Transcript
Post Magazine: Identity Crisis
Robert O'Harrow
Magazine Staff Writer
Monday, August 11, 2003; 1:00 PM
Michael Berry of Arlington knows firsthand how awful having your identity stolen can be. He learned the hard way that his name, his reputation and his credit line were easy pickings for some very scary people.
Post staff writer Robert O'Harrow, whose article "A Case of Stolen Identity" appeared in yesterday's Washington Post Magazine, will be online to field questions and comments about the article and the problem of identity theft.
He is currently writing a book on technology, surveillance and the war on terrorism, with support from the Center for Investigative Reporting.
The transcript follows.
________________________________________________
Robert O'Harrow: Thanks for joining me today to chat about a truly unsettling problem. I'm Robert O'Harrow, a Washington Post reporter. I'm on leave to work on a book about technology, surveillance and America's war on terror. With help from the Center for Investigative Reporting, I was able to examine the issue of identity theft and how it fits in. We have a lot of questions, so let's get going.
________________________________________________
Virginia: You suggest that I not carry my social security number on my person, but my social security number appears on my Virgina drivers license along with my photo and address. When I try to use other photo ID without my social security number, often, store clerks insist on the dirvers licence and my social security number. What should I do?
Robert O'Harrow: This is a very good question. Everywhere we go these days, clerks and stores and landlords want our Social Security numbers. It's their way of authenticating us, of confirming who we are. Of course, the problem is that your Social Security number is easy to find or buy. The simple - albeit incomplete - answer is to say no when you can. Be more careful about sharing your information in general. Develop better information habits (something we'll come back to in a bit.)
________________________________________________
Silver Spring, Md.: The subject of your article, the real Michael Berry, cut a very sympathetic figure as a victim of identity theft/fraud. What about those of us whose name is not Tiger Woods (a victim of identity theft) or Mr. Berry who had the political connections? Can imagine yourself getting a nationally syndicated show to correct an error without the backing of Congress and the 82nd Airborne? I know that I can't.
Also, credit issuers have to take a long look in the mirror. Your article showed the even though the scam artist couldn't get Mr. Berry's address correct, he was still able to obtain credit with little problem. You can barely get a password reset these days without knowing the last four digits of your social security number, so how is that nationally recognized credit issuers aren't asking why a person with impeccable credit can't remember his address?
Robert O'Harrow: You've touched on some core theme. Berry's not exactly as well known as Tiger, but he is a very sharp, savvy guy. If it was hard for him to cope with, just imagine how it would be for you. The "nightmare" stories from victims fill the complaint telephone lines at the Federal Trade Commission. As far as I can tell, there's no way to prevent identity theft. Security, and I use the word broadly, is just so porous. If you get tagged by the bad guys, you have to be very very diligent. It's tough, but there's no alternative.
________________________________________________
Washington, D.C.: A postal employee stole my checks and some other items from the mail a year or so ago. I spent countless hours dealing with the aftermath. My conclusion: we need real regulation of credit agencies and such that take the burden off of the victim. I was repeatedly told that it was up to me to prove that I was the victim. The stores that had bad checks written in them and such refused to accept any responsibility whatsoever. They just immediately turned the matters over to collection agencies. I battled this battle for months. So I was victimized twice - first by the thieves, then by the stores that allowed bad checks to be written without asking for ID.
Robert O'Harrow: This is another troubling example. I believe it points to the many gaps in our laws and regulations - gaps that some in Congress want to fill. You may have noticed that L.A. police didn't want to take Berry's case on. That's because he wasn't a resident. In Arlington, they passed because the "crime" appeared to take place in L.A. In fact, given how wired our world is now, there often is no "place" where the crime occurs. I'm not prepared to say how to solve this problem. Any suggestions?
________________________________________________
Washington, D.C.: I always shred receipts, etc before I throw them out. I get a lot of jokes from people who tell me I'm paranoid, so can you give me some statistics about how throwing away an in-tact receipt or bank statement or something is damaging?
Robert O'Harrow:
Let people joke. When they get nailed because of their bad information habits, you can take the lovely high road and express heartfelt sympathy at their plight. I can't stress enough how important it is to take care, be alert about your data, don't be afraid to be modest. I guarantee that once you start paying attention, you'll be amazed at how many companies try to get you to part with details about your lives. Think about it: credit card offers, product registrations, surveys. The list goes on. Many of the details you share can make it into the hands of the bad guys. Dont' pass on all the benefits of our information society. That would be foolish. Just take care.
