Tag Archives: identity theft

Why Traditional Crime Measurements Don’t Tell the Whole Story

All over the nation, the question is being asked, “Why is the overall crime rate in the US on the decline?”

We have the answer:  “It’s not.”

In 1930, the FBI was given the task of collecting and publishing crime-rate statistics from across the country, and the UCR (Uniform Crime Reporting) Program was born. This program collects data from across the country, and it is published in several reports, including the often quoted Crime in the United States report. The report separates offenses into two categories: violent crime and property crime. 

These two categories appear to provide an adequate sample of the types of crimes that should be captured to measure the overall crime rate, but the four “property crime” categories fall short. There is a simple reason: They have not changed since the 1920s.*

For instance, the category of larceny-theft does not include embezzlement, confidence games, forgery, check fraud, etc. Identity theft, which is growing astronomically, is also not included.

According to the two entities within the federal government that measure and report identity theft rates — the Federal Trade Commission’s (FTC) Consumer Sentinel Report and the Bureau of Justice Statistics — identity theft crime rates continue to increase. Identity theft has been ranked as the #1 complaint reported to the FTC for the past 13 years. Of the 2,061,495 complaints captured from a variety of organizations that share data with the FTC, 369,132 were regarding identity theft.

The Bureau of Justice Statistics uses the National Crime Victimization Survey (NCVS) to capture and report its statistics on identity theft.  The last report available captures information from 2005-2010. According to this latest report, approximately 8.6 million households experienced financial identity theft.

The latest statistics available (2012) are from Javelin Strategy & Research Inc., an independent organization not affiliated with the federal government.  Their study concluded that there have been 12.6 million incidents of identity fraud.

Identity theft is increasing faster than property theft crimes are declining, but the public isn’t paying enough attention.  The reasons for apathy include the misconception that one can’t be a victim without a stellar credit rating (i.e., my identity isn’t worthy stealing) and the conspiracy theorist notion that this is all just a scare tactic promoted by industry to entice consumers into buying services that are unnecessary. Both are misguided.

A change in public perception is required. It has been engrained into us that we must take personal responsibility for safeguarding our possessions and our physical wellbeing, so why not our identity?

Most people realize that they cannot guarantee they will never be burglarized.  So they employ tactics to make it harder to break into their home.  When leaving for vacation, they secure doors and windows and activate alarms.  Often, mail is held at the post office and friends are asked to check in on the place.

People must likewise actively guard their identity components (such as passwords and devices).  Taking regular steps to safeguard your identity must become engrained in all of us.  It’s absolutely true that you can do everything right and still become a victim of identity theft – but why not make the thieves work hard?

Ask anyone if they would think twice about wandering into a dark alley, alone, at night, in a dicey neighborhood, and they would say, Absolutely! But consumers think nothing of going to strange websites and entering credit card (or even more personal information) without checking the legitimacy of the site, especially when you can get a screaming deal on that flat-screen TV or tablet.

It is widely recognized that fraud and financial crimes don’t scare or shock people in the same way that violent crimes do.  Unless they rise to the level of Bernie Madoff or Enron, the crimes rarely make headlines.

Additionally, financial crimes are often cited as much harder to accurately measure because of underreporting and lack of consistent reporting methods.**  Some individuals do not believe that financial crime victims suffer true harm, especially if they are eventually made financially whole, as can happen with some identity-theft victims.  There is a misconception that once an individual has false charges removed from a credit account, or false accounts removed from a credit report, or a false tax return remedied by the IRS, that they are no longer the victim.  The victim label is assigned to the entity that takes the financial hit, such as the credit card issuer/financial institution and the IRS. Regardless, a crime has still been committed. Even if the crimes are difficult to measure and don’t shock, they certainly should be included in our evaluation of crime rates.

The infiltration of technology into our daily lives has not only changed the way we live, it has changed the way crimes are being committed. Much like water, criminal elements will take the path of least resistance.  When law enforcement and society become adept at suppressing scofflaws by making a particular crime more difficult to commit, such as through anti-theft devices on cars, criminals move on to other crimes.

