Expert: Consuelo Herrera, International Accountant and Fraud Examiner - 5/7/2008

Question
QUESTION: a friend of mine has bad credit
she  has below avg intelligence and  related to me that  a man ahd offered to fix her credit  for a price  in just a few days
essentially he offered to get ehr a  new SSN. and clear credit file  tied to that #
he lcaimed it would allow  her to  get mortgages , credit cards etc and  most of all pass  credit chex at  apt and job interviews?

question: is any of this legal or even true?
can she get in trouble if she goes along with this?
bear in mind that hse is not the smartest person in the world
and suffers from emotional disability?
will this type of credit fix,   be prosecuted even if she does not  use the new ssn?
or if she only utilizes it at an apt interview?
of course, after the interview at a private developer,  and landlord, the file would presumably be forwarded to the local municipal , state  or federal  governemtn for final approval or review

would they  note the discrepancy in her ss numbers  ?
when they compare  her lok up her name in thier own database?
or  cross reference her documents ?
eg:  her drivers license or  passport etc could have some overt or couvert reference to  her ssn and of ocurse,  that one would not match the  one she rpesents

she would have to present a  new  ro copy of a new ss card with the new  (fake ) number
do people who  try and clean thier credit rec really fast  succeed? get caught? get prosecuted?what  penalties do they face? how severe? practically speakin? $'s please..
what about  people liek this young lady who are enticed or not  cognizant of the law or that htey r doin anything wrong?
even a person of normal intelligence who does not knwo  much aobut credit  could c a legit clookin advert on the internet etc and  think they  r not doing somethinbg illegal to  pay someone  $$ to fix credit , - espesh sicne there r legit   experts that fix credit in various  time frames  for $$?
can someone b faulted that they  did not know that it supposed to take a long time? how would they get caught anyways? in an age of id theft  , how would the auhtorities and law enforcement  know  what ahppened and if in fact she was the  actual person that tampered with her credit , ANd not somebody else such as an  id thief for example?
how many cases of id theft or  ultra fast credit  repair are actually uncovered?
and  many legit companies promise as an advert ploy  and  draw in  csutomer tactic , to  fix credit very fast nayways even if they cant

ANSWER: Dear J,

Thank you for contacting me with your concerns.

Although you have asked me so many questions, all of them are interconnected. Bear in mind that I am not an attorney so take my response only as a guideline and do further research.

Identity theft is a felony that has many legal implications and that is linked to many other crimes.

Promises of fixing bad credit are just a scheme. The only instance where that is a true promise is when there is a mistake in the credit report. However, if a mistake exists, one can request the bureaus of credit to fix it but following their instructions and providing the accurate information and the supporting documentation. It is achieved successfully online and the interested party may track it down because by law the bureaus have a time frame to process the complain whether corrections are made or a response is provided explaining the reasons the request was denied.

Please read the following article which is self explanatory regarding identity theft and some measures taken by the government to prevent and punish identity theft; it provides other insights that you will find useful. Source:

blog.fulldisclosure.org/identity_theft_report/20070427-094923-Gaps-in-Statutes-Criminal-Identity-Theft

Gaps in Statutes Criminalizing Identity Theft
By Information at 04/27/07 09:49

ApriL 11, 2007
The Honorable George W. Bush, President of the United States, The White House, Washington, D.C.

Dear Mr. President:

By establishing the President's Task Force on Identity Theft by Executive Order 13402 on May 10, 2006, you launched a new era in the fight against identity theft. As you recognized, identity theft exacts a heavy financial and emotional toll from its victims, and it severely burdens our economy. You called for a coordinated approach among government agencies to vigorously combat this crime. Your charge to us was to craft a strategic plan aiming to make the federal government's efforts more effective and efficient in the areas of identity theft awareness, prevention, detection, and prosecution. To meet that charge, we examined the tools law enforcement can use to prevent, investigate, and prosecute identity theft crimes; to recover the proceeds of these crimes; and to ensure just and effective punishment of identity thieves. We also surveyed current education efforts by government agencies and the private sector on how individuals and corporate citizens can protect personal data. And because government must help reduce, rather than exacerbate, incidents of identity theft, we worked with many federal agencies to determine how the government can increase safeguards to better secure the personal data that it and private businesses hold. Like you, we spoke to many citizens whose lives have been uprooted by identity theft, and heard their suggestions on ways to help consumers guard against this crime and lessen the burdens of their recovery. We conducted meetings, spoke with stakeholders, and invited public comment on key issues.