________________________________________________
Harrisburg, Pa.: You mention there is disagreement on what should be done legislatively to address this issue. On the state level, the penalty can be increased, and perhaps this will deter some people, although that obviously will not deter all. Do you have any recommendations on what could be done legislatively?
Robert O'Harrow:
There's a struggle underway now in Congress over certain provisions of the Fair Credit Reporting Act. Some lawmakers want to give states the right to enact more restrictions that trump the FCRA. The credit bureaus and information industry companies argue that a patchwork of restrictions would dramatically increase the cost and complexity of the credit reporting business. In other words, we have a classic case of competing values. Why don't you all tune in and voice your thoughts about whatever side you come down on. I will say this: Whatever happens, we must do a better job of verifying that someone is who they claim to be. That includes retailes, credit issuers and information sellers. Otherwise, the problem will continue to worsen
________________________________________________
Washington, D.C.: I was a victim of identity theft twice in 11 years, the first time being more complicated and taking longer to correct. As with Mr. Berry, my "other me" was a different race and build. We had photos of him from bank security cameras. What was especially disheartening was to have the authorities so uninterested in taking action. In my case this was so even though an investigator who worked for a bank that had made a $10,000 loan OVER THE TELEPHONE to the "other me" identified the guy (he had been recently released from prison), tracked him down, and called DC police for assistance when he actually watched the guy making a call at a pay phone in Georgetown. No response. If the authorities won't act, do you think there is any choice but to come down hard on the companies that facilitate theft on such a grand scale?
Robert O'Harrow: Here's the scoop on law enforcement: Some of the smartest counter-terrorism folks get it. Dennis Lormel at the FBI, for one, said identity theft is poorly understood by police around the country. That might change, though, because people like Lormel realize the weaknesses in security - the push for ease and convenience - make our financial system vulnerable to terrorists. As for "coming down hard on the companies that facilitate theft on such a grand scale," that's a tall order. Can someone suggest who ought to be held responsible?
________________________________________________
Richmond, Va.: The Virginia driver's license problem will go away when you replace your driver's license. As of July 1, the Virginia DMV stopped issuing driver's licenses with your SSN and started using a DMV-assigned number. You may want to replace your driver's license early to take advantage of this. (And it used to be that you could ask for a DMV-created number.)
Another, less elegant, solution is to lie to the store clerks. If they ask for the number, rather than ask to see my license, I'll reverse the last two digits of my SSN. I figured that if they ever asked about it, I'd say I misremembered it when I spouted the numbers off or they reversed the numbers when they keyed it into their system. And no one has ever asked.
Robert O'Harrow:
Good reminder about the driver license. Virginia's initiative is the right way to go. Bravo. As for lying, we would never suggest that. But why not just say no. Start with those clerks who ask for your telephone number. Ever wonder why they want it? (Companies often rely on your compliance to append a long file about you,using the number as an identifier.)
________________________________________________
Falls Church, Va.: Closest I've come to ID theft was when someone (at a hospital) used my credit card number to purchase something so I guess I've been lucky. My question: What (if any) Federal laws are there regarding identity theft? Seems like if there were adequate Federal laws, that would be an avenue for Mr. Berry and others in his situation, when local law enforcement can't or won't do anything. Given how often this sort of thing crosses state boundaries, that seems the obvious answer.
Robert O'Harrow:
There are a variety of laws that reflect the growing awareness of identity theft. One several years ago made it a federal violation. The problem is buy-in, or lack of it, from very busy local and state law enforcement officials, who have to enforce the law, oftentimes with too few resources. One specialists pointed out that police often don't get a good "bank for the buck" from identity theft cases in terms of media coverage, etc. Identity theft is still widely consider a relatively gentle white collar crime.
________________________________________________
Clarksburg, Md.: Is a person whose last name is Smith or Jones more susceptible than a person whose last name is Wamplefennermeister?
Robert O'Harrow:
What a lovely thought, that interesting names might be a source of refuge. I have no idea if that's the case. (Can you imagine if Wamplefennermeister were as common as Smith? We could all say it ten times without tripping up.)
________________________________________________
Friendship Heights: Last year, a friend of mine had found several mysterious charges on his bank statement. As it turned out, someone had stolen his numbers (including his cell phone, credit card, and address) and was ordering merchandise both in person and online that weas being shipped to an out-of-state address. The issue took a couple of months to settle. Here's my question: the police told my friend that he had no complaint against the person who had stolen his bank card number, only the bank did. In this case the bank simply refunded the cash once it was proven that the charges were questionable. Isn't this sort of thing the first step in identity theft? Why is there no way to pursue this issue further with the police?
