TSCI and Identity Theft These are compliations from TSCI's email request for advice regarding Identity Theft brought about by a friend of the Web Master. First, contact the crecdit card company, then the credit bureaus and next, the Social Security Administration. But, there's not a lot can be done (except to hire an assassin and put out a contract on the individual(s). For what it is worth, attached is an item on this sort of problem that will appear in the April edition of the Global Alliance. Perhaps this will help. It is in MS Word 97 format, but you can probably convert it for your Mac. IDENTITY THEFT: Could It Happen To You - or Has It Already and You Don't Yet Know? What is Identity Theft? An unknown person steals your credit card, ATM card, checkbook, Social Security Card, and personal data, etc. and drains your account(s) or establishes new accounts in your name or perhaps acquires an equity loan against your house unbeknownst to you. Similar things have happened to an Association member; we also hear of cases occurring in the Air Force. Identity Theft is a federal crime; a violation of the Identity Theft and Assumption Deterrence Act of 1998 [18 U. S. C. ¤ 1028]. Federal agencies with investigative jurisdiction include the US Secret Service, FBI, US Postal Inspection Service. Violations can be prosecuted by the US Department of Justice. The Federal Trade Commission (FTC) is the federal clearinghouse for complaints and will accept such complaints through their web site or at the toll-free number 1-877-382-4357. The FTC web site is very informative and covers a number of subjects, some of which are summarized below: Minimize Your Risk Manage your personal data wisely. Obtain yearly credit reports from all three major credit reporting agencies. [Maryland law, for example, requires the agencies to provide Maryland residents with one free report annually.] Don't ignore non-receipt of a regular bill from a creditor - your mailing address may have been changed by the thief to cover his tracks and delay your learning of a fraudulent action. If You Become a Victim Contact fraud departments of the 3 major credit bureaus and report the theft. Ask for "fraud alerts" to be posted on the accounts and a "victim statement" be placed in the file(s) so that future creditors are required to contact you before opening a new account. Immediately close any accounts fraudulently accessed; contact the security department of appropriate creditor financial institutions. Put passwords on any new accounts opened (don't use your mother's maiden name). File a police report locally or where the theft occurred. Get a copy of the report for future reference - you likely will be asked for it. File a complaint with the FTC. Check state law(s) as applicable to see what additional remedies or help may be available. Forty- two states currently have such laws. [All but 5 of those states have web site links to their statutes on the FTC web site.] The three major credit reporting agencies and their contact addresses are as follows: Equifax, P O Box 840241, Atlanta, GA 30374-0241 [Tel: 800-525-6285] Experian, P O Box 949, Allen, TX 75013-0949 [Tel: 888-397-3742] TransUnion, 760 Sproul Rd, P O Box 390, Springfield, PA 19064-0390 [Tel: 800-680-7289] To report illegal use of your Social Security Card, call the Social Security Administration at: 1-800-269-0271. You can also reach their web site at: http://www.ssa.gov/oig/when.htm and read the article entitled: When Someone Else Uses Your Social Security Number. Additional information is available at the following agency web sites: US Secret Service: http://www.treas.gov/usss/index.htm?faq.htm&1 US Postal Inspection Service: http://www.usps.com/websites/depart/inspect US Department of Justice: http://www.usdoj.gov/criminal/fraud/idtheft.html The bottom line is though. if it happens, recovering from such a damaging situation will rest upon you, the victim or your personal attorney. Government agencies may investigate the crime to identify the perpetrator, but they can't restore your good name and credit record. Reasonable preventive measures and knowing what to do to limit the damage as soon as discovered are the keys. Call the big three credit agencies to be put on fraud alert. Secret Service handles CC theft. Social Security has a fraud lookout service.  (About time they did something useful) My experience is that it is all how it's reported.  The "theft" of the number means nothing.  This changes when charges are incurred based on the numbers used to facilitate new credit cards.  The CC company should be the first step and, only if they do not absorb the entire loss, is there a loss to the "victim".  In other words, if the CC Co eats the loss or writes it off, THEY are the victim.  If not, and they are expecting/demanding payment from your friend, the friend is the victim and the police will certainly make a report on it.  