The views you expressed in the Executive Order are widely shared. There is a consensus that identity theft's damage is widespread, that it targets all demographic groups, that it harms both consumers and businesses, and that its effects can range far beyond financial harm. We were pleased to learn that many federal departments and agencies, private businesses, and universities are trying to create a culture of security, although some have been faster than others to construct systems to protect personal information.

There is no quick solution to this problem. But, we believe that a coordinated strategic plan can go a long way toward stemming the injuries caused by identity theft and, we hope, putting identity thieves out of business. Taken as a whole, the recommendations that comprise this strategic plan are designed to strengthen the efforts of federal, state, and local law enforcement officers; to educate consumers and businesses on deterring, detecting, and defending against identity theft; to assist law enforcement officers in apprehending and prosecuting identity thieves; and to increase the safeguards employed by federal agencies and the private sector with respect to the personal data with which they are entrusted.

Thank you for the privilege of serving on this Task Force. Our work is ongoing, but we now have the honor, under the provisions of your Executive Order, of transmitting the report and recommendations of the President's Task Force on Identity Theft.

Very truly yours,

Alberto R. Gonzales, ChairmanAttorney General

U.S. Department of Justice logo Deborah Platt Majoras, Co-ChairmanChairman, Federal Trade Commission

United States of America Federal Trade Commission logo

From Main Street to Wall Street, from the back porch to the front office, from the kitchen table to the conference room, Americans are talking about identity theft. The reason: millions of Americans each year suffer the financial and emotional trauma it causes. This crime takes many forms, but it invariably leaves victims with the task of repairing the damage to their lives. It is a problem with no single cause and no single solution.

Eight years ago, Congress enacted the Identity Theft and Assumption Deterrence Act,1 which created the federal crime of identity theft and charged the Federal Trade Commission (FTC) with taking complaints from identity theft victims, sharing these complaints with federal, state, and local law enforcement, and providing the victims with information to help them restore their good name. Since then, federal, state, and local agencies have taken strong action to combat identity theft. The FTC has developed the Identity Theft Data Clearinghouse into a vital resource for consumers and law enforcement agencies; the Department of Justice (DOJ) has prosecuted vigorously a wide range of identity theft schemes under the identity theft statutes and other laws; the federal financial regulatory agencies2 have adopted and enforced robust data security standards for entities under their jurisdiction; Congress passed, and the Department of Homeland Security issued draft regulations on, the REAL ID Act of 2005; and numerous other federal agencies, such as the Social Security Administration (SSA), have educated consumers on avoiding and recovering from identity theft. Many private sector entities, too, have taken proactive and significant steps to protect data from identity thieves, educate consumers about how to prevent identity theft, assist law enforcement in apprehending identity thieves, and assist identity theft victims who suffer losses.

Over those same eight years, however, the problem of identity theft has become more complex and challenging for the general public, the government, and the private sector. Consumers, overwhelmed with weekly media reports of data breaches, feel vulnerable and uncertain of how to protect their identities. At the same time, both the private and public sectors have had to grapple with difficult, and costly, decisions about investments in safeguards and what more to do to protect the public. And, at every level of government - from the largest cities with major police departments to the smallest towns with one fraud detective - identity theft has placed increasingly pressing demands on law enforcement.

Public comments helped the Task Force define the issues and challenges posed by identity theft and develop its strategic responses. To ensure that the Task Force heard from all stakeholders, it solicited comments from the public.

In addition to consumer advocacy groups, law enforcement, business, and industry, the Task Force also received comments from identity theft victims themselves.3 The victims wrote of the burdens and frustrations associated with their recovery from this crime. Their stories reaffirmed the need for the government to act quickly to address this problem.

