Caslon Analytics elephant logo title for Identity Crime profile
home | about | site use | resources | publications | timeline |::| Analysphere | Ketupa

overview

identity?

pre-modern

apparitions

conmen

honour

cards

resumes

pollution

tools

statistics

costs

responses

insurance

Aust law

other law

memoirs

fiction

forensics

shadows

true lies

dead souls

gender

landmarks







related pages icon
related
Guides:

Security &
InfoCrime

Governance

Information
Economy

Consumers
& Trust



related pages icon
related
Profiles
& Notes:

Forgery &
Forensics

Biometrics

Credit
reporting

Vetting
Services

419 scam

Spyware















section heading icon     cards

This page considers contemporary identity theft/fraud involving paper and plastic money.

It covers -

  • introduction - the shape of identity crime at the turn of the millennium
  • identity and authority in an information economy - questions about authorisation, verification and credentialism in 'anonymist' societies
  • building blocks - where does information come from for ID crime?
  • payment systems - cheque fraud, credit card skimming, shoulder surfing and credit risk
  • who are the criminals - opportunists, gangs, insiders and familiars
  • Australian cases - some local incidents
  • studies - some works on contemporary ID crime.

It is of interest as most offences (and arguably most economic and personal damage) occurs offline.

section marker     introduction

Woody Guthrie's 1939 Pretty Boy Floyd reminded the listener that

I've seen lots of funny men;
Some will rob you with a six-gun,
And some with a fountain pen.

Contemporary identity crime is an extension of the offences discussed in the preceding page of this profile, rather than an unprecedented new development.

As in the past it encompasses a range of misbehaviour, from direct financial theft through to people-smuggling, sullying someone's reputation on a non-financial basis or improperly claiming expertise. It has largely been addressed through traditional law, explored later in this profile, and through action by regulators, financial institutions and individuals.

Some of that action would be familiar to a person living in the 1650s. Other action, including biometric verification services, is a distinctly modern response to uncertainties about identity and authorisation. It forms the basis for responses to much online identity crime and, more broadly, for questions about identity in electronic networks where perceptions of risk allow substantial anonymity/pseudonymity.

Responses have been complicated by mythologising about the extent and shape of identity crime. Some pundits and journalists for example have indicated that it is uniquely modern or unprecedented, that it is "the crime of the century" and that it primarily involves gangs of skilled criminals, often depicted as lurking behind a computer screen somewhere offshore.

Politicians and government officials have similarly succumbed to the temptation to simplify, on occasion referring to a wave of welfare fraud - unsubstantiated by statistics - or identity abuse by terrorists that can supposedly be comprehensively addressed through mechanisms such as an Australia Card. Solution vendors have hyped particular tools. Consumer advocates have noted concerns about responses by some data custodians or merely the irresponsibility of some large organisations.

The US Federal Trade Commission notes that the basket of offences characterised as 'identity theft' is the top consumer fraud in that country, a comment consistent with experience in Australia and New Zealand.

The FTC indicates that as of 2004 only 11% of known identity theft cases occurred online (of which around half involved spyware and the rest phishing or hackers). Much involved traditional misuse of paper.

Around 30% of its 'identity fraud crimes' involved loss of a wallet, chequebook or credit card. Under 5% was a result of information being removed from personal garbage; over 10% occurred when personal information was misused by a family member, friend or acquaintance. 32% of identity theft victims (in cases where the perpetrator's identity was known) found a family member or relative was responsible; 18% had been victimized by a friend, neighbor or in-home employee.

Complete strangers outside the workplace accounted for only 24% of identity thefts, with a colleague perpetrating only 4% of identity thefts. Much identity theft involved insiders within data custodians: staff/contractors at organisations with access to personal information were responsible for 13% of identity theft.

The UK Cabinet Office, consistent with studies by the Australian National Audit Office, concluded that the incidence of identity offences in pension and other social services was a fraction of 1% of recipients and was not growing significantly.

section marker     identity and authority in an info economy

Contemporary offline identity crime is a consequence of modernity -

  • societies where people rely on identity documents rather than personal knowledge
  • economies where most commercial transactions are not conducted face to face
  • regulatory environments where the volume of transactions and perceptions of risk militate against forensic scrutiny of individual documents and interactions unless there is cause for suspicion.


section marker     building blocks

The following methods have been noted by law enforcement agencies –

  • retrieving documents containing personal information (eg bank and credit card statements) from rubbish - 'dumpster diving'
  • intercepting credit cards, debit cards and documents such as passport applications in post offices, letter boxes or courier service premises and bags
  • stealing wallets, coats and other items that contain cards and identification papers

Elsewhere we have highlighted theft, sale or forgery of breeder documents such as birth certificates and passports. In May 2007 UK police revealed that at least 200 of 850 blank birth certificates stolen from Erewash in Derbyshire during 2005 had been used to create fake identities and claim student loans. Adeleke Adebayo created 17 separate identities and signed himself up for courses at universities across the UK, collecting the loans but not going to class. At London Metropolitan University he was enrolled in five degree courses using five bogus identities.

section marker     payment systems

Electronic 'skimming' of credit cards and ATM cards updates misuse of the carbons, with illicit capture of information from the magnetic stripe on the back of a card. At its simplest it involves unauthorised swiping of a card when a consumer makes a payment, for example in a restaurant when a waiter takes the card away to pay the bill. At its most exotic it has involved scams where criminals collect information (including PINs) via a fake ATM in a public place or where there is covert surveillance of a PIN when the consumer confirms an authorised swipe.

