Topic:
FRAUD; LEGISLATION; STATISTICAL INFORMATION; PRIVACY LAW; RETAIL TRADE;
Location:
PRIVACY;

OLR Research Report


December 13, 2005

 

2005-R-0906

IDENTITY THEFT

By: Daniel Duffy, Principal Analyst

You asked for background information on how and where identity theft occurs and if other states have adopted legislation specifically intended to reduce identity theft occurring in retail establishments.

SUMMARY

Identity theft is (1) stealing information that identifies an individual and (2) fraudulently using the information without permission to obtain something of value.

The Federal Trade Commission (FTC) operates the federal clearinghouse for identity theft reports. It received over 245,000 reports of identity theft in 2004. The number of reports has increased each year since it began collecting data. It reports that in 2004 the most common use of stolen identifying information was to commit credit card fraud. The FTC does not report data on the location of identity thefts. In 2004, Connecticut ranked 27th in the number of identity theft victims per capita with 57.1 victims per 100,000 people.

The Better Business Bureau's (BBB) website displays a summary of a survey that shows that most identity theft takes place offline. In other words, it does not take place on the Internet. Further, it reports that the most frequent type of reported theft involved a stolen wallet or checkbook. The survey did not report where the thefts took place.

The National Conference of State Legislatures website shows that 25 states have enacted “anti-skimming” laws. These prohibit using an electronic device to read the information on a payment card's magnetic strip and placing the information on another card.

IDENTITY THEFT

The term “identity theft” generally describes frauds committed by using information that identifies an individual without the individual's permission. Connecticut's criminal statutes define it as intentionally obtaining, or attempting to obtain, another's personal identifying information without permission and using it to obtain money, credit, goods, services, property, or medical information without consent (CGS § 53a-129a).

PREVALENCE OF IDENTITY THEFT

The FTC is the federal government's central repository for identity theft complaints. It (1) collects complaints and provides victim assistance; (2) maintains the Identity Theft Data Clearinghouse, which is a centralized database of victim complaints; and (3) educates consumers, law enforcement agencies, and private industry on identity theft prevention. The FTC reports that it received 246,570 consumer identity theft complaints in calendar year 2004. This is over 30,000 more complaints than received in 2003. The FTC does not report data describing how or where the identity thefts occur.

The FTC reports that the most common use of a victim's stolen information was to commit credit card fraud (28%), followed by telephone or utilities fraud (19%), and bank fraud (18%). Other types of fraud include employment-related fraud (13%) and loan fraud (5%).

In 2004, Connecticut ranked 27th in the number of identity theft victims per capita with 57.1 victims per 100,000 people. Table 1 displays the type of theft reported by Connecticut victims.

Table 1: 2004 Connecticut Identity Theft Victims

Identity Theft Type

Victims

Percentage

Credit Card Fraud

689

34

Phone or Utilities Fraud

418

21

Bank Fraud

276

14

Employment-Related Fraud

164

8

Government Documents or Benefit Fraud

132

7

Load Fraud

98

5

Other

440

22

Attempted Identity Theft

140

7

BETTER BUSINESS BUREAU STUDY

In January 2005 the Better Business Bureau released a summary of a survey that states that identity theft crimes are more likely to take place somewhere other than on the Internet. The most frequently reported source of information (approximately 30%) used to commit fraud was a lost or stolen wallet or checkbook. Other sources of fraud included: someone known to the victim, corrupt employees, offline transactions, and stolen mail or a fraudulent change of address. Among cases where the perpetrator's identity was known, over half were committed by someone known to the victim. The survey was conducted by Javelin Strategy and Research. According to the BBB website (BBB.org), the research project was supported by CheckFree, Visa, and Wells Fargo & Company. Other than stating that most thefts did not occur on the Internet, the BBB website does not indicate where they occurred.

LEGISLATION INTENDED TO REDUCE IDENTITY THEFT IN RETAIL ESTABLISHMENTS

Some states have adopting “anti-skimming” laws. The following table, appearing in the National Conference of State Legislatures website (NCSL.org), displays the states that have adopted these laws.

Table 2: States with Anti-Skimming Laws and Year Adopted

2001

2002

2003

2004

2005

Florida

Arizona

Iowa

Delaware

Arkansas

 

California

Nevada

Kentucky

Louisiana

 

Idaho

New Hampshire

Michigan

Maine

 

Illinois

Oregon

West Virginia

Mississippi

 

Missouri

South Dakota

 

New Jersey

 

 

Texas

 

Virginia

 

 

Utah

 

Wyoming

 

 

Washington

 

 

Maine's law, adopted in 2005, makes it a crime for someone to knowingly and willfully use a scanning device or reencoder to capture encoded information from a magnetic strip on a credit card, debit card, or other payment card and to place the information on another card with the intent to defraud. It defines “reencoder” as an electronic device that places encoded information from the magnetic strip on the back of a payment card onto another card and “scanning device” as a scanner, reader, or any other electronic device that accesses, reads, scans, obtains, or memorizes, or stores, either temporarily or permanently, information encoded on the magnetic strip of a payment card (17-A M.R.S.A. §§ 721 to 723).

DD:ro