Collection of Identity Information

Description

The act of obtaining personal information relating to another person or persons without their authorization. 

(See Terminology Case File - personal information for more information on this term.)

Illustrations

Ways of obtaining personal information can include: 

• Theft of documents (purse, wallet, credit card, etc.) 
• Hacking
• Phishing
• Pharming
• Insider access
• Search of public records
• Finding lost documents
• Dumpster diving
• Wireless intercept 
• Spyware
• Skimming
• Shoulder surfing
• Mail theft
• Mail interception or change of address
• Guessing

References

See list of attack vectors in   Liberty Alliance Whitepaper: Identity Theft Primer" 2005

See "Section 4. How Do Identity Thieves Acquire Personal Information?" in Identity Theft: Inventory of Techniques (DRAFT), Canadian Internet Privacy and Public Interest Clinic (CIPPIC), University of Ottawa, June 16, 2006

Relationships

The personal information  collected may be used immediately to commit fraud or other crimes. In other cases the information collected is used to further develop a credible false identity through actions such as counterfeiting, or impersonation in order to obtain documents or to change contact information. The personal information  can also be sold or transferred to others as part of a fraud ring.
Some activities that involve the collection of personal information  may also be classified as identity theft, if they are illegal. See the following diagram:

Associated Terms

Identity Harvesting is a term that can be used for the collection of personal information  when a method targets a group of people. This would include methods such as hacking, insider access, phishing, pharming, etc.

 

Observations

1. Some of the activities in this construct are illegal (e.g. theft, hacking) and some are legal (e.g. finding lost documents, searching public records). Identity thieves may use either legal or illegal means to collect personal information.

2. personal information is also known as identity information. See Terminology Case File - personal Information

3. Methods of collecting personal information can be classified according to whether they target individuals or many people at a time. See Liberty Alliance Whitepaper: Identity Theft Primer" 2005