At least this is what I've seen in the past........Glen There is a Penal Code section for identify theft. I don't recall what it is off-hand. In the meantime, have her contact the credit reporting agencies (Equifax, Transunion and Experian) and ask them to put a fraud flag on her files. That will prevent someone from starting new credit accounts without specific info (family dog's name, hospital where she was born, etc). They will be able to tell the the PC section for a police report. Tim: Tell her to contact the FTC. Call 1.877.IDTHEFT or online at www.consumer.gov/idtheft. Tons of info on what steps to take. Bill I suggest to victims of identity theft to start the process to clear their name ASAP. Go to google.com and type in "identity theft". You will get various sites designed for the express purpose to help the victim. The credit bureaus must be notified, etc. Criminal enforcement is spotty at best so the victim will have to shop for an interested lawman or go directly to the DA, financial crimes section. The web site has lots of helpful information. Good hunting. Fred Bornhofen, Elverson, PA Contact all creditors, by phone and in writing, to inform them of the problem Call your nearest Postal Inspection Service office and your local police - file a report Contact the Federal Trade Commission to report the problem Call each of the three credit bureau's fraud units to report identity theft -Ask to have a "Fraud Alert/Victim Impact" statement placed in your credit file asking that creditors call you before opening any new accounts Alert your bank to flag your accounts and to contact you to confirm unusual activity Request a change of PIN and new password Keep a log of all contacts and make copies of all documents You may also wish to contact a privacy or consumer advocacy group regarding illegal activity Contact the Social Security Administration's Fraud Hotline Contact the state office of the Department of Motor Vehicles to see if another license was issued in your name - If so, request a new license number and fill out the DMV's complaint form to begin the fraud investigation process Report Identity Theft To Equifax Credit Bureau, Fraud -1-800-525-6285 Experian Information Solutions -1-888-397-3742 TransUnion Credit Bureau, Fraud -1-800-680-7289 Federal Trade Commission - 1-877-FTC-HELP Social Security Administration, Fraud Hotline -1-800-269-0271 Tim, about the only thing that she can do is to immediately notify the credit card companies (at least as soon as she realizes what is going on). Considering that she did not sign anything on the applications, they should not be able to hold her responsible for any charges. I'm not an attorney, but I have seen this before, and I believe that that has been the case every time. Below is a short dissertation that might be helpful to anyone interested. It does not help after the fact, but better safe than sorry......H IDENTITY THEFT Identity theft is quickly becoming one of America's fastest growing industries. Operating under a variety of methods, identity thieves are obtaining key pieces of our identity and fraudulently using that information for various illegal reasons, to include extensive social engineering. Your Social Security number, driver's license number, credit card number, or other personal identifiers will easily do the trick. The safeguarding of your personal information is critical and there are steps that can be taken to combat identity theft. The following information can be used to reduce the amount of personal information that can be exploited. Release your Social Security Number (SSN) only when absolutely necessary because it is the key to your credit and banking accounts. Do not have your SSN printed on your checks. If your state uses your SSN as your driver's license number, apply to have it changed. Order your Social Security Earnings and Benefits Statement once a year to check for fraud by calling (800) 772-1213. If you SSN is fraudulently used, report it to the Social Security Fraud Hotline at (800) 269-0271. Reduce the number of credit cards you actively use and cancel all unused accounts. Keep a list/photocopy of all your credit card information, and if fraudulent charges appear on one of your accounts, call the Consumer Credit Counseling Service at (800) 388-2227 for help in clearing false claims from your credit report. Shred any pre-approved credit applications, credit card receipts, bills, and other financial information that you don't want before tossing them into the trash. If you do not have a home shredder, use the office shredder. Order your credit report once a year from each of the following three major credit reporting bureaus to check for inaccuracies and fraudulent use of your accounts (and consider removing your name from the marketing lists to reduce the number of pre-approved credit applications you receive by mail): Equifax Credit Reporting Bureau, P.O. Box 740250, Atlanta, GA 30374. To order a copy of your credit report, call (800) 685-1111, and to remove your name from receiving pre-approved credit offers and marketing lists, call (800) 567-8688 or write to the above address. Experian Credit Reporting Bureau (formerly, TRW), P.O. Box 1017, Allen, TX 75013. To order a copy of your credit report, call (888) 397-3742, and to remove your name from receiving pre-approved credit offers, call (800) 353-0809 or write to the above address. Trans Union, P.O. Box 