Identity Fraud: The Art of Deception

 December 17th, 2011 by John.Lyons

Business is painfully aware of the impact of identity theft; personal identifiers and identification falling into the wrong  hands. It creates all kinds of problems.

Much is said and written about it. Consumers will continue to demand higher standards of diligence in protecting their personal information and accounts. Where business is beginning to feel the pressure, government is fortunate that taxpayers aren’t associating with the indirect costs and the threats posed to them from a whole range of identification-based crimes stemming from identity theft. These crimes include a range of frauds, obstruct justice, money laundering, stock market manipulation, trafficking in drugs or human beings and at the most extreme, terrorists evading detection in sleeper cells to mention a few.

Less is said and written about identity fraud: the physical act of using someone’s personal identifiers or stolen identification to deceive an identification handler. The reward is cash, products, benefits, privileges or services..

In an earlier post technology was introduced that does a good job of detecting forged identification. As stated, this is not helpful if the genuine document is issued to the wrong person. It is not helpful if genuine identification falls into the wrong hands from a theft or when it is loaned out to someone else.

The reason there is so much identity fraud: it is too easy to pull the wool over the eyes of those who depend on ID’s to establish if someone is who they say they are. Knowing the frequency with which personal identifiers fall into the wrong hands and the number of ID’s erroneously issued, you are no longer surprised to learn that obtaining legitimate or forged ID is not the true art in identity fraud. The true art is not arousing suspicion while presenting stolen or forged ID.

Anyone relying on identification must consider three questions:

  1. Is the identification document genuine and unaltered?
  2. If it is genuine, is this the person it was issued to? and
  3. The most difficult, did the issuing agency get it right in the first place?

It makes sense to bring resources to bear on the deception. Deception is most readily identifiable at the moment of transference, when the would-be offender is face to face with a knowledgeable, experienced identification handler. The ID handler needs skills for gathering information and reporting their concerns in an environment that keeps them safe. The must learn to trust their instincts when they sense something about a person or their story isn’t making sense.

If we don’t figure out how to do this, we should not expect any appreciable reduction in identity theft and identity fraud in the foreseeable future.

Posted in Uncategorized | Comments (0) | RSS

Much to be learned from Diana Dean’s Story

 December 4th, 2011 by John.Lyons

Corporations affected by the Red Flags Rules are required to have an Identity Theft Prevention Program. This includes training for   front-line service staff on tell-tale signs of identity fraud. These tell-tale signs are learned from past identity fraud events.

We have something more to learn from the story of Diana Dean. On December 19th, 1999, United States  Immigration Inspector Dean is screening  ferry passengers disembarking the  M/V Coho at Port Angeles, W.A. The ferry arrives from Victoria, British Columbia. Insp. Dean feels “hinky” about Ahmed Ressam. His reason and route for entering the United States isn’t making sense to her. She refers Ressam to secondary. Explosives and detonator timers are recovered from the trunk of his vehicle. The rest of the story is well know: Ressam’s destination is Los Angeles International Airport.

If you can put up with advertising at the start of MSNBC news clips to hear Insp. Dean’s story, there is something more than red flags at work here. At the time according to the politicians, the Clinton administration is on high alert for terrorism. Dean received no instructions to be on the look-out for terrorists. She  does her job; acting on her instincts  completely unaware of the administration’s concern.

New science explodes with discoveries on human implicit (unconscious) judgment and decision making. We lay persons refer to this as “gut instinct” or “6th sense”. New science tells us it’s real. This makes sense.  Making quick, sound decisions on the fly means not becoming some carnivore’s lunch. We need to learn how to exploit this gift in countering identity fraud.

Science is well decided that humans take in far more  information through the senses than is consciously processed. Otherwise, we would be overwhelmed. Information excess not immediately required to function is encoded unconsciously, aided my the brain’s emotional center housed in the limbic system.

