Stealing your identity is easy. Here’s how.

” I’d heard and read so many stories about identity theft…so I decided to conduct my own experiments. I must stress that I have no previous investigative training or exposure to methods in which to obtain such information. What I do have is a laptop, internet access, a mobile phone and a credit card.”

“For security purposes, please confirm your date of birth and the first line of your address…” Sound familiar? It will if you, like many today, conduct your affairs over the phone.

Data protection protocols such as these were introduced to comply with the infamous Data Protection Act of 1998. You know the one that rubs most of us up the wrong way? Generally, because we’re busy and don’t have the time to be on the phone, waiting for a monotonous recording to call out numbers like telephone bingo, then demand we select one so that it may proceed to patronise us by apologising for the wait, explaining that its due to the unusually high number of calls and promising that a representative will be with us shortly. Then, many minutes later, during which we can feel ourselves growing old, a representative, often sounding bored and with a northern accent, finally takes our call and allows us to burden them with the nature of our enquiry.

So how many times have you been told  by the person taking your call that they are unable to help? “…because of the data protection act, we’re only able to discuss the account with the account holder.” Now, I don’t know which grates me the most; the fact that I pointlessly ran the gauntlet of numbers or the fact that call centre operators tend to cite the Data Protection Act as if it were a mystical incantation that will make me go away so that they can get back to the chin wag that was taking place before I rudely interrupted. These people are actually giving ‘the act’ a bad name in so far as instead of it being synonymous with data security and the protection of privacy, it’s now generally associated with unhelpful automatons. Guidelines state that operators should explain why they don’t feel comfortable sharing information (they’re unable to verify the identity of the caller, the information is of a sensitive nature and can only be discussed with the account holder, etcetera). Yet it’s  only natural that those with legitimate intentions, such as families enquiring on behalf of an elderly relative or wife calling about a telephone bill that happens to be in her husband’s name.

So, do you feel that the act protects or hinders you?

If you feel it’s a hindrance, it could well be due to the hypocritical way in which government bodies are handling this business. On the one hand there is ‘the act’ (albeit with a bad name) and on the other there are everyday stories of bumbling politicians leaving laptops on trains, civil servants throwing CDs full of data into the garbage and pen drives left in taxis. Never before has our data been this vulnerable. And what’s being done about it? Well, there’s undoubtedly a lot of talking but not much action not even against the morons who clearly don’t take our privacy very seriously and often instead of getting the sack are given a slap on the wrist and sent on to prove their ineptitude once more. Maybe if they found themselves out of a job, they might think twice about their carelessness with sensitive information next time. Harsh? I don’ think so, since I believe that if I’m entrusted with information or indeed the money of many citizens then I should be ensuring that I perform my duties to the best of my ability rather than adopting a slap dash approach of, “if it isn’t mine, it doesn’t matter.”  That said, if we don’t care how we handle our own personal data then how on earth can we expect a civil servant to care?

“Knowledge is power” or, more specifically, “data is power.” And big companies (like supermarkets) are spending phenomenal amounts of money getting the edge on their competitors. Many have discovered the power of loyalty ‘cards’; to us, a few extra coupons every quarter, to them, thousands of pounds worth of fortune telling; how often we dye our hair, stock up on sanitary products and even have sex, its all in the scan of a card. Knowing when they will sell more of what means that inventory levels can be reduced and logistics coordinated to maximise profits. What you buy and where in the country is sifted, collated and pie charted to see what type of person lives where, how much shoppers in a specific city are spending on luxury items versus everyday essentials (rich versus poor), how much on the latest DVD box sets, versus arthritic potions (young versus old). Instant demographics means the ability to target specific products, prices, offers. These are added savings that would have otherwise cost the company thousands, possibly millions per annum. Of course this isn’t an exact science but an average is better than nothing (this is after all how many government statistics are published).  Whilst most people will pause for thought when considering how much these corporate peeping toms know about us, others will ask what all the fuss is about. So what if retailers are able to pitch the right products and offers to the right people? How you feel is purely subjective. The point is that in the 21^st century, data is king, if “the computer says no,” then it’s no. Even the humble rent book is no longer stamped but swiped in the form of a plastic card with that all powerful magnetic strip that attracts and retains all of your personal details.

Campaigners warn against “a surveillance society” in which the state acquires greater powers to track the movements of citizens and retain personal data.  A few years ago, government plans for a database holding details of our telephone calls and emails was branded as ‘Orwellian’ and shelved whilst ministers ‘consult’ further. In the meantime, there are an estimated four million surveillance cameras in the UK and its DNA database is the largest in the world. Not surprising, since UK law allows police to take DNA samples from anybody who is arrested and retain them indefinitely regardless of whether or not they are convicted.  Yet the government insists that surveillance cameras and DNA samples are “essential crime fighting tools.” And many will agree. “If you don’t do anything wrong then you’ll have nothing to worry about.” What do you think?

There is so much on this subject that I could fill a whole magazine and not just an article. What does concern me is the accessibility of our data and the absence of comprehensive checks to ensure that what information is held on us remains private.  I’d heard and read so many stories about identity theft and the fact that it is on the increase that I decided to conduct my own experiments. I must stress that I have no previous investigative training or exposure to methods in which to obtain such information. What I do have is a laptop, internet access, and a mobile phone.

