Identity Theft and Domestic Abuse
Introduction
Identity theft is a large and growing problem. A 2003 study found 9 million victims of credit identity theft, totaling 47 billion dollars in damage to business and 5 billion in damages to individuals. Federal Trade Commission, Identity Theft Survey Report, 7 (Sept. 2003). As early as 1998 it was detected that sophisticated organized crime was involved in identity theft. General Accounting Office, Identity Fraud: Information on Prevalence, Cost and Internet Impact is limited, 1 (May, 1998). Identity theft can be a part of intimate abuse. This page introduces some basic facts about identity theft; explains how it can be used by an abuser; and provides some resources for advocates seeking safety planning information for identity theft.
Basics of Identity Theft
EPIC has elsewhere written concerning identity theft. Generally, identity theft is the appropriation of another's personal information in order to commit fraud, or impersonate another person. There are a few basic types of identity theft, but they all share the same properties: Three parties parties are involved, and somehow one of the parties has gotten the personal information of the other.
Types of identity theft
- Pretexting. This form of identity theft involves impersonating another, such that one calls under the "pretext" being that person. Pretexting is used to gain personal information -- particular telephone records. EPIC's page on telephone number privacy [link] describes the problem of pretexting and government action to stop it. Pretexting is difficult for the victim to detect.
- Credit card fraud. Running up charges on another's credit card, or passing checks of another, is a form of identity theft. The identity thief is here appropriating the signature, account number, and other aspects of another's identity in order to gain the financial benefit of what is purchased with the goods.
- New account fraud. Identity thieves will open new accounts, such as take out credit cards, or otherwise borrow money, using the identity of the victim.
- Criminal identity theft. Criminals can impersonate another person when they are arrested. This can leave an individual with a criminal record, and possibly outstanding arrest warrants.
Identity theft involves at least three parties.
- The victim, whose identity is being used.
- The perpetrator, who is conducting the identity theft and has access to the victim's personal information; and
- The creditor, or other party, who accepts the perpetrator thinking they have the victim.
A fourth participant is the source of the personal information that is being abused.
Source of Personal information.
Identity thieves require a source of personal information in order to impersonate another. The amount of personal information will vary depending on the extent of the theft: fraudulent use of a credit card will require just the number and an address -- or the card itself. Taking out a new card will require a social security number and birthday. However, a small amount of information can be grown to include more. With some basic personal information, it is possible to search public records or even use pretexting to gain more. See for example, EPIC's page on Choicepoint and other data brokers.
Others have access to our personal information for a variety of reasons. Those who are intimate with us have access to our personal information via that intimacy. They may also have enough of a basic set of information to gather more -- ie. they can find new addresses with our old information. We share our personal information with others -- sometimes because we have to, and sometimes inadvertently. Information that we give up for one purpose may be made public or otherwise shared without our knowledge. People that have collected personal information -- intimates or strangers, individuals and corporations -- may not be keeping it safe. They may not be preventing it from falling into the wrong hands or being misused.
Victims of identity theft report a feeling powerlessness, and this reflects the fact that in our society, personal information is often beyond the control of the subject. There are some steps one can take to safeguard one's data, and there is risky behavior to avoid. Ultimately, however, others need to have our data, and do have our data, and should responsibly handle our data. Generally, in order to respect other's interests in their data, personal information should be collected according to Fair Information Practices, however, the law does not require this.
Identity Theft as Abuse
Identity theft is present in situations of domestic abuse. In a 2004 survey of identity theft victims, 15% reported that they were also victims of domestic harassment and abuse from the perpetrator. Identity Theft Resource Center, Identity Theft: The Aftermath 2004, 19, (Sept., 2005). Besides the damage done by abusers, identity theft is done by strangers and organized crime. Abuse survivors are vulnerable to those harms as well.
Identity theft is a form of economic abuse. Domestic violence is sometimes accompanied by economic abuse, such as controlling access to wealth or destruction of property. Identity theft can be lucrative to the abuser and have a long lasting and debilitating impact on the victim. The Aftermath 2004 study reported that identity theft victims spend a median of one hundred hours rectifying the damage, and lose thousands of dollars in lost wages and other expenses. Almost half (39%) reported still having to deal with their identity theft 2 years after the theft was found. Some reported dealing with the crime for over a decade.
Identity theft can also be used for surveillance. By impersonating someone entitled to have access to personal information, an abuser or someone hired by the abuser can gain more personal information on the victim. The common example is the pretexting of telephone records. (See the EPIC page on Illegal Sale of Telephone Records). Accessing information from one's credit report, or health or banking records can also reveal much personal information.
Identity theft can be a form of stalking. The Stalking Resource Center at the National Center for the Victims of Crime defines stalking as a "course of conduct directed at a specific person [when one] knows or should know that the course of conduct would cause a reasonable person to (a) fear for his or her safety or the safety of a third person; or (b) suffer other emotional distress." Surveillance, pretexting, and credit identity theft can all fit into this definition.
Pretexting can be used for more than just surveillance. A pretexter is able to gain full access to accounts, and can do more than just reach telephone records. Thus a pretexter has the ability to cancel accounts, harassing their victim with cancelled electric, gas, and credit card accounts.
