Network News

X My Profile
View More Activity

The Politics of Identity Theft today ran an in-depth story I wrote examining the politics behind the identity theft problem in one state.

It is told through the eyes of a Delaware resident who championed a measure and ultimately won passage of a law. Consumers in the First State now can "freeze" their credit reports in an effort to prevent ID thieves from establishing new, fraudulent lines of credit.

A credit freeze can be an effective, if blunt, tool to fight identity theft. It directs the three major credit reporting bureaus to block access to a consumer's credit report and credit score. While a freeze does little to stop abuse with existing accounts that have been compromised by criminals, it can limit a victim's total exposure, saving time and the expense of erasing new, fraudulent accounts.

The story also examines credit freeze laws in 33 states and the District of Columbia. The credit bureaus and the consumer data-broker industries vigorously fought the creation of these laws, which give consumers some control over access to their credit report and score.

Consumers Union offers a comprehensive list of individual state laws and instructions for filing a credit freeze in your state

By Brian Krebs  |  May 9, 2007; 11:25 AM ET
Categories:  Fraud , From the Bunker , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Patch Tuesday Plugs 19 Microsoft Security Holes
Next: New Attack Piggybacks on Microsoft's Patch Service


Hello Mr. Krebs,
I want to make you aware of CSIdentity Corporation . I'm the marketing director.

We offer comprehensive identity theft protection for consumers that goes BEYOND credit monitoring. The FTC Data Clearninghouse report clearly states that only approx. 22% of all ID theft cases will appear on a credit report so legislation around credit freezes and credit monitoring alone is not enough to protect one's identity. As you are aware and as reported by the FTC, there are numerous other means by which ID thieves strike and CSIdentity's consumer product addresses these areas with 7 layers of protection. Gartner Research in 2006 states that the "suggestion that monitoring one's credit will prevent future fraud is a gross misperception" and I believe many are led to believe that reviewing or freezing one's credit is enough. I suggest you review our product and I'd be more than happy to provide you with a promo code to try it for yourself.

The leading ID theft speaker, John Sileo, of, recommends our service as he was a victim of ID theft and when he signed up for our service, both incidents appeared - and could have saved him the $198,000 and hours of time and stress he incurred as a result.

If you'd like to discuss, I'd be more than happy to share the facts and stats with you.

Thank you kindly for your time.

Posted by: Beth | May 9, 2007 12:48 PM | Report abuse

I see that Maryland and Virginia are not on that list. Time to start bugging our legislators.

Posted by: youknowmyname | May 9, 2007 12:49 PM | Report abuse

As a note, I wanted to share our company's services for the greater good of consumers who would like true identity theft protection and the education around why it's important. My intent was not to sell but to inform and educate as there is a great misperception among consumers around what they can do to protect themselves vs how identity theft really occurs.

Posted by: Beth | May 9, 2007 12:51 PM | Report abuse

Youknowmyname -- As stated in the sidebar linked above, Maryland has already passed a freeze law, it just needs to be signed by the governor. If he doesn't sign it, the measure will automatically go into effect on Jan 1, 2008. Virginia, however, is another matter. There have been a half-dozen proposals introduced to offer credit freezes in Va., but I don't believe even one of them has received a hearing yet.

Posted by: Bk | May 9, 2007 12:53 PM | Report abuse

As soon as the credit freeze law went into effect in New York last fall, I applied to freeze my credit. What a sense of peace I felt when I sent my applications to the three credit reporting companies! Unless you are going to apply for credit in the very near future, I recommend that every consumer apply for this protection, assuming that it is available in their respective states. The freeze can be easily removed for any time period, and easily reinstated.

Posted by: Marilyn Delson | May 9, 2007 1:01 PM | Report abuse

as a victim of this crime, i was astonished at what these so called credit agencies are able to get away w/. the real fraud is the use of term 'credit agency'. i was in shock to find out that 2 out of the three agencies allowed my date of birth to be changed. how can my dob change, well they said that was the info that was fed to them so they changed it. now in my case a simple check of dob and there is no fraud but i understand that would require big $'s be spent so instead they just let us the consumer pay the price in headaches, time wasted and ultimate frustration. i contacted my congress representitives all of whom could care less about the issue. my suggestion of requriing these agencies to check dob and social sec. #'s and not allow changes to them was not well recieved.

Posted by: stolen birthday | May 9, 2007 1:22 PM | Report abuse

Maybe its just me - but shouldn't the companies that give credit be responsible for verifying who they are giving credit to. It seems that if companies were held liable for granting credit to people who are stealing someone else's identity they would do a little more due dilligence. Think about it - your credit report lists all your known addresses. Now someone using your name lists a new address - not previously on your credit report - if the company took the time to verify this was really you - we would not have a major identity theft problem. HOLD COMPANIES RESPONSIBLE FOR GRANTING CREDIT WITHOUT DUE DILLIGENCE. Identity theft would go away quickly. Just like a change to your account on the internet - go back to the original (latest known address) and verify that the change is being made by the person with the account.

