Oct. 22, 2007 at 4:06 PM ET
Most serious identity thieves are strangers -- not relatives or friends -- and a surprising number of them are women, a new study has found.
For the first time, researchers have been given a peek into Secret Service case files on identity theft. A working group called the Economic Crime Institute, based at Utica College, was recently allowed to study a set of identity theft case files from U.S. Secret Service records from 2000 through 2006. The group’s findings provide a first-ever, soup-to-nuts look at the criminals and victims in major identity theft cases.
Among the results, which were released Monday:
• Only 8 percent of criminals were friends or relatives of the victims. That finding flies in the face of prior research indicating that a large portion of ID theft crimes -- perhaps as many as half -- are committed by people close to the victim.
• In another surprise, 36 percent of identity theft crimes in Secret Service cases were committed by women. That's a much more equal gender split that most other crimes.
• A high percentage of ID thefts were committed using fairly high-tech means, such as stealing databases from companies. In fact, 34 percent of the time, data used in the crime was stolen by a company employee, most often from a retail company.
• In only 9 percent of the cases studies, old-fashioned mail theft was the culprit, another finding that varies from other studies.
"Some of this does challenge conventional wisdom," said Gary Gordon, executive director of the institute." "Other studies report you (often) know who the person is that committed the crime. This study didn't find that."
The research provided new elements that will help law enforcement agencies develop a character sketch of the typical identity criminal. For example, while the research found a large number of female thieves, many of those were part of husband-and-wife or boyfriend-girlfriend teams, said researcher Don Rebovich, a professor at Utica.
"In one case, we had a couple who went from hotel room to hotel room, bringing all their equipment with them to make fake IDs and so on," Rebovich said. "When law enforcement asked them where they were going, they said, 'Disneyland.' "
The average loss for each crime was more than $30,000, much larger than the average loss in earlier studies. In one case, criminals stole $1.3 million before arrested by federal authorities.
"If I had to use one word to describe (criminals) in these cases, I would say resourceful," Rebovich said. "They look for gaps in the system."
While providing much more detail than previous identity theft studies, the data may not be a representative sample of identity theft, as it only included about 700 case files shared by the Secret Service. The group decided to omit so-called "existing account" fraud case files from its research, also called “credit-card only” identity theft.
Secret Service data 'homogeneous'
James Van Dyke, who for several years has run the nation's largest ID theft study for California-based consulting firm Javelin Strategy & Research, said the results don't necessarily contradict research he's done which shows that many ID theft victims know their imposters.
"Their data comes from a small minority of what are likely to be homogenous cases," Van Dyke said. "The cases the Secret Service get are a narrow slice of crimes, typically over $100,000 (in theft)."
Bigger-ticket crimes are likely committed by more professional thieves who are strangers, he said. But more garden-variety identity thefts are committed by roommates, family members, and friends, he said.
"If (the criminal) is a family member, there's only so much you can do before the crime is exposed," he said.
In Javelin's study, of victims who knew how the crime was committed, about half knew the criminal. In most of those cases, high-tech data theft is not a factor, as roommates can easily steal identifying information with a passing glance at monthly bills.
The distinction between his results and the Utica study’s conclusion that the Internet and other high-tech tools were used in about 50 percent of ID theft cases is important to industry groups and law enforcement. If new research finds that data theft and "stranger" ID theft are more common, there would likely be more pressure on companies to protect customer data and other personal information. But if ID theft can be blamed on personal relationships, at least some of problem could be blamed on consumers, helping companies escape some scrutiny. That in turn could also influence pending federal legislation designed to rein in identity theft.
Other surprising findings from the study: A large number of crimes were discovered and reported by unrelated parties. In one case, an ambulance worker noticed multiple forms of identity on a patient being transported to the hospital and reported it. The patient was later arrested. Other criminals were reported by co-workers.
Many consumers might not think to report a co-worker or stranger for having multiple ID cards in multiple names, but such a "neighborhood watch" mentality would help law enforcement combat the crime, Rebovich said.
The Economic Crime Institute, founded in 1988 at Utica College includes board members from both government and private industry, including Visa USA, LexisNexus, and JP Morgan Chase, as well as the U.S. Justice Department and the IRS.
The group's study of Secret Service files is ongoing, Gordon said.
The average ID theft cases takes two years to complete, so there were very few closed cases later than 2004, he said. The number of open Secret Service ID theft cases doubled from 2006-2007, however.
"We will have a lot more to research," Gordon said.