6790, Fullerton, CA 92634. To order a copy of your credit report, call (800) 916-8800, and to remove your name from receiving pre-approved credit offers and marketing lists, call (800) 680-7293. Reduce the amount of junk mail and unwanted telemarketing calls by writing to the following: For unwanted junk mail, contact the Direct Marketing Association's (DMA's) Mail Preference Service, P.O. Box 9008, Farmingdale, NY 11735-9008 and request that your name be removed from all mailing lists. For unwanted telemarketing (phone) solicitation, contact the DMA's Telephone Preference Service, P.O. Box 9014, Farmingdale, NY 11735-9014 and request that your name be removed from their direct telemarketing list. Also, be aware that, when dialing an 800, 888, 900 number, your name, address, and telephone number will probably be captured by the company you dial. Dialing *67 before any call should, in most states, conceal your identifiers. NOTE..... The two DMA exemption requests must be filed separately and are only good for five years, at which time you will have to make another removal request. The DMA only accepts written requests; however, a general information number for DMA is (212) 768-7277. Identity theft problems continue to grow, and so does the access to personal information compiled in private and government databases, including thousands of records available over the Internet with little or no privacy protection standards. Your personal privacy and identity are paramount. Practicing or following some of the above suggestions will reduce your risk from threats associated with identity fraud and social engineering. Tim, I had a friend once that had this happen in Florida. Someone used his identity and ruined his credit rating. Not to mention that he was being pursued by many creditors. The law wouldn't help because they thought he was the criminal. He was completely frustrated until someone told him to contact the Secret Service. I had no idea that this was their jurisdiction, but apparently it is. The Secret Service took care of him and solved his problem, but it took a while. At the time, this guy was an officer in the Navy. Also, notify your state Driver's Lic. Bureau. (see if anyone applied for a "new" lic. in your name). She should contact the Federal Trade Commission (FTC).  There is additional information about identity theft at their website (I'm not sure of the URL address).  Most states have identity theft laws now.  There is also a federal law against identity theft.  She could contact the local Secret Service office or Postal Inspection Service office.  She should also contact the three credit bureaus, Equifax, TRW, Trans Union (either TRW or Trans Union are now known as Experian, I forget which one).  Depending on the amount of loss to the banks will depend on whether the Secret Service or Postal Inspectors get involved.   Whatever the case, she definitely needs to contact the FTC.  They are the focal point for identity theft under the new federal law.  They have lots of information at their website on identity theft.  She needs to do something otherwise, she could end up owing a lot of money or having other problems (i.e. being arrested for crimes her impostor committed, etc.). http://public.wsj.com/sn/y/SB985910528688563410.html By Ted Bridis Staff Reporter of The Wall Street Journal March 30, 2001 WASHINGTON -- Security officials in Beijing have been requiring that in order to sell their products in China, leading antivirus-software companies must provide samples of destructive computer programs and rogue wiretap software from their research labs. Between 1999 and the end of last year, three of the industry's largest vendors -- Network Associates Inc. and Symantec Corp., both based in the U.S., and Trend Micro Inc. of Tokyo -- gave the Chinese security ministry roughly 300 different samples of the most common, malicious software found on the Internet, in exchange for permission to market their products in China. The three companies collectively represent nearly 75% of the $1.2 billion world-wide antivirus-software market. Executives at the three companies said China's Ministry of Public Security, the nation's principal police authority, told them that they needed virus samples to independently test the effectiveness of their software products before they could be sold to consumers. "We've met with this organization, developed a certain level of trust and believe they're doing what they're talking to us about," said Vincent Gullotto, senior director of the research labs at Network Associate's McAfee Corp. unit in Beaverton, Ore. Still, the move has raised concerns among some international-trade and national-security officials here who worry about China developing information-warfare tools. Others characterized the request as a potential time-saver for China that could provide researchers there with insights into developing not just future viruses but also an increasingly popular class of surreptitious monitoring software known as "back doors." It is also possible that the Chinese ministry could be looking to use the viruses to develop their own antivirus products at the expense of research