Canada credit report trans union

Identity Theft Happens Mainly in America

Identity theft is largely an American phenomenon. There are reasons for that. Other nations don't rely on an identifying number - like a number to keep track of pension accounts or government benefits - for other purposes, like identifying consumers in credit reports.

Since the early 1990s credit bureaus have been collecting Social Security numbers and relying on the numbers to confirm a match when a lender requests a credit report on an applicant. By the same token, credit bureaus usually ask a consumer who wants to see his or her own credit report, as permitted by law, to provide a Social Security number to confirm his or her identity. The Federal Trade Commission, which regulates credit bureaus, actually encouraged this in the 1990s.

Strangers can get Social Security numbers from payroll records or buy them from Internet sites.

Thus, it's not hard to see why theft of identity is easy in the U.S. A stranger need only get a Social Security number to match a name and then ask a credit bureau to provide a copy of "his" credit report. Or the stranger can apply for credit under the target's name and use the victim's Social Security number to "authenticate" identity. Sometimes the stranger will change the address on the victim's credit account (and use the stolen SSN to "authenticate" identity. Credit bureaus are not required to send a notice to a consumer before activating a change of address, and so they don't do so.

This can't happen, of course, if credit bureaus discontinue using SSNs as a match. Credit bureaus in Europe and Australia do not do so, and so identity theft is virtually non-existent. "Outside the U.S.A., my impression is that identity theft is very uncommon (although the U.K. authorities carry on as though there were some)," Roger Clarke, long-standing privacy expert in Australia, told PRIVACY JOURNAL. "There have been only half-a-dozen reported cases in Australia over a period of quite some years."

Clarke, of Xamax Consultancy and Australian National University, monitors identity theft and identity fraud worldwide. In fact, he distinguishes between identity theft ("the adoption of an established identity by a second person, polluting the records of that identity with various organizations, typically retailers, finance companies and hence credit bureaus"), and identity fraud (the use of manufactured false IDs for immigration, fraud, money laundering, and possibly terrorism).

"There is a very high level of identity fraud throughout the world," Clarke said. "Insecure driver's licenses and insufficient skepticism about identity documents is one reason. But the largest reason is the ludicrous credit-card system, which invites fraud, and gets it."

In the latest annual report of the Privacy Commissioner in Australia there was not a word about identity theft in a discussion of 1300 complaints received over a 12-month period. But the commissioner, Karen Curtis, warned of the dangers of identity fraud, which "can reduce confidence in the authentication processes used for electronic commerce.

Clarke said that enforcement agencies in the U.S. "conflate identity fraud with identity theft."

American-style theft of identity has been appearing with increasing frequency in Canada. Most U.S. social trends migrate to Canada. But the underlying reason is obvious: Credit bureaus there, including American-owned Equifax and Trans Union, use Social Insurance numbers (SINs) as a match. According to Canada's social insurance registry, there are about 1.4 million more social insurance cards in circulation than there are people in the country. In warnings issued to citizens about theft of identity, Canada's Privacy Commissioner makes the link to misuse of SINs. Equifax and Trans Union now report more than 2,000 complaints of identity theft a month, in a population of more than 20 million.

Last summer The Australian newspaper reported from England, "Reports of increasing identity fraud attacks have been exaggerated by law enforcement agencies seeking to maintain budgets, according to a former Scotland Yard detective. . . . Rowan Bosworth-Davies says identity theft is relatively rare. 'I would need more evidence from law enforcement agencies of identity theft before I got too excited about it,' he says. Bosworth-Davies says there is a lot of hype around identity theft and a great deal of misinformation, which he attributes partly to some police agencies that want to increase funding. . . . Bosworth-Davies says genuine cases of identity [theft], using stolen credit card details and other identity documents, are relatively few.

Rosa Barcelo of the European Union staff told PRIVACY JOURNAL, "There are various major differences between the U.S. and the E.U. In the E.U. identity theft takes different forms than the "traditional" U.S. Social security number scam because in most E.U. countries the private sector does not rely on a social security number as is common practice in the U.S. However, the other type of identity [fraud] does occur in the E.U., for example, when Internet banking customers receive emails that appear to be from their bank. When they are answered, it enables the criminals to extract the customers' user names and passwords and perform operations as if they were the real customers." [Called "phishing." see PJ Oct 04.]

"Apparently, thieves also use the Electoral Roll to discover names, addresses and marital status and somehow steal individuals' identity. In sum, identity theft seems to be spreading but in a different way."

"My impression is that while in the E.U. identity theft occurs, it occurs less often than in the U.S., at least for the moment. So, there is a difference of degree. Credit card use in the E.U. is less common than in the U.S. In addition, I like to think that the E.U. Data Protection Directive, which ensures the protection of personal data, may contribute to diminish identity theft because the directive restricts the use of personal information. For example, under the E.U. Data Protection Directive, those who hold information are generally prohibited from disclosing it unless they have the consent of the individuals to whom the data refers. Banks may not provide any information (including names) of their customers. Furthermore, the directive applies security provisions upon those who hold personal data. Accordingly, the company which leaks personal data may face important economic sanctions."