“Identity theft” is the use of someone else’s personal information without his or her permission, usually for financial gain. While state and federal laws prohibit identity theft and provide restitution for victims, the immediate impact on consumers can be devastating. Both the public and private sectors provide tools that allow consumers to protect themselves proactively from identity theft, and to mitigate the harm if identity theft does occur.
What is Identity Theft?
The term “identity theft” dates back to at least the early 1990s, but the practice is probably as old as financial crime itself. Some identity theft still involves alteration or forgery of documents, such as when someone intercepts another person’s mail and uses his or her financial information to forge documents in that person’s name. A substantial amount of identity theft has moved into the realm of cybercrime, with financial and other personal information obtained from hacked email or cloud storage accounts, cell phones, home computer networks, and other digital sources.
Identity theft is often just one part of a larger fraudulent scheme. An identity thief may use stolen personal information, for example, to open new credit card accounts. The identity theft victim receives the bill for the thief’s purchases. Victims are often able to clear their record, but these procedures take time and may not prevent short-term damage to a person’s credit score and financial reputation. The extent of the damage caused by identity theft is difficult to determine, but the FBI states that, during a roughly five-year period ending in the middle of fiscal year 2013, it recovered about $4.6 billion and obtained orders for restitution in excess of $78 billion.
Types of Identity Theft
Financial identity theft is the most common and most well-known form of identity theft, but a person may find his or her personal information misappropriated for other purposes as well:
Criminal identity theft: A person may present a fraudulent identity to police, either with a fake identity he or she has already created, or simply by using someone else’s name. In some cases, this could result in criminal charges against the wrong person. More often, a criminal identity theft victim learns that he or she has a criminal record at an inopportune moment, such as when he or she applies for a job and undergoes a background check.
Identity cloning or impersonation: An identity thief might impersonate someone else in order to conceal his or her own identity from the government, creditors, or others.
Medical identity theft: This occurs when someone uses another person’s identity to seek health care, such as in order to use that person’s health insurance. It can have potentially catastrophic consequences if health information about the identity thief ends up in the victim’s medical file.
Identity Theft Legislation
The U.S. Congress has passed several laws specifically targeting identity theft for prosecution. The Identity Theft and Assumption Deterrence Act of 1998 added a new federal statute addressing identity theft. The Identity Theft Penalty Enhancement Act of 2004 created the offense of “aggravated identity theft.” The Identity Theft Enforcement and Restitution Act of 2008 allows federal courts to order a defendant to pay restitution for “the value of the time reasonably spent by the victim” trying to repair “the intended or actual harm” that he or she suffered.
Consumer Protection Laws
Many state and federal consumer protection statutes include provisions that assist identity theft victims, particularly those who find that someone has taken out one or more debts in his or her name. The Fair Debt Collection Practices Act, for example, allows consumers to challenge the validity of a debt if they are contacted by a debt collector. The Fair Credit Reporting Act, as amended by the Fair and Accurate Credit Transactions Act of 2003, gives consumers access to their credit reports and allows them to object to inaccurate information.