The overwhelming majority of the comments received by the Task Force strongly affirmed the need for a fully coordinated approach to fighting the problem through prevention, awareness, enforcement, training, and victim assistance. Consumers wrote to the Task Force exhorting the public and private sectors to do a better job of protecting their Social Security numbers (SSNs), and many of those who submitted comments discussed the challenges raised by the overuse of Social Security numbers as identifiers. Others, representing certain business sectors, pointed to the beneficial uses of SSNs in fraud detection. The Task Force was mindful of both considerations, and its recommendations seek to strike the appropriate balance in addressing SSN use. Local law enforcement officers, regardless of where they work, wrote of the challenges of multi-jurisdictional investigations, and called for greater coordination and resources to support the investigation and prosecution of identity thieves. Various business groups described the steps they have taken to minimize the occurrence and impact of the crime, and many expressed support for risk-based, national data security and breach notification requirements.

These communications from the public went a long way toward informing the Task Force's recommendation for a fully coordinated strategy. Only an approach that encompasses effective prevention, public awareness and education, victim assistance, and law enforcement measures, and fully engages federal, state, and local authorities will be successful in protecting citizens and private entities from the crime.

Although identity theft is defined in many different ways, it is, fundamentally, the misuse of another individual's personal information to commit fraud. Identity theft has at least three stages in its "life cycle," and it must be attacked at each of those stages:

First, the identity thief attempts to acquire a victim's personal information.

Criminals must first gather personal information, either through low-tech methods - such as stealing mail or workplace records, or "dumpster diving" - or through complex and high-tech frauds, such as hacking and the use of malicious computer codes. The loss or theft of personal information by itself, however, does not immediately lead to identity theft. In some cases, thieves who steal personal items inadvertently steal personal information that is stored in or with the stolen personal items, yet never make use of the personal information. It has recently been reported that, during the past year, the personal records of nearly 73 million people have been lost or stolen, but that there is no evidence of a surge in identity theft or financial fraud as a result. Still, because any loss or theft of personal information is troubling and potentially devastating for the persons involved, a strategy to keep consumer data out of the hands of criminals is essential.

Second, the thief attempts to misuse the information he has acquired.

In this stage, criminals have acquired the victim's personal information and now attempt to sell the information or use it themselves. The misuse of stolen personal information can be classified in the following broad categories:

Existing account fraud: This occurs when thieves obtain account information involving credit, brokerage, banking, or utility accounts that are already open. Existing account fraud is typically a less costly, but more prevalent, form of identity theft. For example, a stolen credit card may lead to thousands of dollars in fraudulent charges, but the card generally would not provide the thief with enough information to establish a false identity. Moreover, most credit card companies, as a matter of policy, do not hold consumers liable for fraudulent charges, and federal law caps liability of victims of credit card theft at $50.

New account fraud: Thieves use personal information, such as Social Security numbers, birth dates, and home addresses, to open new accounts in the victim's name, make charges indiscriminately, and then disappear. While this type of identity theft is less likely to occur, it imposes much greater costs and hardships on victims.

In addition, identity thieves sometimes use stolen personal information to obtain government, medical, or other benefits to which the criminal is not entitled.

Third, an identity thief has completed his crime and is enjoying the benefits, while the victim is realizing the harm.

At this point in the life cycle of the theft, victims are first learning of the crime, often after being denied credit or employment, or being contacted by a debt collector seeking payment for a debt the victim did not incur.

In light of the complexity of the problem at each of the stages of this life cycle, the Identity Theft Task Force is recommending a plan that marshals government resources to crack down on the criminals who traffic in stolen identities, strengthens efforts to protect the personal information of our nation's citizens, helps law enforcement officials investigate and prosecute identity thieves, helps educate consumers and businesses about protecting themselves, and increases the safeguards on personal data entrusted to federal agencies and private entities.

