The phrase “identity theft” is relatively new term for what is actually a centuries old problem. The crime has evolved, and so have methods to protect against it. Curiously, the methods to prevent identity theft are often quite controversial, as you’ll see as we explore the history of identity theft protection.
Identity Theft by Death & Murder
For hundreds of years, identity theft could be a truly gruesome crime. Criminals who needed to escape notice and people who desperately desired a new life would steal entire an entire identity, including the name, social security number, family history, career, and even life story. Sometimes this would happen after a murder, while more moralistic criminals tried to find obscure dead people whose identities matched closely enough to reasonably assume.
This tactic is referred to as “ghosting” and has been the subject of several books and movies. One of the more well-known stories is about 1930s actor Wallace Ford. Ford, actually born Samuel Jones, was a young, homeless stow-away on a freight train across America with the real Wallace Ford, who was killed in a train accident and never identified by relatives. At the age of 15, Jones decided to appropriate Ford’s entire identity, including his name and basic biography, and he eventually went on to star on Broadway and in Hollywood movies. It was not until his deathbed that “Ford” admitted his identity thievery.
A similarly amusing story involved King Sebastian of Portugal, who disappeared in 1578 while battling in Morocco. When the shocked people of the then-declining country refused to believe his death, several imposters attempted to step into the king’s identity. The first two identity thieves were of the lower class and had a hard time pulling off the royal life convincingly. The third was of an educated class and “ghosted” more successfully, but he too was eventually found out. Ironically, the last known imposter did not even speak Portuguese but managed to gain a lot of believers until his crime was discovered, after which he was quickly executed.
Identity Theft by Phone
By the 1960s, identity theft by phone was a real threat. The scams run were not too different from the well-known “Nigerian Prince” e-mails of today. The caller would claim they were contacting the person to give them lottery winnings or other gifts, but to release the gifts they needed some personal and bank information first. The criminal would then use the information to assume the victim’s identity entirely or to commit financial fraud, though at this point, few identity thieves were looking to run off and start a new life.
These were the scams referred to when the phrase “identity theft” was coined in 1964, according to the Oxford Dictionary. It was several more years before the phrase was mainstream enough to warn potential victims of these telephoning thieves, who made up nearly 100 percent of all identity theft cases.
Today, telephone scams still make up about seven percent of all reported cases.
Identity Theft by Garbage
By the 1980s, criminals had to evolve. The phone scams were well-known, and would-be victims had wizened up. So how else could a bad guy get personal information? Dumpster diving.
Identity thieves started rooting through garbage bins outside homes and businesses looking for discarded mail that contained all the necessary personal information: bank statements, credit card offers, bills, pay stubs and other revealing paperwork.
In the late 80s, this approach was documented enough by TV and print media for homes and businesses to start investing in small paper shredders. Simple strip shredding was accepted as the best way to prevent identity theft for several years, but later shredders were upgraded to cross-cut, making it harder to piece documents back together.
Identity Theft by Internet
The 1990s opened a whole new world with the introduction of home- and business-based Internet access. Unfortunately, the identity thieves were just as up-to-date and they had one driven purpose: the almighty dollar.
Within 10 years, up to 62 percent of identity theft cases, according to the FTC, were committed over the Internet. The number of cases was steadily increasing every year until the government stepped in to make some changes, as we’ll see later.
What made the crime appealing to so many more criminals was the physical and emotional distance. The thief did not have to murder or risk getting caught rummaging through a recycling bin. He or she also had greater access to potential victims, since the thief could live in Oregon and steal information from a wealthy person in New York City. Thieves also assumed—somewhat correctly—that they were less likely to get caught if there was no physical evidence.
By 2011, hacking using viruses, malware and other methods of unauthorized computer access made up a majority of information theft.
It was this scary new method of theft that set off a wide array of “identity theft protection” services.
Identity Theft by RFID
As part of the latest era of identity theft, we include the controversial RFID (Radio Frequency ID) chip now included in many credit and debit cards. Some states now also include them in driver’s license, and the federal government uses RFID in all passports. These chips are designed to wirelessly send information, which in the case of credit cards can help speed up transactions over the conventional magnetic stripe that requires swiping.