Robert O'Harrow: Another very common scenerio that must be intensely frustrating for victims. Police are supposed to take cases more frequently as a result of changes in federal law. But, again, we're talking about the necessity of big changes in law enforcement culture, the need for more resources devoted to the problem, better security from the industry. That also means individuals may have to give up some of the speed with which they get new credit. I know that many of us want to "have it all" - and that's the promise we get from some companies. Reality: Ain't possible.
________________________________________________
Falls Church, Va.: I liked your story, and it scared the you-know-what out of me. You made your point well: if this could happen to Michael Berry, then this could happen to anyone.
So what is the solution?
It sounds like the banks don't want anything to be done because they are getting rich by making credit so easy to get.
Should we all be calling our Congressmen and Senators and demanding action??
Robert O'Harrow:
By all means, call your legislators. There is no easy answer, as far as I can tell. Are you willing to give up some of the many benefits our Information Age has to offer. Instant credit, for example, or easy access to personal records? On the other hand, some folks have been downplaying identity theft as a Chimera, when in fact it has become "a national crisis," to use the word of former FTC official David Medine.
________________________________________________
Washington, D.C.: Thank you for an informative article. My mother is clearing her workroom of old checking statements, credit card statements, etc. On Saturday, I persuaded her to borrow my shredder to more safely dispose of these items. Your article was quite timely!
Robert O'Harrow: Well done. Seems entirely responsible.
________________________________________________
Baltimore: Do the credit card companies who send unsolicited offers--easy prey for a mailbox rummager--bear any legal culpability when their offers are intercepted and cards fraudulently obtained?
Robert O'Harrow:
I think so. In fact, I think we're going to see a lot more attention focused on credit card companies and their extraordinary push to attract customers. Consider: They send out some 5 billion offers, a large proportion of them "preapproved." This even though a relatively small fraction of people accept the offers. They also happen to be among the largest buyers of credit reports, which happen to be a gold mine for idenity thieves. I imagine the nuanced question that a lawmaker must ask is: How do you hold credit issuers responsible without undermining the beneifts of credit?
________________________________________________
Van Ness, D.C.: Isn't there a way of registering with the credit bureaus that you don't want pre-approved cards etc? (It's some kind of 'flag' on the credit report)
Robert O'Harrow: Yes. Go the online version of the article at www.washingtonpost.com and look for a brief box called "how to protect yourself." You may also consider visiting www.cdiaonline.org, an industry group that has information about how to opt out, if that's what you want to do. You can also call the main three credit bureaus on toll free lines.
________________________________________________
Baton Rouge, La.: 1. A national photo ID would probably be politically impossible, but if the system were designed the right way, would it help? Or would it make things worse?
2. Shouldn't there be some way to make the system more responsive to victims of identity theft? What might it include?
Robert O'Harrow:
This is a very important questions that's going to be with us for years to come.
In theory, an national ID with some sort of biometric identifier (meaning a fingerprint, iris scan and such) would probably work well to sort us all from one another.
It seems to me that for now, that kind of ID system would be untenable. People wouldn't embrace it because of old fears and American traditions. They probably shouldn't embrace it, at least for the time being, because I have yet to see a data system created for one purpose that hasn't in short order been used for another. In other words, I'd worry that a national ID would turn into an all purpose, national-security-marketing-track-our-behavior-card. Is that what we want?
________________________________________________
Robert O'Harrow:
By the way, folks, you would be amazed at the number of questions coming in. Many of them include personal horror stories. I'm going to get to as many of them as I can.
________________________________________________
Mt. Rainier, Md.: On those unwanted credit card offers (and any other unwanted bulk mail) - make them pay for it. Use their return mail envelope, shred the forms they sent you, put the shreds in the envelope and mail it back to them. They have to pay first-class rates to get their own litter back.
Robert O'Harrow:
Interesting thought. Other ideas?
Who do you think is responsible for the surge in identity theft? Can anyone be blamed? Or is it something in the water?
________________________________________________
Vienna, Va.: Why are people's credit reports and histories sold and traded by compaines like Equifax without prior permission from those involved? Example: I get hundereds of credit offers and solicitations by mail and phone every year, but I have never asked these credit companies for an offer. Yet constantly I hear I have been "pre-approved". By whom? Without my permission. No one should have the authority to look at credit accounts without that person's specific permission (except, of course, for security reasons or law enforcement itself).
Robert O'Harrow:
Federal law gives these companies wide latitude to make such offers. The Fair Credit Reporting Act does have a number of restrictions. It's one of the most important consumer laws in the nation. But it also has many provisions that are industry friendly. As for being pre-approved, credit issuers have a right to examine your credit report, as long as they follow through with a firm offer. You may not even be the main target of a marketing campaign. But under certain circumstances, they must send you an offer after they have obtained information about you.