The Plan focuses on improvements in four key areas:


keeping sensitive consumer data out of the hands of identity thieves through better data security and more accessible education;
making it more difficult for identity thieves who obtain consumer data to use it to steal identities;
assisting the victims of identity theft in recovering from the crime; and
deterring identity theft by more aggressive prosecution and punishment of those who commit the crime.
In these four areas, the Task Force makes a number of recommendations summarized in greater detail below. Among those recommendations are the following broad policy changes:


that federal agencies should reduce the unnecessary use of Social Security numbers (SSNs), the most valuable commodity for an identity thief;
that national standards should be established to require private sector entities to safeguard the personal data they compile and maintain and to provide notice to consumers when a breach occurs that poses a significant risk of identity theft;
that federal agencies should implement a broad, sustained awareness campaign to educate consumers, the private sector, and the public sector on deterring, detecting, and defending against identity theft; and
that a National Identity Theft Law Enforcement Center should be created to allow law enforcement agencies to coordinate their efforts and information more efficiently, and investigate and prosecute identity thieves more effectively.
The Task Force believes that all of the recommendations in this strategic plan - from these broad policy changes to the small steps - are necessary to wage a more effective fight against identity theft and reduce its incidence and damage. Some recommendations can be implemented relatively quickly; others will take time and the sustained cooperation of government entities and the private sector. Following are the recommendations of the President's Task Force on Identity Theft:

Identity theft depends on access to consumer data. Reducing the opportunities for thieves to get the data is critical to fighting the crime. Government, the business community, and consumers have roles to play in protecting data.

Data compromises can expose consumers to the threat of identity theft or related fraud, damage the reputation of the entity that experienced the breach, and carry financial costs for everyone involved. While "perfect security" does not exist, all entities that collect and maintain sensitive consumer information must take reasonable and appropriate steps to protect it.

Decrease the Unnecessary Use of Social Security Numbers in the Public Sector by Developing Alternative Strategies for Identity Management

Survey current use of SSNs by federal government

Issue guidance on appropriate use of SSNs

Establish clearinghouse for "best" agency practices that minimize use of SSNs

Work with state and local governments to review use of SSNs * Educate Federal Agencies on How to Protect Data; Monitor Their Compliance with Existing Guidance

Develop concrete guidance and best practices

Monitor agency compliance with data security guidance

Protect portable storage and communications devices

Ensure Effective, Risk-Based Responses to Data Breaches Suffered by Federal Agencies

Issue data breach guidance to agencies

Publish a "routine use" allowing disclosure of information after a breach to those entities that can assist in responding to the breach

Data Security in Private Sector

Establish National Standards for Private Sector Data Protection Requirements and Breach Notice Requirements

Develop Comprehensive Record on Private Sector Use of Social Security Numbers

Better Educate the Private Sector on Safeguarding Data

Hold regional seminars for businesses on safeguarding information

Distribute improved guidance for private industry

Initiate Investigations of Data Security Violations

Initiate a Multi-Year Public Awareness Campaign

Develop national awareness campaign

Enlist outreach partners

Increase outreach to traditionally underserved communities

Establish "Protect Your Identity" Days

Develop Online Clearinghouse for Current Educational Resources

Because security systems are imperfect and thieves are resourceful, it is essential to reduce the opportunities for criminals to misuse the data they steal. An identity thief who wants to open new accounts in a victim's name must be able to (1) provide identifying information to allow the creditor or other grantor of benefits to access information on which to base a decision about eligibility; and (2) convince the creditor that he is the person he purports to be.

Authentication includes determining a person's identity at the beginning of a relationship (sometimes called verification), and later ensuring that he is the same person who was originally authenticated. But the process can fail: Identity documents can be falsified; the accuracy of the initial information and the accuracy or quality of the verifying sources can be questionable; employee training can be insufficient; and people can fail to follow procedures.

Efforts to facilitate the development of better ways to authenticate consumers without burdening consumers or businesses - for example, multi-factor authentication or layered security - would go a long way toward preventing criminals from profiting from identity theft.

Hold Workshops on Authentication

Engage academics, industry, entrepreneurs, and government experts on developing and promoting better ways to authenticate identity

Issue report on workshop findings

Develop a Comprehensive Record on Private Sector Use of SSNs

Identity theft can be committed despite a consumer's best efforts at securing information. Consumers have a number of rights and resources available, but some surveys indicate that they are not as well-informed as they could be. Government agencies must work together to ensure that victims have the knowledge, tools, and assistance necessary to minimize the damage and begin the recovery process.