Posted by: dbm | May 9, 2007 2:46 PM | Report abuse

Now can we put to bed forever one of the pervasive myths about spam -- and and ID Theft ? That is: `Somebody must be buying PRODUCT X, because a lot of people are selling it.`

Truly the spam has been bought and paid for long before any PRODUCT X is shipped. The key to understanding ID Theft is that ID has value, long before it is used in a fraud.

A solution to ID Theft must start with the data miners, advertisers and collators who assemble the ID profiles to begin with. They should have to prove that the information they assemble has a specific legitimate use, today. Otherwise, these businesses are operating as spammers -- making their ever growing list `fit` any demographic which may be required in the future.

Posted by: GTexas | May 9, 2007 5:16 PM | Report abuse

Current law allows consumers to place a 90 day FRAUD ALERT in their reports. Not only must you renew the alert every 90 days, but I found out that the alert is merely an advisory, and credit grantors, such as credit card issuers and retailers, are not bound by it. I had forgotten that I had put an ALERT on my record, when I went to a major national retailer and bought an item. The clerk let me know that if I take out a credit card right now, I will save 20 percent on the sale. I took out the credit card. A few minutes later, the main office did call me. Do I know that I have an alert on my card? I said, yes. Do you really want the credit? I said yes. Done. I had the credit. That is zero protection.

Posted by: Anonymous | May 9, 2007 8:20 PM | Report abuse

There's no such thing as "identity theft"; the phrase itself is a contradiction in terms, other than in some futuristic science fiction bizarro-world. Identity is by definition that which cannot be stolen. Every time I hear this term I think of the Star Trek episode "Turnabout Intruder", or any number of Philip K. Dick stories.

A better term is "identity fraud", or more accurately, "fraud by impersonation", which has the pleasing initialism "FBI". But even this concept is vastly overused. Much of what is now called "identity theft" is nothing more than good old fashioned fraud.

Posted by: aeschylus | May 9, 2007 11:07 PM | Report abuse

As I've said on other boards, the default status for credit agencies should be to freeze all accounts. It should be much harder to acquire credit than is the current practice. Not only would we eliminate much of identity theft, we might put a curb on the irresponsible use of credit by so many in the US. Forcing people to do a little more planning when they decide to apply for credit lines and loans could help to curb the "debt society" we now live in.

Posted by: Matt | May 10, 2007 9:09 AM | Report abuse

Identity theft has become a profit center for credit bureaus and others who want to sell monitoring, insurance, and other services. People should be VERY cautious when spending money for them. It is one thing if you are a victim, but those who have not been victims may not get much value for their money. Be particularly cautious when looking at services that only offer a credit report from one of the three national credit bureau. These services are not worth paying for.

Posted by: Observer | May 10, 2007 11:18 AM | Report abuse

I would be remiss if not to identify one of the worst of ID thefts is step children who steals the id's of their divorced parents new significant other. They steal the ID, perpetrate theft in healthcare services provided to themselves and their own children. The step-parent suffers, as the identity of the new family is dinged with medical bills they never incurred.Here come the collection agencies and they never get the actual ID of the person who suffered the most. The significant other who never got health care or incurred the bill.Who stops this ID theft??

Posted by: healthsave | May 10, 2007 1:09 PM | Report abuse

When I first became aware that I had become a victim of identity theft, I immediately phoned all of my credit card companies to notify them of the problem. A month later, as I was gradually receiving and completing packets of information to support a credit freeze with each of the big three credit reporting agencies, fraudulent thieves were still able to change my billing contact information with one of the big issuers using my password (a very rare word), then charge big ticket items and make a cash withdrawal.

I often wonder where the marketing data for online mailing lists, special offers and sweepstakes really ends ups. I am always wary of registries that request a full birth date, (instead of a birth month or year) for restaurant birthday specials or the prize of a car.

Posted by: NC Los Angeles | May 10, 2007 1:13 PM | Report abuse

Links from Brian's original blog mention "the big three", but not the additional personal information vending companies, which seem to always slide by without any protective oversight, even after a data leak, or questionable sale.

As for "Identity theft has become a profit center", it's due to low expectations and acceptance of loss, much like needing "antivirus" in computing. Instead of insisting the underlying problems be fixed, add a "solution" (paid for, by the victim, of course).

