obtain credit, medical services or employment, or evade arrest.

To me, someone just swiping your checkbook and passing checks all over town falls under the umbrella of simple “theft.” I suppose on some level the thief is implying that he or she is you, but credit is not being obtained in your name in this case. It’s sort of like someone just stealing your cash. The thief doesn’t have your Social Security number or date of birth, all he has is your checkbook. Once those stop working, he’ll abandon them.

Not that having your checkbook stolen isn’t a massive headache. I’m not saying it’s something to take lightly at all. It’s just that I don’t think it constitutes identity theft per se.

I also don’t believe that simple credit card theft usually equals identity theft. Once again, the thief may be implying that he or she is an authorized user of your credit card, but that’s as far as the crook is taking things. They’re not changing your address so you don’t get the bills, they’re just burning through your card for a couple days until they max it out.

Once again, it’s a pain for the victim, but it’s not quite identity theft.

My parents were among the victims of the Heartland Payment Systems data breach back in 2008. Their credit card (which they had used once at a restaurant) suddenly showed two charges of $850 at an electronics store in California. One call to the credit card company was all it took—I don’t even think my dad had to finish his sentence before the customer service person said, “Yes, there was a data breach…aaaaaand you’re all fixed.” There was no need to place alerts on credit reports or anything. A crook had used their credit card numbers, they called the company, problem solved. In a case of true identity theft, it would have taken a lot more than one phone call to remedy the situation.

Again, I’m not saying this type of theft can’t be a hassle, because it can be. I guess I’ve just been seeing the term “identity theft” get thrown around a lot, and it seems useful to place a few limits on the term, if only for clarity.

One final point: you’ll never hear me use the phrase “ID theft” as shorthand for identity theft. Your ID is a card with your picture and information on it. Your identity is all the non-public personal information about you—date of birth, Social Security number, credit reports, etc.

To me, “ID theft” sounds like somebody just stole your driver’s license. Of course, identity theft could involve someone stealing your ID (and then manufacturing a new one with their picture and your information), but “ID theft” is a term that obscures rather than illuminates.

Mistaken identity arrests: it happens a lot more often than you’d think.

According to an item posted on CNN, cases of mistaken identity in criminal arrests happen a lot more often than you might think.

The specific case highlighted in the article was not related to identity theft; rather, the victim simply had a very similar name to that of a robbery suspect. However, she spent five days in jail before her husband was able to bail her out. It also took two years to get her criminal record expunged.

Mistakes like this are apparently relatively common, due to identity theft and errors. You might not be able to control who has a name just like yours, or who types in a name incorrectly, but you can still take steps to prevent identity theft that could lead to your wrongful arrest. It may not eliminate the possibility, but at least you can try to minimize it.

At the very least, the article shows that getting arrested for something you didn’t do isn’t fun. Stay vigilant.

Identity Theft increases for 2009, but consumer impact falls.

Predictably, incidents of identity theft hit an all-time high in 2009, according to the latest study by Javelin Strategy & Research.

This really isn’t much of a surprise, what with the economy in its current state. However, it seems the actual impact on consumers has either leveled off or decreased. In other words, while more people were victimized last year, it cost them less time and money to fix. Key findings from the study:

  • The actual number of adult identity theft victims hit 11.1 million in 2009, an increase of 1.2 million over 2008 (and after a decrease of 2 million from 2003 to 2007).
  • As a percentage of the population (4.8%), this represented an increase of 0.5%. Interestingly, however, this was only an increase of 0.1% over 2003, the previous high-water mark for number of identity theft victims.
  • The overall fraud amount hit $54 billion, an increase from 2008, but still less than the peak of $60 billion in 2004.
  • The mean (average) fraud amount was $4,841, which was stable from 2008. This number has actually decreased every year since 2004.
  • The mean consumer cost was $373, a drastic decline since 2004, when this amount peaked at $746.
  • The average resolution time also continued to decrease, down to 21 hours in 2009. This shows a vast improvement over 2005, when the average was 40 hours.

So what does all this data mean?