________________________________________________
Downtown, D.C.: Will the terrorist connection to identity fraud make lawmakers finally sit up and notice and maybe do something?
Robert O'Harrow:
Hard to say for sure. I've spoken with both academic and law enforcement specialists who worry deeply about our identity vulnerabilities. The bad guys are taking advantage of the remarkable ease of our credit systems - and that frequent lack of enthusiasm to properly verify that someone is who they claim to be. I hope lawmakers get it.
I suspect that in time we'll see my stories was, if anything, conservative about the problem.
________________________________________________
Arlington, Va.: My compliments on a well written article about a growing problem. After reading it, I immediately checked my credit reports from all three major credit reporting companies. Luckily, they were all clean (i.e., devoid of any signs of fraud).
My question is this - is it advisable to put an alert on your credit report even though you suspect no fraud in order to make sure no one tries to access your credit report without your direct knowledge? Seems to me a pretty good idea for you to be alerted each and every time someone tries to access your credit history.
Thanks in advance for raising my awareness on this growing problem.
Robert O'Harrow:
Thank you very much. Glad to hear your reports are clean. As for putting an alert on your report, it might not be a bad idea, even if it slows up your legitimate efforts to get credit down the road (as they check you out.)
________________________________________________
somewhere: Do you have (at your home) a paper shredder?
Isn't it a sad commentary on the state of affairs when a device that used to be for spies and such is now available in numerous models at WalMart?
Robert O'Harrow:
I shouldn't say this publicly, but I don't have a paper shredder. That's partly because I get relatively little junk mail and very few credit card offers. Why? I don't want them. I don't go searching for special credit deals and discounts at every turn. I never fill out registration forms or surveys. And I only have one credit card, and I use it modestly. I don't have much to shred. (Though I should add that my wife, on her own initiative, tears out identifying information before throwing out any paper.)
________________________________________________
Brookeville, Md.: What are some simple things one can do to protect themselves from falling victim to identity theft.
Robert O'Harrow:
There's some very good and practical material at a California group called the Privacy Rights Clearinghouse, www.privacyrights.org, and at the Federal Trade Commission, at www.consumer.gov/idtheft.
________________________________________________
Petersburg, N.D.: I am still trying to straighten out my identity and credit report - this has been going on for more than a year. Two major frustrations: 1. the lack of courtesy and help from the major credit reporting agencies and 2. the lack of cooperation with personal and information between law enforcement (it appears the ring of theft is out of state). Please comment.
Robert O'Harrow:
Both familiar themes. The credit bureaus have been criticized repeatedly for failing to follow through on promises to be friendly and efficient. Berry would tell you he had good experiences with two of them and an awful experience with one, which continues to consider him a deadbeat.
________________________________________________
San Diego, CA: My wife and I have both been victims of identity theft in the past. The most frustrating thing is the attitude that we weren't the real victims: the police officer taking my wife's statment said "the bank's the real victim here". In my case, there was a pending delivery of computer equipment to the miscreants, and some simple police work could have caught them, but it was clear that there was zero chance of that happening.
I would like to see several things happen: legal recognition that credit worthiness is a valuable asset, more liability for financial institutions, and a much more reliable infrastructure for identification and financial privacy. Is there any chance of the legislative process catching up to the times, or will something like massive class action against the financial institutions be required.
Robert O'Harrow:
Another story; good suggestion.
Identity theft may be complex, but there are reasons for it, reasons attributable at least in part to lax industry practices. All too often, it seems, the billions of dollars in losses to identity theft are written off as a cost of doing business. Individuals are left to fend for themselves, their reputations and their finances. Don't get me started again about the implications for terrorism and the financing of other kinds of criminal activity...
________________________________________________
Toronto Ontario, Canada: Hi there,
Interesting topic, seems to be more than just a US problem.
I too had my identity stolen, and it took me 5 months, of all day everyday to correct the mess.
Finally, I received two different pieces of mail, offering me $5000.00 from some agency in an area outside of Toronto. Wondered how they had received my name and address, minus my suite number. Telephoned them, and behold I was given my Social Insurance Number, by the person who had been sending these incredible offers. The SIN belonged to the actual thief, and viola we caught them, after 2 years, of help themselves to my credit, then not paying the bills. OF course identity theft is not scary until the thieves stop paying whatever cards they have opened in your name, then try telling any of the credit reporting agencies that the cards are not yours.
In Canada, we have 2 reporting agencies. Fortunately, I met the 2 agency's Fraud Supervisors...who monitored my credit history everyday for 3 months. We got it cleaned up, and the RCMP made an arrest.