done by foreign companies, although the authorities didn't seek access to the more useful source code that the software companies use to write antivirus products. An official at the press office of the Chinese embassy directed calls to its Commercial Office here. Repeated phone calls to that office weren't returned. Executives at the three companies said they rejected persistent Chinese demands for their broader research collections of viruses and other malicious software. A fourth company, F-Secure Inc. of Finland, said it negotiated last summer to let Chinese researchers conduct virus studies at its new laboratory in Beijing, but declined to surrender the samples directly. "This is very unusual," said Mikko Hypponen, virus-research manager at F-Secure. "No other country has anything similar to this." McAfee President Gene Hodges said that within 90 days of complying with the Chinese request, his company notified the U.S. government that it had provided the samples. "No specific concern was expressed" by the government officials that the company spoke with, Mr. Hodges said. He declined to say who or which U.S. government department his company contacted. Meanwhile, experts also were divided about the potential military usefulness of the common viruses turned over to China. Many of those samples can be found within rogue virus collections already on the Internet, though others are more rare. Mr. Gullotto of McAfee estimated that determined Chinese researchers "might be able to find 80% to 90%" of what the companies provided, and noted that antivirus software currently protects against those samples. Still, the unprecedented request to trade virus samples and other software programs for market access surprised some researchers at the companies. Sharing of viruses for research purposes is usually restricted to fewer than three dozen members world-wide of the loosely organized Computer Antivirus Researchers Organization. Software firms keep their sample virus collections -- code zoos -- in secure rooms and on separate computer networks that are off-limits to all but a handful of experienced employees. U.S. international-trade and national-security officials expressed disappointment with the companies' decisions to share any malicious software with China's government. They noted that the ministry has an intelligence division, and that China's military is developing a "Net Force" of young computer experts trained in information warfare. In late 1999, the Chinese army's official newspaper discussed the need for "software and technology for Net offensives so as to be able to launch attacks and countermeasures on the Net." These same officials said they were somewhat mollified that the software companies had negotiated to hand over to China only samples of relatively common viruses, not their more substantial collections of tens of thousands of dangerous programs. The shared collection was described as easily stored on a single CD-ROM disk. "The concept is troubling," said Commerce Undersecretary William Reinsch, the outgoing head of the U.S. Bureau of Export Administration. "We don't want to promote or encourage information warfare or the further dissemination of viruses that even unintentionally could bring down our systems." He added that the Bush administration may need to consider restricting in some ways the intentional export of malicious software to some countries. Write to Ted Bridis at ted.bridis@wsj.com Tim, Have your friend check out our web site at: www.idfraud.org There is a lot that can be done, and the police are incorrect to tell a victim nothing can be done. We can also send the victim a free guide to Identity Theft to aide in getting things started. A reminder, time is the thing, the sooner you get started the sooner you get it corrected. Bob Hartle - 480-592-5451 Pager - 602-591-7398 Action Steps For Victims Contact all creditors, by phone and in writing, to inform them of the problem Call your nearest Postal Inspection Service office and your local police - file a report Contact the Federal Trade Commission to report the problem Call each of the three credit bureau's fraud units to report identity theft -Ask to have a "Fraud Alert/Victim Impact" statement placed in your credit file asking that creditors call you before opening any new accounts Alert your bank to flag your accounts and to contact you to confirm unusual activity Request a change of PIN and new password Keep a log of all contacts and make copies of all documents You may also wish to contact a privacy or consumer advocacy group regarding illegal activity Contact the Social Security Administration's Fraud Hotline Contact the state office of the Department of Motor Vehicles to see if another license was issued in your name - If so, request a new license number and fill out the DMV's complaint form to begin the fraud investigation process Report Identity Theft To Equifax Credit Bureau, Fraud -1-800-525-6285 Experian Information Solutions -1-888-397-3742 TransUnion Credit Bureau, Fraud -1-800-680-7289 Federal Trade Commission - 1-877-FTC-HELP Social Security Administration, Fraud Hotline -1-800-269-0271 Tim, about the only thing that she can do is to immediately notify the credit card companies (at least as soon as she realizes what is going on). Considering that she did not sign anything on the applications, they should not be able to hold her responsible for any charges. I'm not an attorney, but I have seen this before, and I believe that that has been the case every time. Below is a short dissertation that might be helpful to anyone interested. It does not help after the fact, but better safe than sorry......H She should contact the Federal Trade Commission (FTC).  