It seems to indicate that, while there were a lot more victims in 2009 in sheer numbers (yet only 0.1% more than 2003), identity theft isn’t quite as difficult as it once was to resolve. Basically, procedures are now in place to help victims deal with this crime, whereas everybody was still sort of flailing five or six years ago.

From 2003 to 2005, it actually seems to have become more difficult to resolve identity theft, according to past Javelin studies. I think a lot of businesses and municipalities were just beginning to understand the seriousness of identity theft during those years, and their early attempts to deal with the problem probably weren’t as efficient as they would later become.

Federal, state and local laws have also begun to catch up to the reality of the situation in the last few years, but I think consumer vigilance has played a key role in this trend. In general, people are more aware of the dangers and more aware of the signs, and as a greater portion of the population begins using online financial tools (which operate in real time, or as close to it as you can get), more people are catching the fraud sooner, and swift action is always best in these cases.

Don’t get me wrong. It’s still a pain to have your identity stolen, but at least it’s begun to cost less time and money to resolve the damage. You don’t want to lose 21 hours or $373, but it beats 40 and $746 by a long shot.

It’s worth noting that this study focuses on adult financial identity theft. The traditional scenario of “thief takes identity, thief opens credit card, thief goes shopping” has actually decreased, according to information I’ve encountered. Criminal, employment, child and medical identity theft, meanwhile, have become somewhat more prevalent.

Valentine’s Day scams: phishing, malware and identity theft.

It doesn’t matter what it is, there’s always a scam based on it.

As February 14th approaches, in addition to the usual horrible rom-com movies and terrible greeting card poetry, there are some specific types of fraud you’ll want to avoid.


If you get an email that says your online floral purchase didn’t process and that you need to re-enter your credit card information, it’s a safe bet you’re looking at a phishing message.

The link embedded in this email will take you to a site that might look legitimate, but is really only designed to steal your card information and possibly install malware on your computer. Delete the message with extreme prejudice. If you think it might be legit, contact the company directly, but most likely you’ll find out it was a scam.

It’s another example of how crooks adapt to the situation. 99% of the time, if you received this message, you’d know it was a scam. However, around the middle of February, there are hundreds of thousands of people to whom the phrase “just bought flowers online” applies. When this message goes out, it’s probably going to find a lot of potential victims.


I dislike e-cards. I really do. I don’t think I’ve opened one since around 1998, actually. To me, they’re either a waste of time (when they’re out of the blue) or a way to say “wanted to technically contact you, but didn’t want to spend $2 on a card and the sound of your voice is like nails on a chalkboard to me” (when they’re sent for holidays and birthdays). In any case, they’re never entertaining or sincere.

They’re also a source of malware infections. When you get an email that says you’ve got an e-card, proceed with caution. If you want to read it, the best thing you can do is contact the supposed sender directly to find out if they actually sent it to you. However, even the e-card sites that aren’t trying to nuke your computer with viruses can still annoy by installing adware. In any case, make sure your virus and spyware protection are up-to-date.

What I do is just delete them outright. If somebody asks, “Hey, ‘ja get that e-card I sentcha?” just reply, “Yeah—it was really great, thanks!” and leave it at that. Most of the time, you’ll be fine.

Identity Theft

People are looking for dates around this time of year, too. If you’re really desperate to have a date on 2/14, I guess my first piece of advice would be to ask yourself some tough questions, but if you can’t get past the idea of being single on V-Day, watch out when it comes to online dating sites.

First, there are fake dating sites designed to harvest credit card and personal information, putting you at risk of fraud. There are also people who post fake profiles, in an attempt to lure you into revealing personal information that can be used for identity crimes. Stick with the larger, more well-known sites, use a screen name instead of your real name, and set up a new email account with one of the free web-based providers. That way, you’re covered if they sell your address to spammers, and no weirdoes end up with your “real” email address. It makes it easier to disappear.

Don’t trust links to any dating sites that come in the form of unsolicited emails or via Twitter or Facebook. Those are almost always going to not be what is promised.

