What Is Identity Fraud?
Identity fraud is when someone uses an individual’s personal information without permission, usually to achieve a material benefit. Examples of identity fraud include an unauthorized individual using the victim’s identity to perform illegal actions, obtain documents, or access the victim’s bank account.
The victim might only become aware of the fraud when related mail arrives, such as an invoice or bill for something the perpetrator ordered. For example, an individual might receive a letter from a debt collector for a debt for something they never purchased.
What Is Identity Theft?
Identity theft is when a criminal obtains the necessary personal information about an individual to impersonate the victim. The perpetrator can use identity details (i.e., name, address, date of birth, etc.) to commit fraud, illegal activity, or unauthorized actions in the victim’s name.
For example, the criminal may use the victim’s identity to take out a credit card or open a new bank account. In some cases, identity theft targets deceased individuals.
The fraud carried out using identity theft can impact the victim’s credit rating, making it difficult to take out new credit cards or loans and directly damaging the victim’s finances.
This article is part of our series of articles about identity verification.
In this article:
- Identity Fraud vs. Identity Theft: Understanding the Difference
- How to Protect Your Organization from Identity Theft and Fraud
- Well-Planned User Data Access
- Set Customer Processing Rules
- Switch to Digital Statements
- Build a Secure Filing System
- Monitor Business Credit Reports
- Identity Verification with BlueCheck
Identity Fraud vs. Identity Theft: Understanding the Difference
Identity fraud and theft are related but distinct, though many use these terms interchangeably. While fraud relates to the misuse of the victim’s personal information or existing accounts, identity theft involves leveraging this stolen information to pretend to be the victim, for example, to open new accounts.
If you are the victim of a data breach and the hackers stole your information, you would be vulnerable to identity fraud and theft. For example, if the attacker uses your payment card details to make an unauthorized purchase, this amounts to identity fraud. Likewise, if the attacker uses your information to apply for a new credit card or find a job, this is identity theft. Identity theft thus requires identity fraud, but not all copy leads to identity theft.
Cybercriminals can now use advanced technologies to commit large-scale identity theft, such as compromising the computer systems of businesses or government agencies to steal data about millions of individuals. They can commit various crimes using this stolen personal information, including names, Social Security numbers, and other details.
Some of the main methods used to steal personal information include:
- Phishing—the fraudster emails individuals to trick them into revealing their personal information.
- Malware—the fraudster tricks the victims into downloading malicious software that can access their networks and send sensitive data to the criminal. Victims usually install the malware by falling for an enticing offer or advertisement.
- Physical theft—the fraudster uses a low-tech method, such as stealing mail or sorting through garbage to obtain personal information.
There are many types of identity fraud, although most of them fall into one of six main categories as defined by the US Federal Trade Commission:
- Credit card fraud—the fraudster uses another individual’s credit card (or credit card details) to make unauthorized purchases.
- Employment fraud—the fraudster uses another individual’s personal information, such as a Social Security number, to apply for a job or obtain an income tax return.
- Utility fraud—the fraudster uses another individual’s personal information to create a utility account, such as a new mobile phone account.
- Bank fraud—the fraudster uses another individual’s personal information to hijack the victim’s existing bank account or open new accounts in the victim’s name (i.e., identity theft).
- Loan/lease fraud—the fraudster uses another individual’s information to apply for a lease or loan.
- Government documents fraud—the fraudster uses the victim’s information to obtain additional information via government documents or steal the victim’s social benefits.
Criminal identity fraud is an additional form of identity fraud that involves the perpetrator of an illegal action claiming to be another person when arrested. For example, the fraudster might use the identifying information of an actual individual to make the impersonation more realistic.
How to Protect Your Organization from Identity Theft and Fraud
The following best practice can help protect an organization and its customers from identity theft and fraud.
Well-Planned User Data Access
Organizations should use several system security layers to ensure that individuals can access company information only if they have a specific need for it. For example, users should never share accounts, and every account must only have access to suitable systems. In addition, all access should be revoked after an employee leaves the company or moves to a new role.
Set Customer Processing Rules
- Verify customer identity - take measures to ensure customers are who they say they are.
- Do not collect unnecessary data - organizations that do not use specific customer data, such as addresses or birth dates, should request it at all.
- Use fraud alerts - when the system flags suspicious activity, organizations should freeze the customer’s account and manually review unusual transactions.
- Perform customer due diligence (CDD) - organizations should know their customer through various means. For example, custom-segmented workflows for new customers can help organizations perform step-up authentication to reduce customer friction and prevent fraudulent activity.
Related content: Read our guide to identity verification services
Switch to Digital Statements
Threat actors often use mail theft as an entry point for stealing business information. Therefore, organizations should digitally request bank statements, human resources files, credit card bills, and other valuable information instead of via mail. While becoming completely paperless is not an option for all organizations, switching to digital financial information can help minimize risks, shift to digital accounting and statements, and save money and time.
Build a Secure Filing System
Organizations that retain paper records should keep their papers secure and locked. Only authorized stakeholders can access the information, for example, by using a locked filing cabinet or a cabinets system. For additional security, organizations put the locked file storage in a secure or locked area requiring a second level of access or use a safe or vault.
Monitor Business Credit Reports
Organizations should keep business data secure by monitoring business credit reports. Basic security involves getting alerts from the government when a party tampers with these records. Additionally, organizations should quickly monitor business credit to identify suspicious activity and issues. Monitoring helps catch and fix issues on time before they escalate.
Identity Verification with BlueCheck
BlueCheck’s industry-leading identity verification infrastructure enables merchants to grow their business faster. As we serve a wide variety of industries, our solutions are custom-tailored to the unique needs of our customers, including PACT Act and eCommerce compliant offerings.