Not long after RFID was introduced in these bank cards, identity thieves had discovered a way to hack the radio frequency to steal information that can include the cardholder’s name, credit card number, expiration date, and more. Critics argue that this information is often poorly encrypted or not encrypted at all. Strictly speaking, this illegal act is not identity theft but rather credit card fraud. However, the real fear may lie in the ability to scan passports and government-issued IDs which may contain enough personal information for full identity theft.
The devices used by these thieves are simple scanners. The most popular protective product that was invented to combat these scanners is a signal-blocking enclosure, which is usually either a hard-cased wallet or foil-lined pouches for each card.
Milestones in Identity Theft Protection
1899 – Equifax
Here we find the first credit union, originally founded as the Retail Credit Company. At that time, RCC was primarily in the business of insurance. They collected and maintained information that life, medical, home and auto insurance companies could use to establish rates. What kind of information, you ask? Excellent question, because it was a lot more than we would tolerate today. It wasn’t until the 1960s that RCC’s business practices became publicly known, which incited angry criticism.
RCC was collecting information not just on finances and general credit worthiness but education, job history, habits (like drinking or smoking), political views and even marriage problems and sex life. It was alleged that RCC gave bonuses to employees who could scope out negative information on people for the company’s files, even if this info was based entirely on rumor.
Unbelievably, nothing was done until RCC announced that it would be digitizing its records for the age of computers. The risk of this information becoming public pushed the government to respond with the Fair Credit Reporting Act in 1970. Facing a public backlash, RCC changed its name Equifax in 1975.
To this day, the “Big 3” credit bureaus play a huge role in catching and preventing identity theft that involves opening bank accounts, purchasing or leasing on credit, and other forms of financial fraud.
1968 – TransUnion
The second of the “Big 3” credit bureaus was established after a railroad industry company bought the Credit Bureau of Cook County, Illinois. It has been bought out twice since. TransUnion faced a heavy blow when it lost a lawsuit brought by a consumer who alleged the company took six years to remove fraudulent information from her credit report. The company was ordered to pay that consumer $5.3 million.
1970 – Fair Credit Reporting Act
The FCRA outlined regulations that the credit reporting bureaus must follow in order to protect consumer credit and to prevent identity theft.
One of these is the requirement to release their reports to consumers upon request to allow an opportunity to verify and correct information. The FCRA forced credit bureaus to attempt rectification when a consumer reported an error or dispute, especially those resulting from a stolen identity. It also established limits on how long information could be held, with seven years being the most common limit and 10 years the standard for bankruptcies.
1990 – Fellowes Personal Shredder
Prior to the late 80s, the only people using shredders to destroy sensitive information were government entities. A Supreme Court ruling in 1988 led to a surge in shredder sales, which encouraged the company Fellowes to release the first shredder designed for personal use.
The landmark decision was in the case California v. Greenwood. The Supreme Court ruled that warrantless searches of garbage left outside for collection do not violate the Fourth Amendment. The resulting demand to protect individual privacy eventually brought light to the more prominent risk of identity theft that occurs when criminals root through garbage.
1996 – Experian
The youngest of the “Big 3,” Experian is arguably the most global of the credit reporting bureaus. The company has built its stockpile of consumer data by constantly purchasing smaller bureau and marketing companies around the world.
Although it came after the FCRA, Experian is not without its controversial practices. One of its subsidiary companies sold off personal information to identity thieves. Also, in 2005, the company was forced to pay a fine for defying the FTC when it continued to advertise “free” credit reports that weren’t really free.
2001- Identity Guard
We bet you can see now why consumers begged for identity theft protection. The thieves and the credit bureaus were all living in a sort of Wild, Wild West. The first major company to step into this role was Identity Guard.
The company took its predecessors’ approach of monitoring credit reports and added on other security features, like anti-virus software to protect against hackers.
2003 – The Fair and Accurate Credit Transactions Act (FACTA)
In accordance with the Fair Credit Reporting Act of 1970, credit bureaus allowed consumers to access and view their credit reports. However, the bureaus took this as a simple way to make more money and charged up to $10 for the report. The amendment known as the FACTA made these reports free to access annually. Since there are three bureaus, consumers can actually obtain a different free report every 4 months. This helped consumers find warning signs of identity theft before it was too late.
