Catching identity thieves requires solid cooperation and hard-hitting procedures among fraud examiners, auditors, law enforcement, postal inspectors, the courts, banks, credit card companies, business owners, government, and many others.

In August, 1993, a young woman, “Marge,” working for the City of Dallas, was arrested by Dallas County constables and charged with at least 12 counts of theft by writing insufficient funds checks. Marge swore she didn’t write the checks and provided handwriting samples that were markedly different than the handwriting on the checks. Suspecting stolen mail, the constable’s office called the U.S. postal inspectors. An investigation revealed another young woman, “Peggy,” stole Marge’s Texas Work Force Commission file from a prospective employer who was considering hiring both women. We found that Peggy had opened 12 credit card accounts and personal and business checking accounts in Dallas and Houston, and obtained a post office box, birth certificate, Texas Department of Public Safety identification card and an assumed name business certificate in Marge’s name. Peggy was finally identified while purchasing a diamond ring using instant credit in Marge’s name. The sales associate recognized Peggy as a former high school classmate.

After she was arrested, Peggy confessed and said she learned how to commit identity theft from her college roommate. Because she pleaded guilty to credit card abuse and forgery as a first-time offender, Peggy received 10 years’ probation. A year later, Marge was still trying to clean up her credit and avoid bad check arrests.

Identity theft is committed by con artists, drug addicts, trusted fiduciaries, disgruntled employees, and spiteful ex-spouses. It’s an easy crime to commit, especially with a computer. Identity theft encompasses other offenses such as forgery, fraudulent credit card and loan applications, fraudulent bank accounts, and counterfeiting of identification and financial documents.

Though identity theft is becoming a major problem in the United States, the crime is growing throughout the world. (See sidebar on page 31.) Fraud examiners of all stripes should study the newest schemes and the latest methods to nab the thieves.

So Many Ways to Steal Info

Identity thieves find personal information in a number of ways. The most common methods are vehicle break-ins, purse and wallet thefts, mail theft, and dumpster diving. Some look up names and addresses from residential phone directories for affluent communities. In one of my cases the offender had more than 250 discarded hotel registration cards from the hotel’s dumpster. Each registration card had at least a name, home address, driver’s license number, and telephone number.

Mail thieves target either incoming credit cards or boxes of new checks, or outgoing bill payments for credit card accounts. Those outgoing letters will usually yield a credit card account number and a check bearing personal identification information. Using that information, the thieves can then query subscription databases such as Choice Point® or PublicData.com® to obtain the additional information they need. For example, using a Web site called anybirthday.com®, I was able to plug in a name and zip code and came up with a complete birth date and address. While locator services such as ChoicePoint® and PublicData.com® take great care to screen their subscribers, crooks will use legitimate information as a “front” when they subscribe and pay for the services. Identity thieves also can get valuable information from obituaries such as the city where the deceased resided, his or her year of birth, occupation, and mother’s maiden name. Again, using this information to query a subscription database will likely yield enough information to apply for fraudulent credit. Some thieves get information from dishonest employees at banks, car dealers, and other companies who have access to credit information. Whatever information identity thieves can’t get, they’ll just make up, such as business phone numbers, salaries, etc.

Most people discover they’re victims of identity theft when they receive a bill for something they didn’t order or get a verification call from a credit card issuer. The identity theft victim should first make a police report to get the complaint on record and “in the system.” The victim should also request a credit bureau report and examine it very carefully, especially the last section showing businesses making credit inquiries on the individual. If there’s an inquirer listed whom the victim doesn’t recognize, that inquirer should be immediately contacted. It’s a lot easier to have the victim make the credit bureau requests and avoid having to subpoena the records. In fact, all three major credit bureaus – Equifax, Experian, and TransUnion – should be queried, because one bureau may have different information than the others.

The Examination Begins

Early in the examination, it’s imperative that the fraud examiner obtain a fraud/forgery affidavit from the victim. Basically the affidavit should state that the victim had no knowledge of the application, didn’t execute the application and didn’t give anyone permission to apply for anything or receive, possess, or negotiate anything in the fraudster’s behalf. In the case of non-receipt of credit cards or checks, the affidavit should also state that the victim was expecting a delivery and didn’t receive it.

The fraud examiner must obtain the originals or best copies of anything that might have been handled by the identity thief, including checks, account applications, sales drafts, and delivery receipts. If the originals are scanned into a database or micro-filmed and destroyed, then obtain the next best evidence. It’s not unusual for a bank or credit card issuer to report a fraud, and then destroy the originals, leaving only information in a database.

The fraud examiner should ask the bank or credit issuer:

1. When was the account opened? How was it opened?
2. What type of account is it?
3. What was used as identification or as references?
4. Who handled the opening of the account?
5. How much is the fraud loss?
6. Are there any additional card users or account signers designated?
7. What personal information was given such as an address, employer, etc.?
8. What address was used?
9. What phone numbers were used?
10. What business name was used?
11. Where were the checks, credit cards, or merchandise sent?
12. Where were charges made?
13. Where was money withdrawn?
14. Are surveillance videos or photos available?
15. Did the victim complete a fraud or forgery affidavit?
16. Who is the person to contact for further information?