Non-violent crimes rates haven’t decreased; they have just changed. Whereas the criminal of twenty years ago was armed with a knife or a gun, today’s criminal is armed with a keyboard or skimming device. The weapon(s) of choice has changed from tools of violence to tools of technology.  Criminals aren’t committing fewer criminal acts, just different ones. We don’t have fewer criminals, only smarter ones.

* Upon inquiry, the FBI responded with the historical information to explain how the eight offense classifications known as Part I crimes were chosen as indicators of the overall crime rate in the country.  The first seven offenses were originally chosen in 1929.  Arson, the 8th offense was added in 1979. The 7 original offenses chosen to illustrate the overall crime rate and used in the annual publication Crime in the United States were not altered at that time.  In fact, they have remained mostly unchanged since the 1920s.

** The FBI has a Financial Crimes Report that is listed under its “Other Reports and Publications” section. Other offense data for fraud and fraud type offenses is captured in the FBI’s NIBRS (National Incident-Based Reporting System); however, identity theft is not one of the incident types captured.

The Financial Crimes Report(s) differ in format from the violent crime/property crime format in the UCR and are more difficult to decipher.  The data contained in these reports is for cases investigated by the FBI.  It does not include financial crimes cases for local jurisdictions throughout the United States as the UCR does.  The most recent report shows 5 year trends in various categories.  The categories of  Corporate Fraud, Securities and commodities fraud, health care fraud, and mortgage fraud (reported cases) all show increasing numbers. Financial institution fraud, insurance fraud, and money laundering case statistics show a decrease in numbers and mass marketing fraud has stayed relatively flat.

The NIBRS report for 2011 indicates there is data on the following fraud type offenses: Bribery – 293; Counterfeiting/Forgery – 74,131; Embezzlement – 17,000; Extortion – 1217, and Fraud Offenses – 245,301. This a total of over 330,000 known incidents that could be counted in the overall crime rate in the UCR.  Though small in comparison to the other property crime numbers, it is not a statistically irrelevant number.   Identity theft statistics are not captured on this report.  Identity theft statistics are published by another department within the USDOJ (of which the FBI is a part), the Bureau of Justice Statistics.

Health Insurance Exchange Scam Alert: Beware of Fake Websites

The Identity Theft Resource Center (ITRC) has growing concerns regarding the potential for new scams concerning the implementation of the Health Insurance Exchange (HIE) websites as part of the Patient Protection and Affordable Care Act (also known as Obamacare). These exchanges are currently online with enrollment due to start on October 1st.

According to the Act, each state must implement insurance exchanges. These exchanges are to serve as online marketplaces (websites) for consumers to compare rates and make choices about which health insurance coverage is best for them. Each state has the ability to determine the best way to manage these exchanges in order to meet the needs of their uninsured residents.

The open enrollment period for these exchanges begins on October 1, 2013. There have already been some predictions that there will be “bugs and glitches,” to quote President Obama, during this process. IT professionals are already voicing concerns regarding the ability to handle the amount of traffic anticipated on the first day of the rollout. However, no one is talking about ensuring that consumers actually know and understand where to go in the first place.

There is huge potential for misinformation and misunderstanding with this new insurance exchange program. Consumers will now be mandated (or face a penalty come tax time) to purchase health insurance if they don’t have existing coverage. The official website, www.healthcare.gov will be used by the majority of the states. But 17 states have opted to manage their own unique exchange with a different URL. This has the potential to cause much confusion for consumers. While it may appear that this information would easily be located via an internet search, our experience was that the official website was not easy to locate. In fact, when we searched for “health insurance exchange official websites” (rather than “website”) the websites for the 17 states that have their own unique URLs appeared, but www.healthcare.gov did not appear on the first page.

From our experience with scams and fake websites, we believe it would be extremely easy for scammers to create multiple websites that will trick consumers into thinking that it is either the federal health exchange website or one of the alternative state websites. Without known and reliable sources, there exists a great opportunity for gaming of the Internet search engines to attract consumers to websites intent on harming them by eliciting the fraudulent collection of personal identifying information (PII). There is a need to present factual information about which websites represent the accredited websites for the new insurance exchanges.