Protect yourself, as you can: With Caller-ID blocking and faked information, why believe ANY stranger on an incoming call? With forgery in e-Mail, why believe ANY claims in e-Mail from someone you aren't sure is someone you know? And the spimmers (spam over SMS or IM)... Yes, it all ties together. When in doubt, be suspicious. When not in doubt, be more suspicious. If it doesn't have an OMB disclosure, don't give SSN, even to government.

Why is nobody (in public) asking why Franklin Roosevelt's excutive order 9397 is still in effect, which broadened the SSN beyond Social Security? Is it the same (computing environment) as it was in 1941? Or why Credit Reporting agencies have any right to obtain, and store one? For that matter, anybody not involved in paying into, or out from Social Security has no real right to obtain your SSN, do they, and then only if the processing/storage involved is connected with that activity!

Identity fraud will likely never go completely away. But a lot of bad choices have made the con artist's job easier, and shifted the scope to global. Most of those could be fixed within a year, if key people would get serious.

Now, let's avoid the same problem with the DHS mandate for ids!

Many readers of this blog are familiar with scoping of data. Many lay people (and an unfortunate number of designers of databases and computer software) are not at all familiar, or familiar enough, with the concept. Every time you add a new meaning to the same data, or another place of storage, you are asking for trouble. How many places now ask you for what is now known as "personally identifiable information" that includes information that is an ocean away from legitimate use for THAT piece of information?

SSN is the easy one. Are your doctor's records about you tagged with your SSN? Hospital? Driver's license? State taxes? Does your employer use SSN/FTID for anything other than reporting income and making payments to the federal government? Do you receive checks with your SSN printed on them? Why is it there? If you apply for credit, why does your relationship with the Social Security Administration have anything to do with it? If you request an annual review of your Experian/Equifax/TransUnion reports, why should your SSN have anything to do with it?

Posted by: Thoroughly Disgusted | May 10, 2007 1:24 PM | Report abuse

Posted by: Thoroughly Disgusted | May 10, 2007 01:24 PM

Wow. I thought I was Thoroughly Disgusted, but on second thought, you keep the name.

Posted by: GTexas | May 10, 2007 2:55 PM | Report abuse

Just so we have different parents, there's no identity conflict ;)

Posted by: Thoroughly Disgusted | May 10, 2007 3:23 PM | Report abuse

Can't say a credit freeze helped me.
Last year I had my identity stolen twice. Once it was caught by me prior to charges being run up and a Visa credit card was cancelled (the clue? a password had changed "spontaneously" during an online account check). Then it happened again with an AmEx card. (The clue? a zip code for accessing the account changed, then a call from card security). I took an active role in looking at my credit reports and eliminating unnecessary gas cards, etc. I put a credit freeze on my account because so much activity was simply companies pre-qualifying me. In any case, two weeks ago.... AmEx security called me again to question certain charges made online. Nope, they were not mine! (Yes, my card was in my pocket--so the information had to come from somewhere else--and this is a card that is rarely used online or off--and to use the card required 4 digit access. I can only think that AmEx has had some kind of security breach at some point). Card cancelled, then another round of changing passwords just to be cautious. Now, I am not going to say that a credit freeze does not work, but it certainly did not work for me in whatever situation I am finding myself right now. But, it certainly reduced --but did not totally eliminate-- credit card apps and mortgage brokers in junk mail.

Posted by: Dan | May 10, 2007 3:53 PM | Report abuse

It'd be nice to see some stats on the effectiveness of these freezes. Something along the lines of a percentage drop in the number of identify theft reports in each state.

Posted by: kd | May 11, 2007 10:32 AM | Report abuse


Excellent work and thanks for bringing attention to an important issue. As long as the credit industry thrives on ensuring that the "impulse buyer" has instant access to credit and isn't forced to actually think about their purchase, they will fight credit freezes tooth and nail.

It took years of effort to get them to publish free credit reports, and people still don't know precisely how they work. We have a long struggle in front of us.

Martin Bosworth (MyPublicInfo) ( (Dr. Identity)

Posted by: Martin Bosworth | May 11, 2007 11:21 AM | Report abuse

That is an excellent start, however it would still be nice if there was a requirement that all social security numbers were verified and cross checked with the original name and date attached to it, helping to keep people from duplicate use of the same number as well.

It would also be nice if there were a computerized system (that would cost millions instead of billions) that would automatically cross reference deaths and inaccurate information connected to social security numbers, to help flag fradulant attempts at identity theft.

Such processes would significantly simplify finding attempts at fraud and would force the world economy to find different and legal ways to make money.

Posted by: Cdalealden | May 19, 2007 7:03 PM | Report abuse

Thursday the value of China's currency was of primary importance to the United States, raising the political stakes even higher on the countries' contentious exchange-rate issue ...

Posted by: tenuate | May 28, 2007 2:49 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company