If wire transfers were involved, get copies of the sending and receiving reports. If a Currency Transaction Report (CTR) or Suspicious Activity Report (SAR) was completed, ask for a copy of it. If the bank reports the crime, or the bank itself is the victim, then the Right to Financial Privacy Act restrictions on release of information don’t apply.

If you’re contemplating a U.S. federal bank fraud charge, obtain a certified copy of the bank’s Federal Deposit Insurance certificate, covering the inclusive dates of the scheme.

In cases of federal credit card prosecution, it’s necessary to get the credit limit also. The credit limit or the actual loss, whichever is greater, is used for federal prosecutive decisions. In cases where there are multiple applications for true name victims, organize these items of information into a spreadsheet to show patterns, common denominators, or repeat information. I used this tool successfully in a ghost payroller case. The spreadsheet showed the same eight Social Security numbers being used repeatedly.

Go through credit card account applications line by line. Look for fraud flags such as salary listed to the penny; vague employment descriptions; improbable addresses; addresses, area codes, or zip codes that don’t match; and sentence or word construction that might indicate an applicant from another country. Verify the Social Security or other identifying numbers through the Social Security Administration or an Internet database. Verify driver’s license numbers through a department of public safety or department of motor vehicles. Look for requests for additional cards or signers on the account especially if the names don’t match.

You may find suspect fingerprints, palm prints, and/or handwriting on forged checks; credit, loan, or account applications; signature cards; sales slips; invoices; and postal or private lock-box applications.

In credit card cases, obtain a statement showing dates, times, amounts, and locations of purchases. These statements might lead to additional witnesses, aid in calculating losses, show patterns of travel, and identify durable merchandise for later recovery. Don’t forget that stores and gas stations may also have surveillance videotapes. In retail stores, concentrate on larger, costlier items because sales clerks likely will remember them especially if a sizable commission was earned. Also valuable are automobile-related purchases such as tires or repairs, which can sometimes help identify a suspect vehicle and its owner. You may get really lucky and find purchases of personal services which help you identify the purchaser. In one of my cases, the fraudsters used the fraudulent credit card to pay veterinary bills for the suspect’s dog and the suspect’s hairpiece payments.

Next, get copies of police reports made by the victim. These should include the initial offense report and any supplementary reports by detectives, with copies or photos of evidence and statements from victims, witnesses, and suspects.

Finding Suspects

The victim or witnesses may know the suspect. The suspect may leave behind a check, photo ID, or some other document at a merchant or bank which may yield identifiable latent prints (using Automated Fingerprint Identification Systems) or provide some other leads to identification. You may identify suspects from license plate and car descriptions. Execution of narcotics search warrants and narcotics arrests often yield stolen mail, fraudulent credit cards, and identification. Responding police officers might catch a suspect in the act. Unrelated suspect interviews, tips from informants, or reports from suspicious citizens may point to probable suspects.

If you have addresses that fraudsters are using to receive fraudulent checks, credit cards, or merchandise, ask a local postal inspector for help in getting a mail cover on the addresses. (A mail cover is the authorized recording of the sender, addressee, and post mark information on an envelope.) Mail covers, subject to certain limitations, can help identify additional true name and financial institution victims as well as the suspect. Ask the postal inspector to verify the persons receiving mail at the address.

You can run the address through various Internet databases, but obviously you have to verify the information found. If the suspect’s address is a home, check property tax records to determine ownership. Ask any police officers assisting you to find out who pays the water bills at that address. Spot surveillance of the address may reveal vehicle tag numbers that can help identify the occupants.

If the address is a rental home or apartment, visit the landlord to find the name of the resident. Ask to see the lease application but realize the landlord may tip off the suspects.

Surveillance is labor intensive, and sometimes yields little results. However, if the suspect’s location is “high traffic,” periodic surveillance at various times may help identify accomplices. Take photographs of locations to help you identify them in detail if needed for search warrant applications. Keep in mind that drug dealing and identity theft go hand in hand, so the location also may be a crack house or “shooting gallery.”

A suspect’s curbside trash may contain rifled mail, spoiled counterfeit checks and IDs. At least in the United States, you may only inspect the trash if you find it by the public roadway where it’s normally placed for pick up. Wear good rubber gloves, safety glasses or goggles, and a paper face mask when you go through the trash.

If the address is a post office box, ask a postal inspector for help, or request the information from the postmaster in writing on official letterhead. If the address is a commercial mail receiving agency (CMRA) such as Pak ’N’ Mail® or Mail Boxes Etc®, the owner or manager of the CMRA may cooperate and give you the name of the person renting the private mail box. (A search warrant usually isn’t necessary.) In the United States, ask for a copy of the rental agreement and the PS Form 1583, “Application for Delivery of Mail Through an Agent.” Sometimes the CMRA will keep a photocopy of the customer’s driver’s licenses or other identification. The physical address given on the Form 1583 may be another CMRA and the ID numbers may be bogus. Again, contact a postal inspector for assistance.

