If thieves have got your number - off a Social Security card, say - that's all they need to pose as you. Behind a rising crime wave.
Just call them 21st-century pickpockets.
With a bit of persistence, and some help from the web and the White Pages, those who once relied on sleight of hand to nab a wallet can now commandeer consumers' finances with just a few pieces of personal information.
Thieves can use the data, usually a name and Social Security number, to open false credit and bank accounts, as well as obtain drivers licenses and passports. The criminals are then able to spend thousands of dollars posing as people they have probably never set eyes on.
Identity theft, not even designated as a crime four years ago, now ranks as US consumers' top fraud complaint, according to the Federal Trade Commission. The problem caught fire this past decade - an unfortunate offshoot of a technological boom in the spread of sensitive personal information, experts say.
The technology has also allowed thieves to access such data in secret.
American society has been slow to respond. Most consumers still handle their personal information with casual confidence - only 3 in 5 US consumers are worried about their identities being stolen, according to a survey by eFunds, an electronic-payment company.
And the justice system continues to treat most offenses as white-collar crimes - with a punishment often amounting to little more than a hefty fine.
Many concerned with the mounting threats to personal privacy are calling for consumer education and a toughening of laws. But they have also begun to focus on a deeply rooted social cause: American's desire to shop, make deposits, access cash, and sign up for services without limitations on time and place.
Here's how the scam often works: First, a thief glances over someone's shoulder at a checkout line or sneaks a peek at an order form to learn the person's name and Social Security number. The thief then performs an online search or flips through a phone book to get a home address. That information is often sufficient to order a copy of the individual's birth certificate over the phone, or even obtain a fake driver's license. The result: a new credit card or fresh bank account in the victim's name.
A quick phone call requesting a change of address diverts bills from the account holder's attention. Unless individuals check their credit reports, the theft can go unnoticed for a few years.
It took Heidi, a San Diego resident, seven months to learn that her identity had been stolen and used to open 30 credit-card accounts. The 30-something woman, who preferred that her last name not be used for this story, learned of the theft in December, when a clerk said she had exceeded her limit on her department-store charge.
Heidi ordered a copy of her credit report. Twenty pages long, it revealed new charge accounts opened at places she had never shopped - including the Disney Store and JCPenney - and a debt exceeding $30,000. Those whose identities have been stolen spend an average of 175 hours and $808 clearing their names, according to the Identity Theft Resource Center in San Diego.
Like most victims of identity theft, Heidi doesn't know how the thief discovered so much information.
The task of stealing personal data is not a stretch for many criminals. Some miscreants focus on people who send out payments through their curb-side mailboxes. Others sift through incoming mail for preapproved credit-card offers, particularly mouth-watering targets for theft. Still others simply call hundreds of homes, pretending to be a banker "verifying" credit-card information.
Technology has simplified most scams. Anyone with a computer, printer, and scanner can falsify personal checks, credit cards, and IDs. One Internet site, called Info World, was recently shut down by the FTC after granting 45 days of access to fake ID templates online.
Employees who work cash registers sometimes run credit cards through tiny devices called "swipers" that read account information. The data can be downloaded and scanned onto a false credit card. Last month, a man allegedly linked to a terrorist cell was arrested for allegedly doing just that at a Cambridge, Mass., health club.
The complexity of some identity-theft operations has led investigators to suspect many are used to finance far more nefarious activities, such as drug dealing.
"We hear about a large drop in violent crime and assaults, and yet there's a large increase in the area of drugs," says Jay Foley, director of consumer victims services of the Identity Theft Resource Center.
"Where are they getting their money from if not from these kinds of crimes?"
Identity-theft operations are growing more sophisticated. Yet law-enforcement officials are paying relatively little attention. Many states qualify the crime as a misdemeanor. If convicted, most offenders will not even serve a prison sentence, but spend perhaps one year on parole and pay a $100,000 fine.
Judges would rather use dwindling prison space to incarcerate those convicted of crimes that cause physical harm. "They want people in the prisons who play with guns, not pencils," says Mr. Foley.
And police often squabble over which jurisdiction - that of the victim or the offender - should investigate the crime. In the case of the San Diego woman, the FBI said it had more important criminals to pursue.
"They listened to me, but basically told me they were busy chasing terrorists," says Heidi. "They said they don't usually take cases involving less than $100,000."