The FACTA also made companies and employers responsible for data leaks that led to identity theft. These entities had to sufficiently destroy—through shredding, burning or pulverizing— paperwork that contained personal information. Failure to adhere to these regulations could result in civil liability, class-action lawsuits and a range of state and federal fines.
The new “Red Flags Rule” required banks and creditors to establish written policies to identify and respond to potential fraudulent activity. Consumers who file a fraud report were now entitled to updated reports from each bureau every 90 days to monitor activity.
Other regulations that served as identity theft protection included the mandate that receipts not list the last 5 digits of credit cards. Consumers were also now able to report fraud to one bureau, and that bureau was responsible for setting a national alert for all reporting agencies, including competing bureaus.
2003 – AnnualCreditReport.com
These truly free reports mandated by the FACTA became available through AnnualCreditReport.com. This website is owned and maintained collectively by the “Big 3” bureaus.
2005-6 – LifeLock, et al.
Around the time LifeLock was founded, so were its early competitors, ID Watchdog and Trusted ID. LifeLock became the best-known over the years thanks to its heavy TV and radio advertising and celebrity endorsements.
This was especially true following its 2007 nationally syndicated commercial in which the co-founder Todd Davis revealed his own social security number as supposed proof of how confident he was in his company’s identity protection services. However, the entire ad campaign backfired when the media revealed that Davis in fact became a victim of identity theft as many as 13 times since the commercial first aired.
LifeLock was also caught up in controversy when credit bureau Experian sued the company claiming they placed false red flag alerts to make its customers feel they were paying for a valuable service. A few years later, in 2012, LifeLock was fined $12 million by the FTC for false advertising that claimed a 100% guarantee on its identity theft protection. The FTC Chairman famously said, “the protection they provided left such a large hole … that you could drive that truck through it.”
2005 – FTC Fines FreeFreditReport.Com
You should’ve seen it coming at you like an atom bomb, but it took the FTC to once again step in and crack down on Experian.
The bureau was trying to make money off the fears of identity theft by offering its own (sneaky) form of protection through credit report monitoring. However, it’s misleading and annoyingly catchy jingles and URL “FreeCreditReport.Com” made consumers think they were simply accessing their legally mandated free report. Instead, Experian pulled a bait and switch and consumers later realized they were being billed monthly for this “monitoring” service.
You know what they say: if it’s too good to be true, it probably is. (Although you can still get a legit free report at the FTC-mandated AnnualCreditReport.com.)
2009 – Credit CARD Act of 2009
To prevent future problems with the “free credit score” bait-and-switch, the U.S. Congress passed a law that, in part, required identity protection advertisements to disclaim “This is not the free credit report provided for by Federal law.”
This was the only real provision aimed at restricting identity theft protection services; the rest of the law deals with the extension of credit, bill due dates, and marketing of credit cards to people 21 and under.
2009 – FTC Parodies the Infamous Jingle
In a humorous turn of events, the FTC released YouTube videos aimed at educating consumers about the true cost of misleadingly advertised “free credit reports.” The set style and band bring back fond, if not irritating, memories, don’t they?
2013 – BillGuard
When it was first founded in 2010, BillGuard was not too distinct from other similar identity protection companies. However, its release of mobile apps in 2013 (iOS) and 2014 (Android) was a significant moment in the history of these kinds of financial services. Both its browser and mobile programs scan bank accounts directly rather than credit reports to help catch fraud sooner. BillGuard was soon after named “one of the top online banking innovations of all time” by Online Banking Report.
Identity Theft Protection Today—Is it Necessary?
Believe it or not, the need for protection services today is debatable. Many critics argue that the “insurance” of tens of thousands or even a million dollars is not worth the monthly cost of the monitoring since consumers are not held liable for fraudulent charges anyway. Additionally, many banks already offer free or low-cost services that would make third party companies expensively redundant. In fact, in 2013 Consumer Reports wrote that there is truly no need for paid identity theft protection.
With these strong criticisms, identity theft protection companies are likely to double down on advertising in an effort to show their value to the average consumer.