While there is a comprehensive list of insurance exchange websites on www.healthcare.gov, we are concerned that consumers may not find their way there in the first place. Already our searches indicate that there are organizations using keywords such as “Obamacare” and “Health insurance exchange” in the paid advertising section that are not the official insurance exchange websites. While these websites may not be scams, our concern is that it will only be a matter of time before imposter websites intent on real consumer harm surface.

This concern has a historical basis. The Fair Credit Reporting Act (FCRA) requires each of the Credit Reporting Agencies (CRAs: Experian, Transunion, and Equifax) to provide consumers with one free credit report annually. Confusion still exists between www.annualcreditreport.com, which is the court-mandated website hosted by the credit reporting agencies that actually provides annual free credit reports to consumers, and other websites that offer free credit reports or free credit scores such as www.freecreditreport.com, hosted by one of the credit reporting agencies. Soon after the creation of the original mandated website, dozens of look-alike websites were created. Consumer protection organizations, including the Federal Trade Commission, continue to educate consumers about this to this day (Consumer Information: Free Credit Reports) even though the mandated free website was launched in December 2004.

With the operational launch of these new insurance exchanges just a few short months away, consumers will be scrambling to comply before the January 1st, 2014 deadline. We already stated that we expect consumers to use search engines to locate the particular website they are supposed to use, and that the searches are inconsistent. With that knowledge, will regulators put provisions in place to identify, deter, monitor and address imposter websites? Or do they presume that the existing regulatory or enforcement provisions will deter those who create malicious fake websites intended to capture the personally identifiable information of consumers? Information provided to a fake insurance exchange website could be used to commit identity theft and other frauds.

There will be two types of imposter websites that will require redress. Not all imposter websites are created equal. There are differing levels of harm depending upon the type of imposter website consumers discover. There are legitimate businesses cutting corners and engaging in misleading tactics to secure new business and there are outright scam websites, whose intention is to secure personally identifiable information for malicious use.

Phishing and smishing could eventually come into play.

In 2012 “Imposter Scams” ranked 6th (out of 30) in the list of most complained about fraud events according to the FTC Consumer Sentinel Report. The 82,896 complaints represented 4% of the total complaints received by the FTC.

This category is defined by the FTC as “complaints about scammers claiming to be family, friends, a romantic interest, companies, or government agencies to induce people to send money or divulge personal information.” Complaints included the following: Scammers posing as friends or relatives stranded in foreign countries without money, scammers claiming to be working for or affiliated with government agencies, and scammers claiming to be affiliated with a private entity (a charity or company).

By far, the largest subtype of scam was regarding government agency imposters, with over 43,000 of the total in that category. Previous years’ statistics indicate that year over year, government imposters were the most complained about subtype: 47,454 in 2011 and 49,321 in 2010.

This demonstrates that the scammers continue to find impersonating the government to be a lucrative enterprise. Since this is a new program, even those consumers who normally know not to click on strange links in emails or respond to unknown senders of text messages, may feel compelled to respond and potentially share their personally identifiable information via these means. Why should we believe that the health care exchanges will be immune to this kind of impersonation?

If past behavior is an indicator, we can be sure that there will be financial harm to at least some of these victims.

The Internet Crimes Complaint Center (IC3) 2011 report states that it received approximately 39 complaints per day regarding FBI impersonation email scams. IC3 presented a total loss for this type of impersonation scam (via phishing emails) as over $3 million dollars. This number is just for the complaints that the IC3 received and does not take into account all the unreported losses.

A fundamental part of the Identity Theft Resource Center’s mission is to serve as a relevant national resource on topics such as this. In an effort to provide consumers with the important information they need about potential insurance exchange scams, the Identity Theft Resource Center has developed a scam alert and posted additional information on its website to help educate consumers.

The Identity Theft Resource Center is hopeful that there will be strong and coordinated efforts to educate consumers as to the authentic websites for these exchanges. As they differ from state to state, universal messaging will be difficult to coordinate. Of course, there will be glitches, and as with any new process, we will only discover what these are when the actual user experience is reviewed. However, these efforts need to take place now.