Identity Theft - Terminology Cas

Identity Theft - Terminology Case File

Contents of this page

Definitions

General usage
Specialized usage
Legal definitions

Ways of Committing Identity Theft

Relationships

Observations

Definitions

General usage

Three different types of general usage definitions can be found

1. identity theft
The unauthorized collection and use of another person’s personal information to commit fraud or other crimes that involve the use of a false identity.

Examples:

2. identity theft
The unauthorized use of another person’s personal information to commit fraud or other crimes that involve the use of a false identity

Examples:

3. identity theft
The unauthorized collection of another person’s personal information for the purpose of committing fraud or other crimes that involve the use of a false identity.

Examples:

Canada Post
PhoneBusters (operated by the Ontario Provincial Police and the Royal Canadian Mounted Police)
Consumer Association of Canada of Manitoba

Specialized usage

For research and management purposes we recommend the following definition:

identity theft
The unauthorized collection, possession, transfer, replication or other manipulation of another person’s personal information for the purpose of committing fraud or other crimes that involve the use of a false identity

This definition separates acts involving the collection of personal information and the development of a credible false identity (identity theft) from the act of committing a fraud (identity fraud) or other crime. See Discussion: Usage of the terms identity theft and identity fraud for further discussion and references for this recommendation.

We recommend this separation because we already have adequate descriptors for the different crimes that may be committed with a false identity (e.g. fraud, personation). Current legislative, law enforcement and management concerns about identity theft lie primarily in the ways that information is collected and developed into a credible false identity.

The separation of identity theft and identity fraud also facilitates discussions of how to combat these different aspects of the problem. To combat identity theft we are concerned with increased public awareness and corporate and government compliance with best practices affecting the privacy and security of information. To combat identity fraud we are concerned with more rigorous authentication standards and procedures.

Notes:

Identity theft does not include creation of a fictitious (synthetic) identity.
Identity theft does not include the manipulation of one’s own identity, unless such manipulation involves the co-mingling of pieces of a stolen identity with pieces of one’s own identity.
The collection, possession, transfer, replication or other manipulation of personal information also includes the collection, possession, transfer, replication or other manipulation of identification documents containing such information.

Usage examples:

To protect themselves from identity theft, consumers should limit the amount of personal information they provide to companies.
Identity theft is often carried out by corrupt employees who have access to personal information related to their employer's customers or employees.
Law enforcement agencies are telling the government that they need new laws in order to address identity theft.
The objective of our project is to measure the extent of identity theft and identity fraud in Canada.

Legal definitions

Legal Definitions of Identity Theft

Contents:

Ways of Committing Identity Theft

Specific activities that may fall under the umbrella of identity theft include:

Hacking
Phishing and Pharming
Corrupt employee involved in transactions or with access to corporate database
Skimming
Theft of wallet/purse
Theft of data storage device
Posing as a landlord or employer to get a victim's credit report
Spyware
Wireless intercept
Shoulder Surfing
Dumpster Diving
Phone and email scams
Document breeding
Trafficking in personal information
Mail interception
Mail theft
Forgery
Counterfeiting identity documents

Additional References for Ways to Commit Identity Theft

CIPPIC (2006). Identity Theft: Inventory of Techniques (DRAFT), Canadian Internet Privacy and Public Interest Centre, University of Ottawa
Liberty Alliance (2005). Liberty Alliance Whitepaper: Identity Theft

Relationships

As recommended for specialist usage, the term identity theft encompasses many illegal activities in both the collection of personal information and identity development, as described in our conceptual model. The following diagram shows how identity theft is accommodated in this model:

Observations

1. Identity theft can occur without identity fraud. An example would be the case where a fraud ring has stolen hundreds of instances of identity information from a company, but only a small proportion of the stolen identities are subsequently used to commit frauds. Identity fraud can also occur without identity theft. Examples would be when the person whose identity is being used is colluding with the fraudster, or where the identity fraud involves the use of a fictitious identity.

2. The above definitions are meant to be used in the context of personal identity theft and not corporate identity theft. Additional information on corporate identity theft can be found in the following sources:

Bunton, C. (2005) Corporate ID theft - is your company vulnerable? Strategic Direction 21(2):3-4
Collins, J.M. (2003) Business Identity Theft: The Latest Twist. Journal of Forensic Accounting IV: 303-306
Smiley, N. (2004) Corporate Fraud: Identity Theft with a Difference. Law Pro June:8-10
Sullivan, B. (2004) Fake companies, real money. MSNBC

3. Although it is unlikely that the term "identity theft" will easily fade from public parlance, the U.K. Cabinet Office July 2002 document, "Identity Fraud: A Study" contributes three components to a human identity, which are being further clarified. The reasons for the distinctions become more clear in discussions about authentication, validation and verification of identification documents and in understanding the true value criminals place in amassing legal attributions under the care and control of the governments and corporations housing extensive databases of personal information.

Biometric Identifiers:
- DNA, fingerprints, iris scan, voice print, facial structure, hand geometry
Legal Attribution Identifiers:
- Personal identifiers including name, date of birth, sex, parents names etc. recorded in government registration systems that: a) document those entitled to citizenship by right of birth; those granted permanent residency, and b) those granted temporary residency status through law or privilege; and c) those permitted to stay through claim of political refugee status
Biographical Information:
- the recording of life events as humans interact with society - education record, employment history, driver's history etc.

Source: John Lyons, AlterNation

4. In open sources, "Identity theft" first appears circa 1995 around the same time of mounting consumer pressure exerted on the U.S. Federal Trade Commission (FTC) to address a variety of consumer based financial crimes. The types of crimes of primary concern to the FTC are captured by their 2003 Identity Theft Survey Report, in three broad categories:

New Accounts and Other Fraud
Misuse of Existing Non-Credit Card Account or Account Number; and
Misuse of Existing Credit Card or Credit Card Number

The use of the term "identity theft" has rapidly morphed in some circles to absorb a wide variety of other identification-based crimes of historic interest to law and regulatory enforcement. Identities have always played a role in a variety of crimes. Depending upon the type of crime, it may involve a completely fictitious identity or the cloning of a person's legal attribution. The crimes range from dead beat dads avoiding their financial obligations, to personation to evade the police, stock market manipulation, drug trafficking, money laundering, trafficking in human beings and the concealment of terrorists in sleeper cells.