The role of the limbic system (the Paleomammalian brain) at the center of emotional life is the subject of literature on Emotional Intelligence. The role played by emotional intelligence in developing sound implicit (unconscious) judgment and decision is less defined. Research by educators to improve human  judgment and decision making is an exciting field moving forward.

Posted in Uncategorized | Comments (0) | RSS

OCR Technology is good…but is it the panacea?

 December 1st, 2011 by John.Lyons

Optical Character Recognition (ORC) technology has been around for a long time. OCR technology is used to scan handwritten, typewritten and printed text into machine-encoded text. It has advanced to other uses including screening travel documents and other forms of identification.

The International Civil Aviation Organization (ICAO) explored different approaches for machine readable travel documents as far back as 1969. In 1980, ICAO published the first edition of Document 9303: A Passport with Machine Readable Capability. The technology has evolved. Not only passports, but driver’s licences and other government issued ID with machine readable security features can be programmed and read by these readers. It significantly reduces the threat posed by forged (fake) identification documents.

No mess, no fuss, the ultimate solution to countering identity fraud. Right? Well, not quite.

What if the identification is issued to the wrong person?

This is the case with Amed Ressam, coined the “millennium bomber”. Ressam fraudulently obtained a Canadian passport in the name of Benni Antoine Noris. Despite this, alert immigration officials at Port Angeles, Washington “feel” something isn’t quite right about Ressam’s story. A search of the trunk of his vehicle turns up explosives. It is ultimately determined that he intends to detonate the explosives at the Los Angeles International Airport.

What happens if stolen identification is now in the wrong hands?

Let’s go a step farther. Let’s say it’s photo identification. Science tells us humans are pretty good three dimensionally: identifying people we met previously, even years later. However, we are not very good at identifying a person from a two dimensional photograph. This is an even bigger problem when the bearer of the identification is from a different race, unless we have been exposed to this race from very early in life.

OCR technology resolves problems with altered or forged (fake) ID, as long as they are machine readable. But don’t limit thinking to countering forged ID. OCR technology saves data processing time by populating data bases with information directly from the reader. It improves quality assurance by eliminating data transposition errors. This provides business with savings and efficiencies to focus counter-fraud efforts on deception.

 

 

Posted in Uncategorized | Comments (0) | RSS

Identity Theft is One Thing, Countering Identity Fraud Quite Another

 November 26th, 2011 by John.Lyons

 

“Identity theft”  emerged from intense consumer lobby in the early 1990′s. Consumers demanded government do something about the criminal abuse of their personal identifiers to:

  1. steal from their bank accounts
  2. obtain credit based upon their hard earned credit rating, and
  3. use their credit cards and credit card information to steal from merchants and service vendors

Why is there so much identity theft. The simple answer… it is so easy to do. Obtain consumers’ personal identifiers and financial information and use it to commit crimes against business with quick gains at minimum effort.

There are a number of websites and blogs on identity theft. My personal favorite is the ITAC Blog.

Information on a vast array of other identification-based crimes is not so easy to access, or to understand. The information ranges from dead beat dads concealing themselves to avoid their financial obligations, to drug trafficking, money laundering, stock market manipulation, trafficking in human beings and at the extreme end of the risk scale, the concern for terrorists concealed in sleeper cells awaiting a call to action with weapons of mass destruction.

The last post concerned federal government efforts to elevate the driver’s license to a national ID.   Concomitantly,  Congress passed  The Identity Theft Assumption  and Deterrence Act . The ITADA amends Chapter 27 of tile 18 of the United Stated Code relating to fraud and other purposes. The changes make it illegal to retain personal information for an unlawful purpose and provides federal agency authority to join in the fight on crimes originally limited to State jurisdiction.

Federal efforts do not stop here. Amendments to the Fair and Accurate Credit Transaction Act of 2003 impose stiffer federal regulation on business managing covered accounts and offering credit. Many in financial services and other commercial sectors must increase diligence in screening clients and customers. It has become known as the “Red Flags Rules”.

