By Dan Ilett, 28 February 2006 13:15
NEWS
Just before Christmas, burglars broke into my flat and stole two of my most valued possessions - my Apple PowerBook and my identity documents.
The thieves sifted through drawers, taking utility bills, credit cards, statements and my birth certificate.
Within two hours the police arrived to dust for fingerprints. But none were found and the police have not been in touch since.
So far I've been fortunate in that there haven't been any attempts - that I know of - at fraudulent transactions using any of my information. But going through the process of protecting my identity has made me realise how complicated it is for an individual to keep their identity safe.
It is hard to calculate the cost of identity fraud in the UK - some estimates put it at around £200m per year. But as transactions are increasingly done remotely - by telephone or over the internet - levels of this sort of fraud are likely to rise further.
The first stop was my bank, which cancelled the stolen cards - and accidentally stopped all the others too. The introduction of chip and PIN has made it more difficult for people to use stolen cards in the high street. But that doesn't stop card-not-present fraud or signature fraud in countries that have yet to use chip and PIN.
I changed PINs and passwords for everything but the burglars still had enough documentation to apply for financial products and direct debits in my name.
Utility bills are sometimes the only identification necessary when applying for credit cards and mobile phone accounts, among other things. They are required for some passport applications and a number of other government services as proof of ID.
Next, I applied for a protective registration service from anti-fraud organisation Cifas. For £11.75, Cifas promises to scrutinise any credit applications made in your name.
Cifas, formed by banks, retailers and credit agencies, estimates member organisations lost £63.3m to identity fraud and impersonation in 2005.
One in three attempts made by fraudsters using the details of an innocent victim still results in the application being granted.
The National Consumer Council (NCC) has called for the government to put pressure on companies to take the stress away from identity theft victims. It argues that sector-wide helpdesks in banking and credit should be set up so victims can deal with one person during their ordeal.
Ultimately that could lead to a national ID theft help-point where consumers could report fraud.
An NCC spokeswoman told silicon.com: "We looked at people's experience and thought it would be helpful to make the process quicker and easier. The worst thing is going to the call centres and explaining yourself over and over again. It's as if people feel they are being criminalised."
In the event of ID theft, the Home Office recommends contacting credit reference agencies, such as Call Credit, Equifax and Experian to ensure no one has applied for anything in your name. You can password-protect these accounts to ensure no one can process an application.
Perhaps the most unpleasant thing about ID theft is the uncertainty of what thieves are doing in your name.
In my case, the burglars had credit cards and enough utility bills to prove they lived at my address. This meant they could apply for mail redirection to their address and steal the new cards I had just applied for.
At the time of the robbery I asked the Post Office to inform me if anyone tries to redirect my mail but I was told there was no such service and I would have to phone up and check.
But a spokeswoman from the Post Office later told silicon.com: "If someone sets up a mail redirect we would write to the address from where it's being redirected. The identification presented must be original, such as a bank statement or utility bill. There are a number of security checks."
Which perhaps underscores the greatest identity fraud weakness - the continued reliance on paper documents. My laptop - stolen in the raid - was encrypted so the data on it was probably inaccessible to the thieves.
But you can't encrypt a utility bill and few people would think about locking them away. But for as long as they are accepted as proof of identity, these sorts of documents will remain a weak link in the fight against identity fraud.
Comments
There are 18 comments. Join the discussion
1. anonymous
I am absolutley baffeled that there is no easy way to report this and actually seek efficient help. More over there should be a better way to proof your identity than using your bills and bank statement. For example the government can have a registry for such a thing and the end user could ask for a paper to proof it's identity. using bills and statement is a thing of a passt, and you need to keep them to proof your address, hence these thing could happen. This is a seriouse problem and I beleive there should be more coopration between different organization to reduce the risk.
2. Simon
Anonymous from London seems to be asking for a national identity card. But has he stopped to think what would happen when it's stolen or the database hacked ?
Note the "when", not "if".
3. anonymous
An IT Consultant and he can't spell. What an indictment on education and/or carelessness today!
4. anonymous
A central registry could be just as bad (possibly for a greater percentage of people too) as you don't know for sure what uses Government will put it to, nor what companies will do with the information which the Government is bound to sell to them. Also, it will be hideously expensive.
Whenever I have had to present a utility bill it has had to be current. I suggest a better way, therefore, is to have a circulation list (as per stolen credit cards) of recently stolen utility bills. The entry could be active for, say, three months.
5. anonymous
I had my identity stolen nearly 20 years ago i still can't get it sorted, the credit protection agencies don't want to help as i can't prove anything fortunatly i don't have a problem with my bank so i do everytning through them.
6. anonymous
Unfortunately, in the UK, once a victim, it is very much a case of guilty until proven innocent.
The credit companies which have been defrauded will hound you for the debt you have incurred as a result of the identity theft, and they simply will refuse to believe you have had your identity stolen, and it is up to you to prove that you have.
They will bring about court actions, employ bailiffs, and harass you for the (eg, )big £2000 television you bought just a month ago, using an old utility bill as identity and setting up a direct debit on your bank account, using the out of date cards. The television you just happened to take away with you from the store.
Naturally, the direct debit has been stopped (once noticed), but that will not deter the credit company. They want their money, and they dont care who they get it from. And when you tell them you are a victim of identity theft, they either do not care or refuse to believe you.
Then there is the Inland Revenue and Benefits agency who hound you because you have been fraudently claiming unemployment benefit, and they do not care either. Worse still is they have the power to take their money direct from source, either your bank account or employer, and they will send you to prison if you do not pay. Once again, they refuse to believe you are a victim of identity theft.