If it were me, I’d probably skip the online avenue altogether and consider attending a social event. Everywhere from churches to bowling alleys have singles events this time of year. Maybe try that; at least you won’t have to give up your credit card numbers.

How to avoid employment identity theft.

I’ve said many times before that not all identity theft is strictly financial, although other types of theft may have financial implications.

Medical identity theft is used to obtain services or to bilk insurance companies out of money for services that were never given. It can lead to collections activity against the victim, and at worse, false medical records that could be hazardous to the victim’s life.

Criminal identity theft can lead to victims being incarcerated and stuck with false arrest records that are difficult to expunge. It can lead to loss of job opportunities, and in some cases the victim has to hire a criminal defense attorney to get the situation under control.

Employment identity theft can, on the surface, seem like an almost victimless crime. When someone simply uses your personal information to obtain a job, you might not necessarily even find out unless you happen to apply for a position with the same employer (which has happened before). In fact, I’m sure that a lot of the people who actually use stolen information to get jobs think of it as a victimless crime.

However, what happens if the person using your identity to get a job doesn’t pay taxes on their earnings? The IRS will come looking for you.

One of the enduring myths of identity theft is that the person who steals your information is going to be the same person who uses it. This used to be more or less true, in the days before the Internet made things easier for criminals. These days, a more likely scenario for employment identity theft is that one entity steals information from a lot of different people, then sells it to those who need it. As I’ve often said, this is the realm of organized crime. The person who snags your Social Security Number through illicit means is just a middleman.

In other words, the standard rules apply; guard your SSN and be cautious about who you give it to.

Fraudulent job listings are a major source for this form of “retail” identity theft. You have to be extremely careful when applying for jobs online, especially during these times of high unemployment. However, don’t let your guard down when the economy recovers. This stuff is always out there.

First, never give your Social Security Number before a job interview. Any employer talking about a “preliminary background check” is already breaking the law, so you know right away that something is wrong. The second they speak of a preliminary check, refuse and move on.

Second, never provide financial information. If it’s a job that requires a credit check before hiring, they don’t need account numbers for that. They’ll need your Social Security Number, but by the time you’re actually sitting in an office with an interviewer, surrounded by employees, you’re a little safer in giving them the information. Thieves don’t often set up actual office premises—it’s too much work.

Third, be extremely vigilant when applying for jobs online. Do your homework, check up on the company, make sure any emails are from company accounts (like [nameofcompany].[com/org/net]), not free personal addresses (,,, etc.). Online application forms are an easy way for fraudulent web sites to harvest personal information. If they’re asking for your Social Security Number, STOP.

Finally, these are far more “work at home” scams on the Internet (and in the Classifieds, in your Inbox and stapled to telephone poles) than there are legitimate home-based job opportunities—the ratio is 54-to-1, according to one source. This means that if you’re looking at an online work-at-home offer, there is a 98% chance that it’s a scam and possibly a front for an identity theft ring. In other words, don’t even bother.

If you’re serious about working from home, your best bet is to contact a staffing agency (preferably a local one with an actual, physical office) and see if they have any leads. Or, you can start your own business and create your own income model. You either have to telecommute (traditional job, only you don’t go to the office much) or create something that people want (whether a product, information, or entertainment content) on your own, and figure out how to monetize it.

Document shredding: what should you shred, and when should you shred it?

You hear advice all the time that you should shred sensitive documents to reduce your risk of identity theft. However, what exactly are “sensitive documents,” and are there some you should keep for a while before destroying them?

What documents should I shred?

In general, you should shred documents that contain any of the following:

  • Account numbers
  • Passwords
  • PINs
  • Signatures
  • Social Security number
  • Date of birth

Basically, this is all the information that could be used by an identity thief to impersonate you. I also like to shred anything that has my name, address, email address, phone number and other less-sensitive information. Yes, I know most of this information is available in the phone book. It’s just a privacy thing. Still, not everybody needs to know I subscribe to Mother Earth News and Writer’s Digest.

Oh wait, I guess now everybody does know. So, how long should you keep documents before shredding them?

