Read an Excerpt

Identity Theft: The Case of Steven Shaw


In recent years, there has been a sudden and dramatic growth of a new kind of crime, made possible by the ready availability of both credit and once-private information on Americans. In these cases one person finds another's name and Social Security number, applies for a dozen credit cards, and proceeds to run up huge bills. (Many banks make this kind of theft far easier than it should be, by printing their customers' Social Security number on their bank statements.) Sometimes the thieves enjoy the merchandise for themselves, go on lavish trips, and eat in fine restaurants. Other times the thieves fence the ill-gotten merchandise, turning it into cash. This crime has become so common that it has earned its own special name: identity theft.

A typical case is what happened to Stephen Shaw, a Washington-based journalist. Sometime during the summer of 1991 a car salesman from Orlando, FL, with a similar name-Steven Shaw-obtained Stephen Shaw's credit report. This is actually easier than it sounds. For years, Equifax had aggressively marketed its credit reporting service to car dealers. The service lets salespeople weed out the Sunday window-shoppers from the serious prospects by asking a customer's name and then surreptitiously disappearing to the back room and running a quick credit check. In all likelihood, says the Washington-based Shaw, the Shaw in Florida had simply gone fishing for someone with a similar-sounding name and a good credit history.

Once Steven Shaw in Florida had Stephen Shaw's Social Security number and credit report, he had all that he needed to steal the journalist's identity. Besides stating that Stephen Shaw had excellent credit, the report listed his current and previous addresses, his mother's maiden name, and the account numbers of all of his major credit cards. Jackpot!

"He used my information to open 35 accounts and racked up $100,000 worth of charges," says Stephen Shaw. "He tagged me for everything under the sun-car loans, personal loans, bank accounts, stereos, furniture, appliances, clothes, airline tickets."

Because all the accounts were opened with Stephen Shaw's name and Social Security number, all of the businesses held the Washington-based Stephen Shaw liable for the money that the other Shaw spent. And when the bills weren't paid, the companies told Equifax and the other credit bureaus that Stephen Shaw, the man who once had stellar credit, was now a deadbeat.

Shaw says that it took him more than four years to resolve his problems-a period that appears to be typical for most identity theft victims. That's four years of harassing calls from bill collectors, of getting more and more angry letters in the mail, or not knowing what else is being done in your name. Four years of having your creditors think of you as a deadbeat. During this period, it's virtually impossible for the victim to obtain a new credit card or a mortgage. One of the cruelest results of identity theft is that many victims find themselves unemployable; in addition to references, many businesses routinely check credit reports of their job applicants.

Identity theft is made possible because credit-card companies, always on the lookout for new customers, don't have a good way to verify the identity of a person who mails in an application or orders a credit card over the telephone. So the credit card companies make a dangerous assumption: they take it for granted that if you know a person's name, address, telephone number, Social Security number, and mother's maiden name, then you must be that person. And when the merchandise is bought and the bills aren't paid, that person is the one held responsible.

Nobody is really sure how prevalent identity theft is today, but it is definitely on the rise. Ideally the perpetrators should be jailed, fined, and otherwise punished. But law enforcement agencies are overwhelmed, and the courts have not allowed the true victims-the people who have had their identity stolen-to press charges against the perpetrators. That's because the law sees the company that issued the credit as the aggrieved party, not the person who had their identity stolen. That's great for the identity thieves: for most large banks, it's rarely worth the expense to prosecute a case.

But ultimately, identity theft is flourishing because credit-issuing companies are not being forced to cover the costs of their lax security procedures. The eagerness with which credit companies send out pre-approved credit-card applications creates the risk of fraud; when the fraud takes place, the credit issuer simply notes that information in the consumer's credit file and moves on; the consumer is left to pick up the pieces and otherwise deal with the cost of a stolen identity. It stands to reason, then, that the easiest way to reduce fraud would be to force the companies that are creating the risk to suffer the consequences. One way to do that would by penalizing companies that add provably false information to a consumer credit report the same way we penalize individuals who file false police reports. Such penalties would force credit grantors to do a better job identifying the individuals to whom they grant credit, which would, in turn, do a good job of limiting the crime of identity theft.