Summary

Identity fraud--the stealing of such personal identification information as a social security number, date of birth, or mother's maiden name--appears to be increasing and is a factor in various financial crimes. Criminals may use this information to fraudulently establish credit, run up debt, or take over existing financial accounts. The methods used to obtain personal identifying information can range from basic street theft to sophisticated organized crime schemes involving the use of computerized databases or the bribing of employees with access to customer or personnel records. Currently, no federal agency has overall or primary jurisdiction for investigating such fraud, which is difficult to track because there is no standardized definition of identity fraud. The scope or types of identity fraud can range from unauthorized use of a credit card to the total takeover of a person's identity. GAO found no comprehensive statistics on the prevalence of identity fraud, although it did obtain limited statistics from some federal agencies. For example, a Secret Service official provided GAO with arrest statistics for the agency's financial-crimes investigation cases considered to be directly associated with identity fraud. As reported by the Secret Service, arrests in these cases totaled 8,806, 8,686, and 9,455, respectively, for fiscal years 1995, 1996, and 1997. This report discusses (1) law enforcement's responsibilities for investigating identity fraud and the difficulties in tracking such crime; (2) statistics or other data showing the prevalence of identity fraud; (3) the costs of identity fraud; and (4) identity fraud and the Internet, including the status of self-regulation by computerized database services that collect and disseminate personal identifying information. GAO, which asked credit bureaus for revenue figures associated with selling personal identifying information, also discusses the effects on businesses if such sales were restricted.

GAO noted that: (1) identity fraud may be an element in a variety of financial crimes; (2) no federal agency has overall or primary jurisdiction for the investigation of such fraud; (3) identity fraud is difficult to track because there is no standardized definition; (4) GAO found no comprehensive statistics on the prevalence of identity fraud, although it did obtain limited statistics from selected federal agencies; (5) a Secret Service official provided GAO arrest statistics for the agency's financial-crimes investigation cases considered to be directly associated with identity fraud; (6) officials at the Social Security Administration's Office of the Inspector General stated that the agency's investigations of social security number misuse in connection with program fraud increased from 305 in fiscal year (FY) 1996 to 1,153 in FY 1997; (7) the Internal Revenue Service (IRS) Criminal Investigation Division officials stated that IRS annually detects thousands of questionable refund schemes, many involving personal and business identity fraud; (8) in the private sector, an official with Associated Credit Bureaus, Inc., stated that the occurrences of credit fraud appear to have increased; (9) an official of Trans Union Corporation, one of the national credit bureaus, stated that two-thirds of all consumer inquiries to the company's Fraud Victim Assistance Department involve identity fraud; (10) officials at VISA U.S.A., Inc., and MasterCard International, Inc., indicated that overall fraud losses from their member banks are in the hundreds of millions of dollars annually, but these losses constitute a small part of the banks' overall billing transactions processed; (11) a recent American Bankers Association survey of the bank-card industry reported that lost and stolen cards represented the largest single source of fraud losses in 1996, which marked the sixth consecutive year of this trend; (12) GAO found no comprehensive estimates of the costs of identity fraud; (13) many of the officials that GAO contacted stated that Internet growth increases opportunities for criminal activity; (14) in recent years, concerns have been raised about such risks associated with computerized database services, an industry that is widely used by both public- and private-sector entities to locate or verify the identity of individuals; and (15) regarding the amount of money credit bureaus earn from selling personal identifying information, an official with Associated Credit Bureaus, Inc., told GAO that members do not disclose revenue data, but aggregate figures are in the tens of millions of dollars annually.