Junk Mail

I basically shred all junk mail that isn’t addressed to “Occupant” or “Resident,” especially credit offers. It’s just too easy for someone to fill out that form, mail it in with an address “correction,” and end up with a credit card in your name. Shred immediately.

Credit Card Receipts

I’ve heard you should keep them for 45 days, but to be honest I pretty much shred them after I’ve checked for errors and paid the bill. Plus, I think it’s time to sign up for online billing if you can. They can’t steal your mail or find a bill in the trash if there’s no paper bill in the first place.

Tax Documents

Keep them for at least seven years, then shred away. This is assuming you’re doing everything correctly and filing a return every year.

Mortgage Documents

Keep these, as well as documents of any improvements, for six years after you sell the property in question.

Pay Stubs

One year, or at least until you’ve made sure they agree with your W-2.

Medical Records

One year is the standard, in case of billing errors or disputes. I’d probably go ahead and make it a little longer.

Credit Union/Bank Statements

Keep them for one year. Really, I think you should just get the electronic statements where available. Nothing for them to steal, nothing for you to shred.

Insurance Documents

Life of the policy plus five years. This was actually news to me. I’m sure I’ve shredded some things that I sure don’t hope I need now.

Should I shred receipts?

I generally shred for any kind of electronic transaction (ATM withdrawal, credit card purchase), even though they blank most of your card number out. Actually, since I use cash for most purchases these days, I don’t bother with retail receipts. I shred ATM receipts, though. It just feels like I should, whether that’s logical or not.

Should I shred utility bills?

Yes. After you’ve paid your bill, you can pretty much shred these unless they contain tax-deductible expenses. In that case, you’ll need to keep them with your “tax stuff.”

What type of shredder should I purchase?

There’s a quandary here. Cross-cut shredders turn your documents into confetti that nobody could ever hope to put back together. Strip-cut shredders are a little less secure, but at the same time, how many dumpster divers are willing to go through the trouble of assembling a document out of a bale of paper spaghetti? Here’s the rub: from what I’ve read, cross-cut shred isn’t as recyclable. It has to do with the length of the paper fibers that can be retrieved from the shred. Cross-cut shred can only be recycled into very low-grade paper. In lieu of having your own shredder, if there is a (trusted) business in your community that will take documents for shredding, you can always contact them about dropping off your documents.

What can I do with shredded paper?

If the recycling center won’t take it, you might have to get creative. I’ve heard it makes good bedding for domestic rodent-type pets. I’ve even heard of people using it as bedding for horses. Other than purchasing a horse, you can also use it in compost bins or to start fires (if you have a fireplace, that is). After that, you’ll have to get creative. There are articles all over the Internet on this topic. If you must simply throw it away, reduce the amount by only shredding the parts of each document that contain personal information.

Fraud Alert: beware of callers who claim to represent Medicare.

Last week, a member of our credit union had a close call with a Medicare scam.

The member received a phone call from someone who claimed to be from Medicare. The caller stated that they were going to issue the member a new Medicare card, and needed the member’s account and routing number to proceed.

As soon as the member revealed this information, the line went dead. Sensing trouble, the member immediately called REGIONAL and had alerts placed on the account before any fraudulent withdrawals could occur.

I think this is what they call a “teachable moment.”

First, Medicare is never going to call you asking for your financial account information, nor would they need this in order to issue new cards.

However, I know these people can be convincing on the phone, and when someone is telling you your Medicare could be cut off, it’s hard not to react.

So that’s the other lesson today: if you get that sinking feeling seconds after a phone call or revealing information on a website, call the affected financial institution immediately to have your account locked down (and, ideally, start the process of closing the account and opening a new one with a different number).

If you’ve revealed more than just an account number and are concerned about identity theft, call the three credit reporting agencies right away and have identity theft alerts placed on your credit reports:

TransUnion: 1-800-680-7289
Equifax: 1-800-525-6285
Experian:  1-888-EXPERIAN

Even though you could just call one of the above, and the other two will have the information within 24 hours, go ahead an call all three yourself, just to make sure.

The faster you act, the less chance the bad guys have of harming you.

Criminal Identity Theft: Indiana needs to get with the program.