Next is the police and courts sending you the summons for the speeding fine you have incurred, in a part of the country you have never visited, yet you have clearly produced your brand new driving licence, obtained only recently. They are only interesting in arresting you for non payment of fines. You have to PROVE you are the victim. They wont believe you.
Then there is the discovery that a passport has been obtained in your name, and people have been using it to work in this county and obtain residency in the UK. All apparently perfectly legal and above board, because the correct identity documentation was produced at the time of application.
Have you ever tried proving that the other person claiming to be you is not you?? Its a nightmare and a half.
The biggest problem is that the burden of proof is stacked against you, as the criminals have as much identify information as you do, and in some cases more, so in the end, you yourself end up not being the person you are.
It can take years to surface, but you can guarantee that the criminals are busy working behind the scenes to not only steal your identity, but to actually take it over completely.
Take it from someone who knows..
7. Lionel A Smith
Anonymous IT Pre-sales:
what a supercilious posting considering the gravity of this issue.
Most of us attempt to ensure that we spell correctly but unfortunately not all are equipped with the ability to remember all words and consulting a dictionary, although useful, takes extra time and does not guarantee that the correct spelling will be usedin future. Besides WPs of US origin insist on incorrectly correcting many words which have alternative spellings and many false positives can lead to real mistakes.
I have have made spelling mistakes here then I am sorry, I did not attend the Hogwarts School of Witchcraft and Wizadry.
8. Mike
A passport application must be signed by a person of "stature", who has known you for more than 3 years. In a disputed identity situation, each rival needs to produce their countersignatory, whose identity presumably has not been compromised. The fraudulent application will either prove to have a forged countersignatory or a "bent" countersignatory, whose probity can be challenged.
9. anonymous
I was the victim of ID theft in Sept 2001. I know who, and how they got my details. My local police force weren't interested as no crime had been committed on their "patch"; although redirection of someone else's post is a criminal offence! As all the fraud was committed in south London, they were supposed to forward details to the Met.
One credit card company had defrauded of £16,500 when I became aware of the fact and immediately notified them. Four weeks later I received another statement showing another £7,000 had been withdrawn using the card. It took several more phone calls to the card company before they took any action. A store in Croydon had the man purporting to be me on CCT for over 10 minutes explaining to their finance dept why they should allow himt to use the store card he'd obtained in my name. He'd also obtained several mobile phones which were running up large bills on calls to Nigeria. Both the store and myslef are still waiting to hear from the police. Doesn't give me much conficence for the future. I have it on good authority that this amount is small beer, and the police don't bother investogating - after all, it's only credit card fraud, and the banks can afford it!
10. Brian
Mike from London wrote:
"A passport application must be signed by a person of "stature", who has known you for more than 3 years. "
Considering virtually anyone can sign a passport application, then getting someone of "Stature" is not difficult. All the person has to do when signing is declare he is a person of Stature (Police officer, doctor, nurse, Company Director, solicitor, lawyer and millions of others).
I had mine signed by a neighbour, who was a police officer, and is now dead. I signed his passport application, in my capacity as a company director (which I no longer am).
So, in the case of a disputed identity, How do I produce my own countersignatory??
11. Don Tregartha
Why all these anonymous posts?
Has someone stolen your identities?
Come on, what are you afraid of - the internet bogeyman?
12. Peter Lewis
In practice, there is unlikely to be a real dispute over true identity, as the fraudster isn't going to hang around to have his (or her) collar felt when the truth emerges.
Nevertheless, thanks to silicon.com for raising this topic.
13. Mike
Despite what Brian wrote, unless you are a hermit (or very unlucky), there must be a number of "people of standing", who can vouch for you. There must also be a presumption that the earliest passport application is probably the genuine one - ID scammers can't wait around for years to cash in! AND, the passport office still have the dupkicate photos, signed on the back.
The point about producing the "guarantor", is so that the "bent" one can be arrested - it's probably worth 5 years inside!!
14. Bob
If the passport is a renewel you don't need a countersignatory, though you do need an old passport to surrender. I wonder if scammers have ever tried sending in an 'old' fake passport in order to get a valid new one?
The Anonymous posters are probably just shy. I was.... ;)
15. anonymous
Spelling is important, especially from IT consultants. I have found myself struggling to follow instructions on some configuration set-up, sent to me by a techie (or even printed in a manual), which are rendered almost meaningless when mis-spelt words are mixed in with technical jargon. I have noticed, when reading Silicon comments that some IT consultants are habitual bad spellers. We all hit the wrong key sometimes, mistakes can be overlooked but some of you don't seem to care and that makes it very confusing for us mere mortals.
I find it ironic that IT consultants can be so sloppy with the written language when they are forced to be so precise with the code they write. Come on you chaps, put the same effort in on both counts.
16. anonymous
If you change your name (as I found out recently following my marriage), you have to find a person of "stature" - somewhat tricky as I have moved around so much - and then post your previous passport, drivers license and your application in the mail. I was very nervous posting all those documents in one go especially given the state of our postal service but very relieved when they all came back ok.
I feel very sorry for the person who had their identity stolen!
17. Adrian Carey
Well said.
I bet 'Anonymous' has never made a spelling mistake - ever...! Hmmm!
18. Nikki B
All this ID theft talk is pretty scary and makes me wonder if pushing for biometric passports, ID cards etc. is actually a good thing after all? I realise there are cons, but at least in the case of proving ID theft the genuine person has indisputable proof of identity....