There is additional information about identity theft at their website (I'm not sure of the URL address).  Most states have identity theft laws now.  There is also a federal law against identity theft.  She could contact the local Secret Service office or Postal Inspection Service office.  She should also contact the three credit bureaus, Equifax, TRW, Trans Union (either TRW or Trans Union are now known as Experian, I forget which one).  Depending on the amount of loss to the banks will depend on whether the Secret Service or Postal Inspectors get involved.   Whatever the case, she definitely needs to contact the FTC.  They are the focal point for identity theft under the new federal law.  They have lots of information at their website on identity theft.  She needs to do something otherwise, she could end up owing a lot of money or having other problems (i.e. being arrested for crimes her impostor committed, etc.). Full Article at: http://www.zdnet.com/zdnn/stories/news/0,4586,5080532,00.html?chkpt=zdnn040301 New cloaked-code threat to security By Robert Lemos ZDNet News April 2, 2001 2:20 PM PT A new technique for disguising programs aimed at cracking corporate networks could raise the stakes in the heated battle between hackers and security experts. During a seminar last week at the CanSecWest conference in Vancouver, British Columbia, a hacker named "K2" revealed a program he created that can camouflage the tiny programs that hackers generally use to crack through system security. The cloaking technique is aimed at foiling the pattern-recognition intelligence used by many intrusion detection systems, or IDSes, known as the burglar alarms of the Internet. "Trust me, this will blow away any pattern matching," said K2, who would not reveal his real name because he also works as a security consultant If you have all the info saved, do it for me. I would appreciate it. Let me know what else you need or think would be useful. I have to depend on people like you to let me know what should be included. In fact, why not an entirely new section labeled potporria and inside it, different folders for related items. I have a bunch of stuff that would be interesting and useful to others. Let me know. Tim My web master was so impressed with all the info you foilks provided regarding identity theft, she suggested I start a new section on my web page where it is grouped. I asked her about a section labeled POTPORRIA in which I have nemerous folders in which items pertaining to the various things we have discussed in the past (and the future) will be archived. I will have an introductory note on the opening page of the potporria section asking for anyone with additional info on any of the nsubjects to pass them on for inclusion. Any additional thoughts on that from you folks? Tim BTW, she and her friend asked me to pass on their greatest thanks to you folks for the pletoria of info you provided. Then, have fun. But don't expect to be paid anytime soon. Toni and i will be out of country (in France) from 16 April until 2 May. Then, I'll consider it. Once you get it set up, I'll provide additiona info for other "folders" Tim Sorry this is late Tim. When she contacts the SSA see if she can get a duplicate number issued. I'd also contact the creditor where the new cards are drawn on. Advise the fraud department, verbally and then in writing. Remember if it isn't documented it never happened. I'm assuming they have already gotten a new Credit Report? Run the SSN in one of the good data bases and see if it comes back with two different address for the owner. Most of those reports will have a star behind the additional address. Thought this might help. Later. Fred Fred Waltz, CMI WI & MN PI Lic. #s / 8876-063 & 695 Owner, Worldwide Research & Security Charter Member Investigators of America DART, MAPI-MN, MCCIA, NAI, PAWLI 715 386-4185 715 386-5849 FAX 651 274-2271 Cell 612 747-1956 Cell wwrs@pressenter.com Tim Johnson Technical Security Consultants Inc Chandler, AZ 85244 AZ PI. License # 8707004 (480)786-0909 http://www.dbugman.com What you say in private is your business. Keeping it private is ours. ©1987 Stealing identity - the rise of personal data theft By Neil Robinson, Jane's Intelligence Review, 6/4/2001 No URL available. HIGHLIGHT: Technological advances and changing economic patterns have encouraged the growth of identity theft. As Neil Robinson explains, the ability of criminals to steal the identity of others has been facilitated increasing dependence on digitised information. BODY: Personal identity is increasingly being defined by electronically stored data, widening