You can do it, clean up if you know how, and stick with it. Do not spend time reinventing the wheel, just use what you have at your fingertips, and keep at it, until people are so sick of you, they cave in and start to help. If need be, go over their heads. Terrify the lazy, do whatever you have to do, to clear your name.
J
Robert O'Harrow:
Consider this from our friends up north.
________________________________________________
Chantilly VA: Robert: why did the police in California have no interest in the house where all of this mail was going?
Why did Berry finally have to drive there himself?
Robert O'Harrow:
As he described it to me, Berry drove there himself out of frustration. He was hoping to turn up something that might help spur more interest in his case. As a California native, he couldn't resist doing a little legwork while in the state...
As for the lack of interest by police, they are interested, but I got the sense they're overwhelmed by calls for help. They consider the victim to be a financial institution or retailer, since they end up writing off the losses.
________________________________________________
West Los Angeles, CA: I saw the story on NBC news and then read your article. It saddened me that LAPD completely ignored Berry and that he then did his own "stake out," catching the fellows passing the big stack of mail.
LAPD wouldn't help him; Arlington wouldn't help him. No one would help him.
This story amazes me. No one seems to help victims. I predict a huge public outcry in the coming years.
Robert O'Harrow:
Agreed.
________________________________________________
Lynnfield, MA: The topic of biometric security measures came up in an earlier reply. These proposed systems use some biologically unique feature of a person (fingerprint, retinal scan, etc) to prove the identity of an individual. This thought scares the ever-living --$- out of me. What happens when the criminals develop the ability to create false ID credentials with 'your' fingerprint, retinal scan, etc? The victims of these cases will undoubtedly rot away in prison because of this.
Robert O'Harrow:
Here's a rather dramatic take on biometrics as a solution. Other thoughts?
________________________________________________
Silver Spring, Md.: That was a valuable article. Here's an effective way I have learned to protect myself in case of identity theft. I put a fraud alert for 7 years on my credit report at the three main credit reporting companies. One must specify that the alert is for 7 years and make the request in writing. This means that any company must phone you at the phone number on the credit report and get your permission before opening an account. This can only be changed in writing. You can also have the credit reporting company remove you from the pre-screened mailing list. This is the list that insurance and credit card companies get your address from to send you unsolicited offers.
Keep up the good work.
Stephan
Robert O'Harrow:
Another good suggestion. Thank Stephan.
________________________________________________
Calif. DMV Investigations: Did Michael BERRY notify the Ca. DMV of the problem. We will investigate and prosecute the offender.
Robert O'Harrow:
He did. Berry told me he tried without luck to have a flag of some sort put on his driver license. DMV people told him it wasn't possible. Can you contact me via the Post at 202-334-6000?
________________________________________________
Washington, DC: To answer a few of the questions posed today:
To opt out of pre-screened offers derived from the credit bureau marketing lists call 1-888-5-OPTOUT. You will be asked to give your Social Security for verification purposes. Do not worry, the credit bureaus already have it.
If you're having problems getting a police report, start by checking whether it's a crime under your state law. If it's not, ask to file a Miscellaneous Incidents report. You can also try your county or state police department. Check consumer.gov/idtheft for a list of state laws.
The FTC wants to hear your complaints about identity theft. We provide law enforcement nationwide with access to the complaints for use in their investigations. We also use the database to spot trends and problems which we use in our initiatives to assist victims. You can file a complaint quickly and easily at consumer.gov/idtheft
Robert O'Harrow:
Sounds like the FTC is all over this one. Many thanks for the input. Do contact them.
________________________________________________
DC: I blame the credit reporting agencies and issuers of credit for this problem. Sure, the actual criminals caused it. But credit reporting agencies and issuers of credit have let the public down by creating the potential for this mess then actively fighting any legislation designed to actually help the consumer. They should be ashamed of themselves, and held liable when possible.
Robert O'Harrow:
This is an interesting take. Others?
________________________________________________
Harrisburg, Pa.: Please let victims know about the ID theft resource center. They do great work helping victims.
http://www.idtheftcenter.org
Robert O'Harrow:
This testimonial from Harrisburg, Pa.
________________________________________________
Robert O'Harrow:
It's time for me to exit stage left. Many thanks for the flood of very smart and sometimes passionate questions and remarks. This is clearly an issue that's going to be with us for awhile. Pay attention. Develop good information habits. Don't be afraid to say "no" when it comes to sharing your details with clerks, retailers, credit issuers and the like unless you are perfectly comfortable with the deal.