This imposes an extraordinary challenge to business, balancing increased diligence with costs and delivery of customer-centered services. No customer or client appreciates increased bureaucracy, whether a public company or government. No customer or client likes to stand in line while diligence is being exercised.

 

Posted in Thinking About the Problem | Comments (0) | RSS

What Happens Below the Waterline is Important

 October 13th, 2011 by John.Lyons

REAL ID of 2003 is a federal act intended to upgrade state-issued driver’s licenses to a de-facto national ID. REAL ID requires States generate a standard, across-the-board look for driver’s licenses and upgrade the security features. It imposes higher standards of verification in exchanging out-of-state driver’s licenses. The inter-state verification process is resisted by State issuers because of the initial expense and human resource time to maintain it.

Tennessee recently announced an “improved” driver’s licenses and ID card. The Tennessee Department of Safety and Homeland Security Commissioner states, “A top priority of the Department of Safety and Homeland Security is safeguarding the identity of Tennessee citizens to prevent identity theft and document fraud.”

The question not asked: Is this initiative by itself effective in reducing the risks posed by identification falling into the wrong hands?

What about corruption? What about identity fraud -someone fraudulently obtaining a driver’s license in some other legitimate person’s name?

We know the answer to the corruption question. In March 2011 a Chattanooga grand jury returned a two count indictment against a State of Tennessee Department of Motor Vehicles employee for conspiring to unlawfully issue driver’s licenses.

The next question is whether this incident in Chattanooga is an isolated event?

A quick check of the Internet is not encouraging:

  • Police arrest at least seven employees at the state license bureau in Delray Beach. They accepted bribes in exchange for putting drivers licenses in the hands of more than 1,500 persons who shouldn’t have them
  • A Texas Department of Public Safety employee is arrested in Houston as the result of an undercover sting operation for taking bribes and issuing driver’s licenses.
  • A former Concord, New Hampshire Department of Motor Vehicles employee plead guilty to taking bribes.This employee is alleged to have exchanged up to 70 driver’s licenses for $500, without asking for proper documentation
  • A former Stevens Point, Wisconsin DMV employee is indicted for erroneously issuing driver’s licenses to about 70 people.  The employee allegedly accepted bribes in exchange for inputting false information into the DMV’s computer system
Maybe spending hundreds of millions of dollars on driver’s licenses to improve their physical security is a step in the right direction. I’m not certain of this. But I am certain it doesn’t matter if the driver’s license is more physically secure, or an inter-state verification process is in place, without mitigating the risk that at some level driver’s licenses will their way into the  wrong hands.

Posted in Thinking About the Problem | Comments (0) | RSS

Welcome to the Identification Handlers’ Blog

 October 5th, 2011 by John.Lyons

Welcome to the Identification Handlers’ blog hosted by the ATRiM Group.

If you rely on identification to establish if people are who they say they are this blog is for you.

Government response to stolen personal identifiers, fraudulently acquired, stolen and forged ID is to pass new laws and regulations. There has been vocal and passive resistance ranging from State issuers of drivers licenses to affected businesses and organizations forced to implement the Red Flags Rules. Dialogue  can bring about change. Passive resistance kills any hope to take on identity theft and identity fraud.

Behind-the-scenes attempts to mitigate the risks from identity fraud rarely match the effectiveness of experienced, engaged  identification handlers with the skills to recognize and act on tell tale signs of deception while face to face with would-be offenders.

Deception is at the heart of all identification-based crimes. Getting better at recognizing deception is the focus of ATRiM Group research, our training and development programs, the working groups we facilitate and this blog.

We will post anyone who wants to contribute. There are some exceptions: posts with off-topic or offensive language; anything disrespectful of the contributions of others; anything that is interpreted to be self-promoting and slurs of any kind. Beyond this ideas and comments are welcome.

Posted in Uncategorized | Comments (0) | RSS