the scope for digital impersonation, or electronic identity theft. Although impersonation is not a new type of crime, the increasing use of digitised information and communications means that criminals wishing to steal the identity of others can do so quickly, easily and with less risk than before. The recent case of Abraham Abdallah (see box) illustrates the gravity of the crime, and the ease with which it can be perpetrated. Identity theft is increasing as more personal information is held by companies and organisations. This is a product of the 'push' business model, by which companies try to obtain as much information about customers as possible in order to maximise their return on investment. Credit cards make the problem even worse, as credit histories become the de facto method of assessing individual risk. When consumers visit supermarkets or pay for goods via credit cards, they unwittingly add to databases of information. These are then used to improve the shopping experience, or improve business processes such as just-in-time delivery, which revolve around complex supply chains, relying on data that customers provide when they pay for goods using electronic point-of-sale methods. This is set to increase in the future, and although UK and European nations are guided by the EU data protection directive (and various national legislative instruments), the risk that data will be abused or stolen is becoming ever more real. The advent of government-to-consumer services like the recently unveiled 'UK Online' citizen portal, which provides electronic registration of life events, will also increase the vulnerability of 'identity'. Websites such as 'Any Who' (www.anywho.com) and 'People Find' (www.peoplefind.com) already allow searches for names, addresses and death certificates. In the USA the amount of data stored electronically is massive. E-commerce, coupled with the home computer, means that millions of people have their credit card information stored in the computers of banks, e-retail companies and information clearing houses. The potential of all this data has not been lost on identity thieves. Electronic identity theft is the fastest growing crime in the USA, with 500,000 new victims per year. Identity thieves build databases of their targets from a number of sources. In the reconnaissance phase they may write to one of the companies that hold credit histories, such as Experian or Equifax, and fraudulently obtain a copy of a credit report. They then steal wallets or purses containing credit cards, or they steal post and write to a bank or credit card company requesting a change of address. Alternatively, they may approach an information broker (a practise increasing with the readily available amounts of information on the Internet) and pay for a report on the target. Credit card numbers and 'l/p' (jargon for login/password information) may be exchanged on bulletin boards and on Internet relay chat rooms. Finally, the actual execution may be completed over the Internet or via other information technologies. Identity thieves can leave fake voice mail numbers so that the appearance of authenticity is maintained when companies ring to check information. E-mail can be spoofed or faked so that false requests can be issued for the transfer of funds. Far less complicated methods include simply making purchases with stolen credit card information. Identity thieves take advantage of the Internet and World Wide Web by adopting a methodical approach. Law enforcement agencies often find carefully compiled target databases when they arrest suspects. Some identity thieves perpetrate crimes as part of a campaign of stalking - they write letters and physically harass the victim. The primary motive for those who steal identities is financial gain. As such, the crime falls into the category of computer-related offences as defined by the draft Council of Europe Convention on Cybercrime. The target is not the computer, but computers and information technology are used as a means of executing the crime. Gary Collins, a security investigator for the US Bank of America Corp, estimates the annual costs to US consumers at US$800 million per year. Fraudulent assumption of a different identity in filing tax returns is also a major problem - the US Internal Revenue Service has identified this has cost the agency over $1.2 billion since 1992. However, not all perpetrators are motivated by a financial return. There have been documented cases where identity theft is used as a tool to ruin the lives of members of hacker gangs following police investigation. Gang members turn on each other, changing telephone details and applying criminal records so the victim finds he is wanted for serious crime but subsequently has difficulty proving his real identity. Current forms of identity theft are primarily a US phenomenon but the appearance of government portals and other data warehouses of personal information in other countries increase the risk of information being stolen, corrupted or abused. The USA has enacted a number of pieces of legislation designed to protect consumers against this type of crime. In the EU, a