One way to catch the thief is to arrange for an undercover postal inspector – posing as a letter carrier – or undercover officer – pretending to be a private courier – to deliver fraudulently ordered checks, credit cards or merchandise. The results of controlled deliveries can lead to probable cause for search warrants, or as the basis for a “knock and talk” operation. It’s surprising how suspects will make damaging admissions at this time and even give consent to search. Document the deliveries with pre-approved video and audio surveillance for evidentiary purposes and the safety of the undercover officer.

Tie Suspect to Offense

To prove the criminal case, you obviously have to tie the person to the offense. For identity theft-related crimes, like many other crimes, this can be done through:

• Eyewitness identification: Bank and store personnel might identify perpetrators through line-ups or photo spreads assuming you have identified the offender and gotten a photo.

• Multiple accomplice testimony: In an identity theft conspiracy or gang, determine the hierarchy or division of labor. For example, the people or runners who use the fraudulent checks or credit cards, or open the fraudulent bank accounts are probably going to be on the lowest rung of the ladder. These are the people who need to be identified first. Concentrate on the weakest links such as the least experienced or those with the most to lose. Then, like a drug investigation, work up the chain. The weakest links must be convinced that their roles, however slight they may feel they are, make them principals or conspirators to the case. Convince them that without cooperation, they’ll share in the blame and consequences.

• Confessions: Of course, a confession alone doesn’t make a case; corroborating evidence is always needed. And seldom do you catch an identity thief red-handed.

• Forensic evidence such as fingerprints, handwriting and recovery of computer evidence traceable to the suspect: In U.S. federal court, fingerprints and handwriting evidence tend to stand alone, but corroborating evidence is always needed. In some state or province courts, handwriting and fingerprints are considered opinion evidence and must be supported by witness testimony and other evidence.

• Development of informants and use of undercover officers or agents: There are two ways to accomplish this. The first is to have the undercover investigator accompany the cooperating individual and observe and record the unlawful transactions. The second is for the undercover investigator, through the informant, to actually join the ring and take part in its activities. This will require the approval of the prosecutor who has jurisdiction in the case. In either approach, take great care to adequately record each meeting and transaction with approved audio and video surveillance. If the informant or cooperating individual witnesses or participates in a transaction, then he or she can be called as a witness. Just as in a drug investigation, any evidence recovered, including surveillance tapes, should be safeguarded with the appropriate chain of custody.

• Execution of search warrants with recovery of fraudulent financial documents and computer evidence: If the suspect’s custody and control over the searched premises can be established, then he or she can be charged with anything incriminating lawfully found in the search. This is one of the more successful methods of identifying offenders and tying them to the crime. Some of the items to look for in the search are:

1. checks, credit cards, mail, and other documents in names other than the premise’s occupants;
2. items that tie the suspect to the premises such as rental agreements, photographs taken in the premises, utility bills, and other official correspondence addressed to the suspect at that address;
3. planners, notebooks, diaries, etc., for victim names, identification information, credit card numbers, toll-free numbers to verify balances with credit card companies, practice signatures of victims’ names, and records of available credit balances;
4. computer printouts of identification information especially those from Internet databases such as PublicData.com;
5. counterfeit checks, credit cards, and identification cards found “in progress,” especially discarded items and “practice” pieces;
6. Polaroid cameras and cropped full-face photographs with plain or colored back drops and the actual backdrops;
7. card die cutters and laminators;
8. magnetic stripe card readers, commonly called “wedges”;
9. state, province and other official seals cut from maps and brochures;
10. altered notary and business seals;
11. blank check stock, certificate, or other patterned paper;
12. colored pens and pencils, rubber cement, laminating sleeves, and cutting knives;
13. check-printing PC software such as Versa check® or Quicken®;
14. digital photography software such as Adobe Photoshop®, MGI PhotoSuite® or Microsoft Photo Editor®;
15. hard drives or diskettes, which may contain templates for checks and ID cards;
16. computer central processing unit, keyboard, printer, scanner, and any other peripherals (Secure the services of a computer forensic examiner to perform this duty. Many peripheral hardware items will have storage memories.);
17. digital cameras, disks, memory sticks and images;
18. check-washing equipment such as plastic jugs, bleach, acetone, brake fluid or rubbing alcohol;
19. cell phones, handheld computers, organizers, and pagers, all of which have electronic memories, and;
20. computer storage media such as diskettes, CD/ROMS, removable hard drives, tapes and other memory devices. (Crooks sometimes will hide CDs with incriminating information in commercial music CD plastic storage jackets. Keep this in mind when drafting an application for a search warrant.)

• Surveillance videos of known offenders: (You can also use these to link the offenders to the crime.)

• Past forgery and credit card abuse arrests by police officers: (With proper follow-up investigation, these can lead to identification of the identity theft suspects.) · 

Next issue: interviewing the identity theft suspect 

Peter J. Donnelly, CFE, is a deputy constable in Tarrant County, Texas. He is a retired U.S. postal inspector with more than 15 years experience in investigating identity theft and related crimes.