Arguably there has been more media attention and consumer angst about 'shoulder surfing', with thieves observing people at automatic teller machines while keying in identifiers or listening while an individual provides a credit card number to someone by mobile telephone. That information generally is insufficient for an effective fraud but provides a building block for identity theft.

'Mail non-receipt fraud' occurs when a criminal intercepts a new or replacement card from a retailer or financial institution, for example inside a post office or by removing the envelope from letterboxes. That has led most card issuers to send out 'inactive' cards, which are not authorised until the account holder confirms that person's identify and card number.

One writer in the London Times, discussing exposure of 45 million credit cards in the TJX incident, claimed that cardersmarket.com, cardingworld.cc, scandinaviancarding.com and darkmarket.ws act as "an eBay for hackers", allowing criminals to buy and sell stolen card details.

section marker     who are the criminals?

As the preceding paragraphs suggest, there is no single discrete type of identity criminal: theft is not restricted to a cyberliterate Russian mafiya or people over 21.

Some criminals wear suits and are active in boardrooms and executive suites at the big end of town, having engaged in resume fraud. Others are your neighbour's children (misusing mum's credit card) or the students in your classroom (editing an identity document to gain a cheap fare or evade age-based restrictions regarding entertainment venues and purchases).

Some are itinerants who steal individual credit cards from bags and letterboxes (easier than stealing your VCR or turning your car into spare parts). Others operate on an industrial scale, illicitly accessing databases or trading in details obtained from those databases. As with much retail crime, some offences involve insiders - whether behind the till or in the computer suite.

In 2002 for example a group of US high school students bought US$36,000 worth of goods online after stealing credit card data from a Chase Bankcard office where they had worked as interns. One 16 year old student was arrested after altering addresses and phone numbers on credit card accounts to direct online purchases to abandoned houses in his neighborhood, where he collected the packages. The theft was detected when customers complained about being billed for the goods.

Dido Mayue-Belezika led a gang of around 220 people who stole around £20m from people in the UK. Mayue-Belezika for example intercepted every chequebook he encountered as a postman, indulging in gangsta bling such as £1,400 for a pair of shoes that featured his initials engraved on the soles. In a separate UK case during 2006 Ali Dahir indicated that a gang used over 3,000 stolen cards, extracted from letterboxes and postal sorting rooms, to buy luxury goods worth £870,000.

section marker     Australian cases

There has been no comprehensive dissection of reported Australian identity crime. The following paragraphs offer blurry snapshots of particular incidents, illustrating the range of offences and perpretrators.

NSW police received a bag during 2004, apparently found in a Sydney street. It reportedly contained disks featuring templates for manufacture of bogus Medicare cards, drivers' licences, utility bills, bank statements and birth and marriage certificates, ie 'breeder documents' for creation of an identity and for establishment of bank accounts. The bag also contained fake certificates from the Civil Aviation Authority regarding authorisation to fly light aircraft. Follow-up action saw the arrest of two men for 234 forgery-related offences. One of the perpetrators spent $35,000 on a ski boat unwisely named 'Crime Pays'.

In the mid-1990s a Victorian used desktop publishing skills to concoct 41 birth certificates and student identification cards, gaining the requisite 100 points for a mere 42 bank accounts, registration of a business name, sales tax refunds and equipment purchases.

Another criminal obtained the birth certificates of four babies who had died in the 1970s, using their identity to obtain $20,857 in unemployment benefits. On arrest he was in possession of fake proof of identity documents such as rental leases, mobile phone accounts, motor vehicle learner's permits and student cards. A contemporary used up to 50 false identities in a $7 million property fraud in NSW, Victoria and the ACT, obtaining home loans from financial institutions.

Not to be outdone, a bank manager and assistant created accounts in fictitious names and in the names of relatives, circumventing proof of identity protocols to snaffle $1.5 million in unauthorised loans. The scam was discovered in 2001 when an account went into default and the bank could not find the fictitious customer.

A solicitor similarly relied on old-fashioned methods of making money, relying on fake birth certificates and drivers' licences to disguise money looted from the accounts of his clients. During 1997 an adventurous 24 year old gained 45 credit cards in different names (after applying for 61). She had charmingly appropriated some names from school acquaintances. This resulted in the destruction of credit of many, one of whom also suffered the additional indignity of being named by the applicant as her co-offender and mentor in the frauds.

More bizarrely, a murdererer entered Australia using the passport of a female friend's brother, subsequently exploiting the passport of another brother before being convicted with that person's murder.

A group of car thieves operated on a more industrial scale, using personal details of owners of cars with the same make and model as vehicles stolen by the gang. The information was used to obtain duplicate registration certificates, number plates and labels to 're-birth' those vehicles prior to sale to unsuspecting purchasers interstate. One victim discovered that the thieves had amended his name by deed poll to facilitate further offences; other victims experienced difficulty in proving lack of involvement in the scam.

In R v Fletcher (2002 WL 559471, [2002] VSCA 40) the Victorian Supreme Court heard that the offender gained a merchant facility to accept credit and debit card payment for goods and services. 275 transactions were processed in the first week of  2000: 55 transactions totalling $147,945 were approved, the remaining 220 transactions (totalling $534,125) were declined.

The offender

admitted that he had effected all those transactions using credit card numbers obtained from a Swedish woman over the Internet. The arrangement was that she would provide the appellant with the numbers in exchange for 10% of any money credited to his account. Of the $147,945.60 so credited, the sum of $28,900 was withdrawn in three amounts on the day on which he was arrested.








icon for link to next page   next page (resumes) 

 

 


this site
the web

Google

 

version of March 2007
© Bruce Arnold 1997-2026
caslon.com.au | caslon analytics