Provide Specialized Training About Victim Recovery to First Responders and Others Offering Direct Assistance to Identity Theft Victims

Train law enforcement officers

Provide educational materials for first responders that can be used as a reference guide for identity theft victims

Create and distribute an ID Theft Victim Statement of Rights

Design nationwide training for victim assistance counselors

Develop Avenues for Individualized Assistance to Identity Theft Victims

Amend Criminal Restitution Statutes to Ensure That Victims Recover the Value of Time Spent in Trying to Remediate the Harms Suffered

Assess Whether to Implement a National System That Allows Victims to Obtain an Identification Document for Authentication Purposes

Assess Efficacy of Tools Available to Victims

Conduct assessment of FACT Act remedies under FCRA

Conduct assessment of state credit freeze laws

Strong criminal law enforcement is necessary to punish and deter identity thieves. The increasing sophistication of identity thieves in recent years has meant that law enforcement agencies at all levels of government have had to increase the resources they devote to investigating related crimes. The investigations are labor-intensive and generally require a staff of detectives, agents, and analysts with multiple skill sets. When a suspected theft involves a large number of potential victims, investigative agencies often need additional personnel to handle victim-witness coordination.

Coordination and Information/Intelligence Sharing

Establish a National Identity Theft Law Enforcement Center

Develop and Promote the Use of a Universal Identity Theft Report Form

Enhance Information Sharing Between Law Enforcement and the Private Sector

Enhance ability of law enforcement to receive information from financial institutions

Initiate discussions with financial services industry on countermeasures to identity theft

Initiate discussions with credit reporting agencies on preventing identity theft

Encourage Other Countries to Enact Suitable Domestic Legislation Criminalizing Identity Theft

Facilitate Investigation and Prosecution of International Identity Theft by Encouraging Other Nations to Accede to the Convention on Cybercrime

Identify the Nations that Provide Safe Havens for Identity Thieves and Use All Measures Available to Encourage Those Countries to Change Their Policies

Enhance the United States Government's Ability to Respond to Appropriate Foreign Requests for Evidence in Criminal Cases Involving Identity Theft

Assist, Train, and Support Foreign Law Enforcement

Increase Prosecutions of Identity Theft

Designate an identity theft coordinator for each United States Attorney's Office to design a specific identity theft program for each district

Evaluate monetary thresholds for prosecution

Encourage state prosecution of identity theft

Create working groups and task forces

Conduct Targeted Enforcement Initiatives

Conduct enforcement initiatives focused on using unfair or deceptive means to make SSNs available for sale

Conduct enforcement initiatives focused on identity theft related to the health care system

Conduct enforcement initiatives focused on identity theft by illegal aliens

Review Civil Monetary Penalty Programs

Close the Gaps in Federal Criminal Statutes Used to Prosecute Identity Theft-Related Offenses to Ensure Increased Federal Prosecution of These Crimes

Amend the identity theft and aggravated identity theft statutes to ensure that identity thieves who misappropriate information belonging to corporations and organizations can be prosecuted

Add new crimes to the list of predicate offenses for aggravated identity theft offenses

Amend the statute that criminalizes the theft of electronic data by eliminating the current requirement that the information must have been stolen through interstate communications

Penalize creators and distributors of malicious spyware and keyloggers

Amend the cyber-extortion statute to cover additional, alternate types of cyber-extortion

Ensure That an Identity Thief's Sentence Can Be Enhanced When the Criminal Conduct Affects More Than One Victim


Please do not be deceived by false promises and do not fall in the trap of a willful identity theft scheme. Its consequences are devastating.

Hope it helps.


Sincerely,

Consuelo Herrera, CAMS, CFE

---------- FOLLOW-UP ----------

QUESTION: so it appears that the local sstate and fed govs will laways , in the interest of  sop and best practice, verify any ssn submitted for any improtatn reason?
and concocting a new ssn  that presumably was never used before, ( and r there ways of  ascertaining this?)  and that does not beling to anyone, and ( and r there ways of  ascertaining this?) and is unlikely to be given to anyone else ,( and r there ways of  ascertaining this?), is still id theft , even though there is no victim??

Answer
Dear J,

Every employer, contractor, and of course, government entities should verify social security numbers as a way to determine that the holder is the person who he or she states is.

Yes, there are ways to ascertain that a social security number has been used before. For example, these procedures are granted to a person/investigator in charge of background checks.

I wish you success in your search regarding this topic.

Sincerely,


Consuelo Herrera, CAMS CFE