Identity crime is a general term used for identity theft, creating a false identity, committing identity fraud, and other situations in which personal details are misappropriated for financial or other gain, and/or to cause loss to the victim.
What is personal identity theft?
Personal identity theft is the theft of the personal information of another person (alive or dead), without their knowledge or consent. This is done through accessing and harvesting digital data, stealing personal documents such as bank statements or passports, using social media sites, using phishing emails, and so on. Identity theft is almost always done for the purposes of criminality such as identity fraud. The criminals recognise that identity is highly valuable, and will use what means they can to steal someone’s identity for gain.
What is identity fraud?
Identity fraud occurs when a false or stolen identity is used to obtain goods or services, or to access funds by deception. Identity fraud may also occur where someone claims to be a victim of identity fraud to avoid a financial obligation or other liability. The stealing of an individual’s identity does not, on its own, constitute identity fraud, it is merely identity theft.
A criminal using someone else’s personal information fraudulently could, for instance:
- apply for a new credit card in the victim’s name;
- open a bank account in the victim’s name;
- apply for other financial services in the victim’s name;
- make purchases or obtain a loan in the victim’s name;
- apply for benefits in the victim’s name;
- apply for a driving license or passport in the victim’s name;
- register a vehicle in the victim’s name;
- apply for a mobile phone contract in the victim’s name.
How will a person know if they are a victim?
Typical indications of identity fraud include:
- unusual payments appearing on bank statements;
- important mail like bank statements not arriving when expected;
- bills arriving for services that have not been ordered;
- credit cards appearing on credit records;
- a benefit claim refused because it has already been claimed in the victim’s name;
- entries by organisations on the victim’s personal credit file that they have had no dealings with;
- a refusal of financial credit despite a good credit history;
- letters from solicitors or debt collectors for owed sums that you do not recognise.
What should I do if I am a victim of identity fraud?
Any identity theft involving plastic credit or debit cards, cheques, Paypal, online banking, or any other form of digital means of payment, must be reported directly to the financial institution concerned (eg. your bank). They will be responsible for investigating it further, and reporting any criminal activity to the police.
You should immediately change the passwords on your computer and frequently used web sites, ensuring they will be difficult for potential criminals to access.
If you receive bills or statements that do not belong to you but are addressed to you, or if your bank statement contains unfamiliar transactions, contact all the organisations concerned as soon as possible.
You should request a copy of their credit file from a credit reference agency (Equifax, Experian or Callcredit). This will indicate the extent of the identity thief’s activity. The credit file will show bank accounts opened in the victim’s name and any recent applications made for credit using the victim’s details. If there are any accounts or applications that are unfamiliar, the organisation should be contacted immediately to remove the data from the credit file. Some credit reference agencies offer a service to victims and will contact the organisations for you. The agency’s staff are experienced at tackling identity theft and will advise on further steps to take.
A record of all correspondence and conversations should be kept when attempting to recover your identity. Keep a note of who you spoke to and when, and send letters by recorded delivery.
The Royal Mail should be notified if mail theft is suspected, or mail goes missing and it is suspected that a fraudulent mail redirection has been set up on your address. The Royal Mail has an investigations unit specifically designed to help.
Other organisations which can give support and advice include: CIFAS, APACS, the British Bankers Association and The Financial Service Association.
What about business identity fraud?
Corporate identity theft is a criminal matter and should be reported to the police as soon as possible. Notify all your suppliers, vendors, and Companies House, who will also give you advice.
You should also tell your customers and clients if their details have been compromised.
Request the company’s credit report and Companies House record and check that they match.
Keep a record of all conversations and correspondence relating to the corporate identity fraud and attempts to correct the situation.
What protection is there under the Data Protection Act 1998?
Personal details are protected under the Data Protection Act 1998 which covers personal data held by an organisation. The Act requires that:
- personal data must be processed fairly and lawfully;
- personal data must be obtained for a clearly specified and lawful purpose, and must not be processed in a way that is incompatible with that specified purpose;
- only adequate personal data shall be acquired for the specified purpose;
- personal data must be kept up to date and accurate;
- personal data shall not be kept for longer than is necessary for that specified purpose;
- technical measures must be taken to protect personal data against unauthorised and unlawful use, and against accidental loss or destruction thereof;
- personal data shall not be transferred to a country or territory outside the European Economic Area unless there exists an adequate level of protection of that data.
The Data Protection Act also gives rights for people who have their data stored by organisations, including the right to:
- view any of their data held by the organisation (this can incur an ‘access fee’);
- request data that is incorrect be corrected;
- require that any of their personal data not be used for direct marketing.