Data Protection Directive issued in 1995 forced member states to adopt data protection legislation, which in turn placed the burden of responsibility on companies and organisations to ensure the data held was correct. However, the take-up of e-commerce in Europe and increased use of credit cards will result in increased instances of this type of crime. In the USA, the Identity Theft and Assumption Deterrence Act, enacted by Congress in October 1998, is the federal law directed at identity theft. It carries a maximum sentence of 15 years imprisonment and property forfeiture. The US Federal Trade Commission (FTC) is the agency responsible for co-ordinating anti- identity theft activity, and logging instances of the crime. The FTC has an online database, telephone helplines and victim assistance programmes. Awareness of the problem is growing. Identity theft victim Mari Franks met with President Clinton and discussed the issues at a consumer privacy conference in 1999, and in late 2000 the International Association of Chiefs of Police adopted a resolution on curbing identity theft, asking law enforcement agencies in the USA to take more positive actions in recording the incidents and passing data to the FTC. The main legislative instruments concerned with this issue are orientated around data protection; in the UK the Data Protection Act (given Royal Assent in 1998) came into force in March 2001. Consumers also have the option of writing to credit bureaux to request a copy of their own credit history. Online banks are considering the concept of providing limited liability to their customers. Identity theft has not yet hit the UK and Europe as it has the USA. E-commerce is not as prevalent as in the USA, and consumers are reluctant to hand over credit card numbers to companies trading online. Legislative instruments, and different business philosophies (including a less aggressive marketing outlook) may also account for the difference. Also, consumer protection organisations with reporting mechanisms do not exist on the same scale as in the USA. This may mean victims are simply unable to report crimes and are meeting walls of indifference from credit and law enforcement authorities. Awareness will have to be the watchword for dealing with this problem. Consumers and industry need to be aware of the risks of insecure information of a personal nature. Examples of identity theft In March 2001 Abraham Abdallah was caught by New York police with the social security numbers, home addresses and birth dates of 217 Chief Executive Officers, (CEOs) and celebrities written in the margins of Forbes' The 400 Richest People in America magazine. Initial estimates suggest he stole over US$100,000 from around 400 credit card accounts, including Oprah Winfrey, George Lucas and Microsoft co-founder Paul Allen. Last year, golfing celebrity Tiger Woods was the victim of identity theft. Anthony Taylor of Sacramento ran up $17,000 on the sportsman's credit cards. He was able to purchase car loans and expensive electrical equipment. An Anaheim woman was arrested in spring 2001 after she and her ex- husband allegedly stole more than 60 identification documents and used them to apply for credit cards during a three-year identity- theft scheme. The United States Secret Service (USSS) was involved in a case of a woman from Rhode Island who was defrauded by $180,000 and could not receive assistance from the police because she was told that she was not the victim of any 'specific crime'. Agents from the USSS eventually arrested the suspect. Latanya Sweeney, assistant professor of Computer Science and Public Policy at Carnegie Mellon University, obtained the specific health records of a major state employee (the mayor of a town in Massachusetts) from piecing together ZIP codes, birth dates and gender (which the health insurance agency held on file), and a copy of the voting register to prove the vulnerability of personal medical data. $100,000 was charged to Robert B Hartle's credit card account in 1998, ruining his credit rating. The police managed to successfully obtain a conviction on unrelated charges, as it was not a defined as a crime at the time. His testimony was the spur to the creation of state and then federal legislation. Jessica Grant's identity was stolen by a woman in Texas who applied for credit 19 times using her name and social security number. Over $60,000 worth of purchases were made including a $25,000 loan for a mobile home, two car loans, credit card bills, and charges for a cellular phone. Neil Robinson is a Research Co-ordinator for the Information Assurance Advisory Council (IAAC). GRAPHIC: Photograph 1, Abraham Abdallah accused of the identity theft of, among others, George Lucas and Oprah Winfrey. A similar fraud was carried out on Tiger Woods (pictured) resulting in $17,000 being falsely attributed to his credit card accounts. (Source: PA News); Photograph 2, Abraham Abdallah pictured) accused of the identity theft of, among others, george lucas and oprah winfrey. a similar fraud was carried out on tiger woods resulting in $17,000 being falsely attributed to his credit card accounts. (Source: PA News)