After reporting the theft and freezing their accounts, among other acts, consumers are relatively free of financial liability. But credit-card companies themselves are rarely willing to devote resources to track down offenders. Most simply write off the debt as a loss on their taxes.
Of the 30 companies that lost money in Heidi's case, only two were willing to file a police report. Kay Jewelers ultimately did so. A police investigator found a woman receiving packages at a Mail Boxes Etc. in Huntington Beach, Calif. At the time of publication, the woman had hired a lawyer, but had not been arrested.
Consumer advocates hope to persuade creditors that prosecution of identity thieves is in their company's long-term interests. But they also point to an even broader problem driving theft in the American economy: the effort to do too much business, too fast.
Every day, 1 million credit-card offers are mailed to consumers; each minute, tens of thousands of credit-card purchases are processed, according to Ken Hunter, president of the Better Business Bureau. "The acts of theft are needles in a huge haystack of transactions," he says.
Many transactions are conducted in private. Americans can now open accounts, deposit money, and spend funds without speaking to a single person. Data that can be entered into a computer or on a telephone keypad are now used to identity most customers.
In the US, the Social Security number is the identifier of choice. Colleges put them on student IDs. Some states place them on drivers' licenses. They are also collected by thousands of retailers and charities who do not require them for business.
The overuse of the number, critics say, illustrates the abuse of consumer privacy in the name of commercial expedience. Consumer groups are beginning to ask companies to take more precautions, such as performing deep background checks on account applicants.
They say companies should be required to call customers to verify a change in address. They also say credit reporting agencies - consumers' last line of defense with their financial information - must pay closer attention to discrepancies between their records and new accounts.
"We need to ... balance customer expectations and access to information," says Peter Cohen, chief privacy officer of the Royal Bank of Canada in Toronto.
Heidi, for one, suggests consumers take prevention into their own hands. She recently instructed the credit bureaus and her credit-card companies to ask for a password before changing any of her personal information.
"Once this woman got my Social Security number, my creditors obviously believed everything she told them," says Heidi.
Heightened awareness and common sense can prevent most incidents of identity theft. Consumer advocates suggest that people not carry their Social Security cards, and use caution in writing checks to anyone outside the "official" economy.
They add that consumers should never give out account information over the telephone to those purporting to be checking on the status of their accounts. Instead, account holders should call the company, using a publicly listed telephone number.
Consumers should be aware that many companies do not require personal information like Social Security numbers (sometimes just a partial S.S. number can be offered as an identifier). "Information never collected doesn't invade anyone's privacy," adds Robert Ellis Smith, publisher of the Privacy Journal, a privacy newsletter in Providence, R.I.
If you do give out personal information, companies are required to disclose how that data will be used. Consumers can also demand that financial-service firms not share or sell their personal information. Each year, these companies must inform customers of their right to opt out of their data being sold.
Tools for helping avert identity theft include:
Paper shredders. Use these to destroy sensitive documents such as preapproved credit-card applications or tax information. Wastebasket-size shredders cost between $15 and $200.
Locked mailboxes. Check with your post office to make sure mail carriers will be able to access them.
Firewall software. This can ward off hackers' attempts to find personal information on your computer. Good programs run between $30 and $50.
Encryption software. This cloaks your e-mail and other online communications in code - decipherable only by those equipped with the password. PGP Security, one of the market leaders, offers free encryption software on their website (www.pgp.com/products/ freeware/default.asp).
Identity-theft victims can usually clear their names by contacting creditors and the three major credit bureaus: Equifax (800-685-1111), Experian (888-397-3742), and TransUnion (800-888-4213). Provide them with a notarized affidavit identifying any fraudulent account and ask that it be closed. To help with the process, the Consumer Information Center has a seven-page form on its website (www.consumer.gov/ idtheft/affidavit.htm). It can be downloaded, copied, and mailed to credit bureaus and creditors.
For more tips, visit the Identity Theft Resource Center's website (www.idtheftcenter.org).
How big a trend: An estimated 500,000 to 750,000 Americans were victims of identity theft in 2001. (Some 200,000 filed complaints.) Cost to economy: $3 billion.
Who's hit most: The average age of consumers reporting an incident was 41. Washington, D.C., had the highest rate of identity theft, with 77 victims for every 100,000 people. California and Nevada followed, with ratios of 45 and 41 per 100,000, respectively.
Thieves' favorite angles: Credit-card fraud accounted for the most incidents, followed by the creation of false phone and utility accounts and false bank accounts.
Source: Federal Trade Commission, Treasury Department