===== What is Identity Theft? =====

===== Introduction =====

The Government and individuals both have a notion of what "identity theft" actually is. One's definition and understanding of this concept directly contributes to one's opinions of ID card shemes, perhaps like those proposed in the UK and US, or those in France, Italy, Spain etc.

This document attempts to discuss Identity Theft, and to separate the various aspects of it into "public" (ie. the domain of the Government) and "private" (the domain of the individual). This is because the distinction between public and private is an important one: No Government, except those of a Police State, has any justification to encroach on it's citizen's private lives. The addage "what I do in my own home is my business" suits, provided that whatever one is doing does not encroach on anyone else's rights to the same.

===== The Assumption of Another Identity =====

People have used multiple identities since the dawn of society. One has always had a "personal" and "professional" identity. For example, one may perform duties prescribed by one's employer that one would not perform for one's self. An example might be exhibiting "professional behaviour" whilst talking to colleagues, versus having free and frank conversations with the same people in a social setting.

Often children will use another's identity to avoid punishment. Any time someone says "it was him", that is, in a sense, a reverse of the assumption of their identity. It is a statements saying that the perpetrator has a different identity than one's self. Again, one is attempting pass one's self off as having a slightly different identity than would otherwise be perceived.

In another sense, people use multiple identities to protect themselves. For example, when meeting people for the first time, one may use a pseudonym or inflate the importance of one's profession. This is the use of an alternate identity because it is not an exact reflection of one's self.

Internet users (the author included) use pseudonyms or alternate identities all the time. Again, this is for self-preservation. One may not want to use one's real name when passing comment as this may cause problems in one's life. For example, when criticising one's employer, or in more controlled states, the Government.

the assumption of alternate identities is an essential part of safe living in a free environment. This is nothing new as it has always occurred in one form or another throughout history.

===== Identity Theft =====

A general definition of identity theft might be:

"the assumption of another persons identity in order to obtain information, products or services as that person".

The reader will note this is subtly different from falsifying identity, in which case a ficticious identity is created in order to achieve much the same thing. Identity theft is specifically the assumption of another person's identity.

===== Uses for an Assumed Identity =====

Assuming one has sufficiently assumed another's identity, an extensive assumption, one might wish to use the identity for the following:

===== -Gain Access to Finances =====

Possibly the most common use of an assumed identity is to gain access to finances. At it's simplest, this would require access to a credit card, pin number or signature. More complex fraud would require extensive access to banking services (such as Internet banking facilities) or even more intricate would require forged physical identification, such as photographic documentation to gain access to bank branch services.

In general any fraud will utilise the path of least resistance. Bank card "skinning" (the copying of the card) is very common. Fraudsters modify ATM cash machines to record card details, or "double swipe" cards used during purchases. Access to bank services is then achieved by forging the card signature or watching as the cardholder uses their PIN number.

To gain any further access to finances requires significantly more effort on the part of the fraudsters. This is because banks secure their services using the card holder's personal information (eg. mother's maiden name, etc) or further levels of verifiation (eg. letters from a password). For fraudsters to circumvent this security would require obtaining the source information (ie. the whole password, not just the last letters used).

Again, fraudsters tend to use the easiest route to this information. For example, looking through a victims refuse can often reveal paper where the victim has written their passwords to be able to answer the prompts from their bank. For fraudsters to be able to do this, they must of course know the victim's bank details (account number, sort code, etc) and also the victim's address. Further they need physical access to the victims home and for the victim to weaken the security by writing down and unsafely discarding that information (ie. unwittingly giving it to the fraudsters).

There are of course a raft of other ways that a person can be defrauded of their money without their immediate knowledge. However, these are generally highly complex and very rare.

The reader will note that this whole issue can largely be prevented by controls imposed by the victim's bank. That is, they provide services based on the assumption that they are being delivered to their customer rather than a fraudster. The assumptions they make are based on the steps they go through to verify who is who. If they perform more steps, or make them more difficult then fraudsters find it more and more difficult to actually commit fraud.

The issue of the cost of such fraud to individuals and banks also deserves some consideration. In general, if a case is actually fraud and the victim has taken all reasonable steps to comply with the bank's security policies (ie. has not willfully disclosed their security information) then the fraud is the responsibility of the bank. Banks naturally try to avoid this situation by attempting to break apart the victim's version of events. However, legal protections usually work in the victims favour, if they are verifiably victims and not accomplices.

Banks can avoid the costs they incur due to fraud by strengthening the security of their services. Here banks apply a simple formula: if it costs more to impose better security than the cost of the fraud, then don't do anything. Cost is not only monetary; it includes the perception by customers of the bank's credibility.

Again, the reader will note that this issue is entirely between banks and their customers.

===== -Apportion of Blame =====

This form of identity theft is often used to frame someone for a crime. The means to do this vary of course, and indeed does the crime. Minor crimes may not require extensive identity theft, perhaps only mistaken identity (such as dressing the same as the victim, for example). Crimes of greater severity may require forging physical evidence, such as fingerprints, DNA evidence etc. Clearly these require a great deal of effort on the part of the perpetrator.

Again, the police and legal system have protections against this type of deception. Forensic science for example specifically attempts to reduce risk of deception, and of course usual police procedures such as checking alibies and motives also reduce the risk. Clearly these are not infallable, although they may attempt or purport to be so.

In a similar vein to bank fraud, the "cost" of the deception is wieghed against the "cost" of detection of the deception. The cost to a wrongly charged person may be extremely high, so legal systems generally utilise extensive countermeasures. Each time mistakes are identified, legal systems adapt in some way to avoid the problem in the future. Clearly, legal systems differ in their abilities to do this.

Since the law is controlled by the Government, this type of deception is ultimately their responsibility.

===== To be continued... =====