Feature Article
Mark Pribish
Identity Theft versus Identity Fraud
By Mark Pribish
Vice President and ID Theft Practice Leader

Since 2005, I have written numerous articles about identity theft and information security with the purpose of educating individual consumers about consumer risk management and businesses about information security and data breach risk management.

During that time, I have talked to numerous family members, friends, businesses, and professional organizations and one very common misconception continues to surprise me, especially with all the recent headlines in the news about identity theft and data breach events - and that is how most individual consumers and business executives believe identity fraud and identity theft mean the same thing when in fact they are completely different.

Identity fraud is usually limited to one or more attempts of fraudulently using another individual's credit/debit card, checking/savings account, driver's license, health insurance information, etc. to steal money from an existing account or member benefit.

In the case of identity theft, an identity thief typically uses stolen Personally Identifiable Information (PII) which refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.

This means that fraudulent use of a Social Security Number or a bank account number can be used to open one or more accounts to initiate fraudulent transactions in another person's name. When this happens, an identity thief may cause financial loss or a negative credit rating to unsuspecting individual consumers or even a small business.

That said, identity theft is more complicated and is usually a bigger issue than identity fraud. If fraudulent transactions occur on an individual's account, it does not necessarily mean an individual's identity was stolen. In fact, identity fraud is usually an isolated incident (or can include multiple incidents) of fraud related to a single credit, debit, checking, or savings account, etc. - where the fraudulent transaction(s) by an identity thief can be quickly resolved by the fraud and security division of a bank, credit card or health insurance company.

So how does identity theft and identity fraud happen? Most of the individual consumers and business executives that I speak to believe identity theft and identity fraud are related to information technology (IT) and hacking.

However, while the identity theft and data breach news headlines would lead most people to believe IT, hacking, and other online methods (phishing, spyware, and trojans, etc.) are the primary source of these identity theft and data breach events - the real source is the insider threat including current/former employees, current/former vendors, and even current/former customers - who take advantage of gaps in information security where the majority of identity theft and identity fraud occurs offline. And while the insider threat may be using IT, hacking and other online methods as a tool - the source behind these ID Theft and data breach events typically include social engineering which is a polite term for the human element or people.

Now that you know the difference between identity theft and identity fraud, how can you protect you and your family? First, you need to learn how to safeguard yourself and your accounts (as well as your family members and their accounts) by participating in an ID Theft self-assessment quiz along with additional education including fraud prevention tips.

You can find these types of consumer ID Theft self-assessment tools and fraud prevention education resources at many websites such as your financial institution, health insurer, and employer - along with an ID Theft Service provider like Merchants Information Solutions, Inc. (http://www.idtheftedu.com).

Finally, you can also go to the following federal government websites for more information on identity theft and identity fraud:


Scam Central

Scamming Trends

Identity thieves and identity fraudsters locate and steal money from potential victims by using the US postal service, phone calls, faxes, and online methods (chat rooms, phishing, malware, spyware, trojans, etc.). When the identity thieves and identity fraudsters contact potential victims, they use proven techniques with targeted audiences (e.g. senior citizens and teenagers) with various scenarios to defraud them.

Job scams: Unsuspecting individuals accept a job in which the are compensated (this is known as being used as a mule) to facilitate money transfers through the individual's account or apply for a job that asks the individual to set up a new bank account. Job scammers use reputable online job boards to offer work-at-home jobs or accounting positions. These job scams may require unsuspecting employees to receive money into their existing bank account (or open new accounts) and then transfer the money to another account, often overseas. As payment, individual job seekers are able to keep a small fee for their services.

Lottery or sweepstakes scams: an individual receives a communication that they are the winner of a lottery that they did not enter, but must pay a small percentage of fake taxes or other fees before they can receive the rest of the prize.

Dating scams: unsuspecting individuals (usually senior citizens and teenagers) are asked to send money to a new online companion (e.g. money for a doctors bill, some type of emergency, etc.)

Internet scams: an individual receives a check for something they sold over the internet, but the amount of the check is more than the selling price. Individuals are instructed to deposit the check (another example of a mule), but to send back the difference in cash.