The phrase “keeping up with the Jones” originated from a popular comic strip and is, like it or not, embedded in the psyche of many people which means that with the best will in the world, especially in the current economic climate, the last thing you want to hear is your neighbour crowing about his brand new car and about the fact that he got it with an exclusive discount and that he paid for most of it with cash. Now, you would think he’d make such a claim because it was true or simply because he believed you wouldn’t be able to find out anyway, right? Wrong. This is what I found out.

Take a look at the car’s  number plate, dealers will often brand this with their name for marketing purposes. Type the company name into your favourite search engine and be rewarded with their contact details.  Give them a call and ask the anonymous question, “I’m interested in buying a car but I have some ‘ethical’ concerns about which company you might refer my car loan to. Could you please confirm the name of your finance company?”  Dealers are always on the look out for new business; don’t expect any resistance to your question. Now, use your trusty search engine to find the finance company’s contact details or simply call the dealer back and this time tell them that you’re a customer and need to speak to somebody about an existing car loan. For the next part, you’re going to need the name of your neighbour and their address. Well, you already have those. You just need to know their date of birth. What? You’re not that intimate with your neighbour? Oh well, never mind, there are many websites out there who are able to help you. It’ll cost about £9.00 but for that you’ll get a whole dossier which will include but is not limited to: confirmation mailing address, phone number, names of all other household occupants, the price of the house, the names of previous occupants, family history. If he or she is a director of a company, then you’ll get the name of the company, address, position in the company, confirmation of date of birth, neighbouring address information, including bought and sold price, directions to their house, oh, and if you’re really interested, an areal photograph that you can zoom into!  And all this is perfectly legal. No dodgy site or anything like that.  The information is gleaned primarily from the electoral roll; the rest is collated from a selection of perfectly legal databases. So, now, if you’re were truly devious and want to illegally impersonate your neighbour, give the finance company a call and when they say, “For security purposes, please confirm your date of birth and the first line of your address,” you’ll have all the information you need.

And that’s just the tip of the iceberg. For £20, I was able to log onto a website and track my ex down to an address in Atlanta, United States. The dossier contained current abode, contact details (current and pervious telephone numbers), time at current abode, property owner (whether  owned or leased), current occupants, next of kin, family members and their contact details, neighbours, their contact details, the value of their properties, criminal convictions (passed and pending), and the list went on. Oh, and the website was running a special offer: for $2 dollars extra, I could get current email addresses and mobile phone numbers.  This is one of the many reasons why identity theft is on the increase. Latest estimates have put the cost of fraud to the UK economy at £1.2bn.  Moreover, these figures are set to rise with the current ‘crunch’ as more and more people find themselves out of a job and desperate.

Data accessibility is making it much easier for criminals to get a hold of our personal details and use these to claim state benefits, open bank accounts, apply for credits cards and even obtain false official documents, such as birth certificates, passports and driving license.  The worse thing is that if your identity is stolen, you won’t know anything about it until it’s too late. Most tend to find out when they actually attempt to make a benefit claim only to discover that they’re already claiming or when they are refused a credit card because they’ve already maxxed out the other five cards and 3 loans they didn’t know about. There are many ways a criminal can assume your identity, one of the most common ways, believe it or not, is to rifle through your trash cans. Yes, your refuse could prove a veritable banquet for voracious fraudsters. All it takes is a discarded letter. For example, you may resist taking up a promotional offer from a catalogue company, you screw the leaflet up and throw it in the bin, and you might even rip it up a few times. Not good enough. It doesn’t take a krypton factor champion to reassemble several pieces of a document that more than often contains not only your name and address but also your account number. If not, you need only say, “Hello, my name’s Jo Bloggs and I live in this street and this town with this postcode. I’m sorry, I don’t have my account number at the moment but can you track me down by my postcode. What’s that? For security reasons, you want me to confirm my date of birth.” And there you have it. Before you know it, you’ve charged thousands of pounds of electrical goods and, in some cases, a new set of underwear that you haven’t even clapped eyes on.

So, what’s the government doing to protect us? Well, sadly, not much. In reality, there isn’t much it can do except hope that the natural gravitational pressures on institutions to protect themselves and their customers from fraudsters will force them into introducing stricter security protocols.  Some already have, by introducing password protected accounts and additional security screening but, as you’ve seen above, some of this is woefully inadequate.

The irony is that most of us, who haven’t yet been victims of such crimes, are actually irked by the inquisition we’re subjected to each time we try to conduct our affairs over the phone, such as talking to the phone company. The reality is, utility bills are widely used as proof of identity when applying for important financial transactions, such as mortgage, car loan and, most important of all, mail redirection.  Another popular tool used by fraudsters.  Imagine for a second; how often (unless you’re expecting something) do you worry about not receiving post? For most, no news is good news.  Not necessarily. No news could mean that your mail has been redirected to a PO BOX falsely registered by someone in your name. It only takes a few days worth of your post to get a handle on your identity.  If you’re a registered on Royal Mail’s website, you can apply for a redirection online and subsequently confirm your identity with a variety of documents, one of them being (you’ve guessed it) a utility bill. It has to be said that Royal Mail claim to work hard to “stamp out fraud” because they take the problem “very seriously”. I dare say, perhaps not as seriously as the fee payable with each redirection application.

There are many things you can do to protect your identity and most you will have heard of before so rather than patronising you, I’ll just say that if you want to know more then simply revisit your trusty search engine, type in identity fraud and you’ll find a list of sites brimming with practical albeit obvious (for some) advice.

Originally published in issue 5 of a Different Angle magazine.