Let’s set up a little scenario here.

Someone steals your identity and creates false identification using your information. This person then commits a crime, for which he is later arrested. He gives your name, SSN, address and other information to the police during the arrest.

The criminal then bonds out, but is due to appear in court on a certain date. Naturally, he never shows up. The police mount a search, which leads them directly to your front door.

A complete mess ensues.

At some point, however, probably after a massive amount of humiliation and stress (and possible physical injury, depending on what the police think you’re capable of), the “system” figures out that the person they were really looking for was also an identity thief, and that you yourself aren’t guilty of anything.

So your arrest record is expunged and you go on with your life, right?

Not in Indiana, apparently.

As it turns out, Indiana has “does not have [a] specific law” regarding the expungement and correction of arrest records for victims of criminal identity theft.

I’m not saying you won’t be able to get your records expunged, but I’ll bet it takes years upon years of sustained effort, red tape and extreme hassle. You’ll basically encounter a wall of, “We don’t have to, so we don’t want to.”

I guess we’re not alone—a lot of states fall under the “no specific law” category at this time.

But you know something? I’ve never been one to buy into the herd mentality, either with regards to action or inaction. In other words, just because not that many other states are doing it doesn’t mean we shouldn’t.

Not many people are running truly non-profit websites about fraud and identity theft prevention, either. Doesn’t stop me, though, does it?

Child Identity Theft: protect your children from yourself

Child identity theft is a very real problem. Children are attractive targets for this crime, since their credit, employment and criminal histories are clean.

There is definitely a threat from other people stealing your child’s identity; your new baby arrives and a few days later someone who claims to be from the hospital calls, asking for the child’s Social Security number because you forgot to give them this information in your excitement.

The problem, of course, is that the call wasn’t from the hospital; it was from somebody who saw the birth announcement in the newspaper and saw an opportunity.

However, the biggest risk to your child’s identity isn’t strangers. Most child identity theft is committed by parents and family members who have easy access to the child’s personal information.

Most of the time, these parents are facing unemployment, poverty and generally stacked odds. They figure they’ll just use the child’s information to qualify for an apartment or telephone service—just this one time—and they’ll make it all better by the time the kid grows up.

Of course, that’s not how it usually plays out. The parent gets an apartment or automobile they can’t actually afford and starts to fall behind. They apply for a few credit cards in the child’s name, just to make purchases for essentials until they get back on their feet, which never happens. By the time a few years have passed, the situation has snowballed and the child’s credit is ruined, along with any trust the child ever felt for his or her parent.

It’s a fact: on this day in 2009, a lot of people are struggling to make ends meet. In fact, no matter when you’re reading this, a lot of people are having a hard time getting by, and you might be one of them. It can be very tempting to use your child’s personal information in times like this.

However, please remember these points:

  1. Any use of your child’s information to obtain credit, services or employment for yourself is identity theft
  2. Stealing your child’s identity is a crime; plenty of parents have gone to jail for it
  3. Don’t think you’re going to “make it all better” before the child gets older—it never really works out that way (and it’s a crime, too, remember?)
  4. You do not own your children, they are not your property to do with as you please, and their future creditworthiness is theirs, not yours
  5. Don’t think your child won’t press charges when they find out about your crime. How do you think those parents in #2 above ended up in prison?
  6. Yes, they’re going to find out. They always find out.

I’m being pretty blunt here—I don’t even like to see greedy adults get swindled when they should know better; I really hate to see children being victimized by the people they should be able to trust above all others.

Your situation might be tough right now, but time is going to pass and life is going to move forward, and what is happening now will one day be what happened years ago. You will only make things worse by committing identity crime against your own child—financially, and by making sure your child never wants to see you again once he or she is grown.

I’m sure some would protest my harsh words here, “You’ve never been broke,” someone might say. “You don’t know what it’s like. You do what you have to do in order to survive.”

And they would be right. I’ve never been truly destitute before. I still don’t buy the excuse, though. There are ways to get by without stealing your own child’s identity. You’re being lazy and not thinking if that’s the only route you can fathom.