The distress caused by credit identity theft is real. The Aftermath 2004 Study finds that victims report rage and anger; personal financial fears; fears for family financial safety; a sense of powerlessness and of feeling defiled. Furthermore, the safety concern is also real, as getting someone's credit report can serve as a form of long distance surveillance. Credit reports contain much personal information, including employment, addresses, a social security number and birth day. Credit inquiries on the report can give clues as to job or housing applications.
The primary harm of credit identity theft is the economic cost of correcting the damage and preventing future damage. This requires time and resources. Further harm occurs as a result of the damaged credit reports that victims have. They may be denied credit, extended credit at expensive rates, be harassed by collectors, denied housing and employment opportunities. A survivor will have a hard time finding new housing, as mortgage lenders and landlords perform credit checks. Auto insurance companies also perform credit checks, and thus a damaged credit will increase the cost of mobility for a survivor. Many employers also perform credit checks, and thus the financial independence of a survivor is threatened
These harms materialize when domestic violence survivors are most vulnerable: when they are taking steps to begin independent lives apart from their abusers. This is the point when their financial independence is necessary, when they may need to make their own employment, living and transportation arrangements. This is also a time when abusers are likely to strike out: when they see that the survivor is moving towards independence, and away from their power and control.
Safety Plans and Identity Theft: Credit Reports, Fraud Alerts and Credit Freezes
Domestic violence advocates often create a "safety plan" together with their clients. These are a concrete steps and directions that a person can take to improve their safety in an abusive relationship. Items include preparing a package in case they need to leave quickly, as well as thinking about what safe areas of the house or neighborhood one can retreat to.
Crafting safety plans to take into account identity theft will vary depending on what state a client lives in, as well as the particular situation of a client. Advocates and clients should be aware of the consequences -- positive and negative, of each. There are steps that can be taken to make one safer from some forms of identity theft.
Retrieving credit reports.
Credit reports from the three major credit bureaus are available for free, once a year, at annualcreditreport.com. They may have dissimilar information in them, in situations such as when one of the credit bureaus has made a mistake that the others have not. Finding out what is on your credit report will allow you to see if you have been the victim of identity theft, and if your employment and housing choices are being negatively affected as a result. Furthermore, getting these may be a good part of helping a client with economic empowerment issues, and may also alert the client to the types of personal information that are out there about them.
There is little downside to getting the reports. If one gets all three at once, it does mean one has to wait another year before free reports are again available. It means that one will have to pay again if they want the report within a year. For information on retrieving your credit report
Purchasing credit monitoring.
More frequent credit monitoring will allow you to notice if identity theft continues. It will also allow you to notice if accounts removed from your credit report re-appear. Identity theft victims report that fraudulent accounts reappear on their credit reports.
The downside is the charge for these services. However, charging the abuser for these services may make sense if they are responsible for credit damage. Requesting damages of a year or more of credit protection payments will help to make sure that the fraudulent accounts do not reappear.
Fraud Alerts.
Placing a fraud alert on your credit report is permitted by the Fair Credit Reporting Act. These warn creditors to double check that the applicant for credit is legitimate. There are 90 day alerts and "extended" 7-year alerts. More information on placing fraud alerts is available at the Federal Trade Commission Identity Theft website.
You can place a 90-day alert when you suspect you are or are about to become a victim of identity theft, such as when your personal information is stolen, or before you separate from an abuser. This temporary alert means that businesses must call or take reasonable steps to verify the identity of the person they reach. You are also entitled to receive a free credit report with your fraud alert, but there is a limit on how often.
You can turn this into a 7 year alert by filing an identity theft report, but only if you actually have been victimized. With a 7 year alert, businesses cannot extend credit unless they contact you in person or using a number you gave them.
Fraud alerts are not always respected, and do not always work. They also may delay your legitimate credit checks, as the furnisher of credit takes the time to verify your id entity. Furthermore, they do not prevent your credit report from being issued, so an abuser who is improperly obtaining these for surveillance will still have access to them.
Credit Security Freezes.
Credit freezes (also known as "security freezes") are available in some states. (PIRG has a list of states with credit freezes). Freezes prevent your credit report from being issued to anyone. Since most lenders will try to get a credit report before issuing new credit, this effectively stops credit from being issued in your name. It also prevents credit reports from being gained illegitimately by an abuser. Some states permit only identity theft victims to get them, some allow anyone to get them for a fee, and identity theft victims can get them for free.
Credit freezes allow the most control. Typically you can lift them temporarily, or for a specific creditor -- and sometimes there is a fee for this. This means that before new applications for credit checks -- such as employment, insurance, or housing -- you must take care to lift the freeze. This can be time consuming, and can also become expensive -- as some require a payment for each lift, and that certified mail be used.
Other Resources
EPIC Identity Theft Page.
EPIC Pretexting Page.
EPIC page on Choicepoint and Data Brokers.
EPIC guide to online privacy tools.
EPIC Gender and Privacy Page.
Identity Theft Resource Center. Provides studies on the impact of identity theft, fact sheets for victims, and victim assistance.
Privacy Rights Clearing House. Their identity theft page contains studies, publications and links to other resources on identity theft.
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.