Last Updated 11/2/2023
Issue: Identity theft occurs when someone obtains and uses your personal information fraudulently, oftentimes for financial gain. Most people think of credit reports, credit cards, and bank accounts when they hear the words "identity theft." This type of identity theft is financial identity theft; however, many more types of identity theft exist. Other types of identity theft include medical identity theft; insurance identity theft; driver's license identity theft; criminal identity theft; social security identity theft; synthetic identity theft; and child identity theft.
Overview: The World Privacy Forum states medical identity theft occurs when someone uses a person's name, as well as another piece of their identity, without the person's knowledge or consent to obtain medical services or goods. This type of identity theft causes the placement of incorrect or fictitious information into existing medical records. Medical identity theft is one of the most difficult types of identity theft to repair once it occurs.
Insurance identity theft, like financial and medical identity theft, can affect your medical care. Most people are in need of healthcare; however, if someone is unable to obtain healthcare insurance they may go to the lengths of stealing someone's insurance identity in order to get medical services. If the victim is unaware that someone is using their health insurance, they are susceptible to fraudulent claims against a legitimate policy. The policy may reach its maximum payout, therefore causing cancellation of the policy. The victim may also have problems obtaining health insurance from another carrier.
Driver's license identity theft is possibly the easiest form of identity theft to commit. If someone steals your purse or wallet, your driver's license can easily be sold to someone who looks like you. Once a person has your driver's license it is easy to obtain other forms of identification in your name. Similarly, criminal identity theft occurs when a criminal steals your identity in order to commit a crime, enter a country, get special permits, hide one's own identity, or commit acts of terrorism. It is difficult to resolve criminal identity theft, because it now looks like you are the criminal.
A social security number is the most important piece of information a bank needs when extending credit or opening an account. Additionally, social security numbers are used to obtain medical care, file a fraudulent tax return, commit crimes, or steal your social security benefits. Many people do not want to pay taxes or child support; therefore, they may steal a social security number to avoid paying these debts. This type of identity theft is also difficult to resolve.
Child identity theft occurs when someone steals the identity of a child, as it is unlikely that a child will look at his or her credit for several years. Unfortunately, many times a friend or family member commits this type of identity theft, which may mean the parent does not want to press charges.
Finally, one of the newest types of identity theft is synthetic identity theft. This occurs when pieces of information is taken from many victims and combined to form a new identity.
Identity theft remains on the rise, as the number of attacks have increased. According to a report by the Consumer Sentinel Network, a combined total of over 5.1 million consumer reports were filed, including 2.4 million reports of fraud and 1.1 million reports of identity theft. The most common types of identify theft in 2022 included credit card fraud—new accounts; miscellaneous identity theft; bank fraud—new accounts; tax fraud and business/personal loan
The Coronavirus pandemic introduced a number of new identity theft-related scams. Equifax reported stolen federal stimulus payments as the top Covid-19 scam perpetrated by bad actors impersonating government agencies.
Identity Theft Methods: Identity criminals can get access to your personal information using a variety of technological or non-technological methods. Technological methods are those that use technology, such as the internet, email, text messaging, phone calls, etc. Some common types of technological methods are:
Phishing: This is one of the most common methods criminals use to trick you into plugging in your personal information on a different platform where the attacker then obtains information. These attacks can happen through emails, text messages, etc. The most common form of phishing, is called pharming. Pharming is an attack where the criminal tampers with a website host file, and then provides you with a link to a fake website. The trick is that the fake website is made to look as if it were a real and trustworthy website, making the victim more apt to provide their personal information.
Man-in-the-Middle Attack: This method involves the interception of communication between two parties. This can happen when making an online search for the URL address of a company. When clicking on this type of link, the website of this "company" will then direct you to a different URL address. For example, when logging into your online bank account, you will be directed to a fake website mirroring the real site. Once your bank account and any other personal data are successfully put into the website, this information is then re-directed to the criminal.
Skimming: Skimming is a criminal act where information can be obtained, with just the swipe of a debit/credit card. The first way this is possible is when your card is swiped on an altered electronic card reader, all the information on the card can be sent another electronic storage device in which only the criminal can see. The main objective of this act is to obtain the victim's debit/credit card information to further copy their card, and use it for their own purchases. Other ways skimming happens can be through a recording device at an ATM machine, or even a salesman that swipe your card on his or her personal digital card reader.
Non-technological methods include:
Dumpster Diving: Dumpster diving is an act where the criminal obtains personal information by simply sifting through another person's garbage which often contains utility bills, bank statements, medical insurance and other correspondence with confidential information.
Mail Theft: This is simply an act where the criminal goes through different people's mailboxes to try and snatch anything they can use to steal your identity. An identity theft criminal sometimes goes the extra step to even re-route your mail without you ever knowing.
Shoulder Surfing: Lastly, shoulder surfing can occur at any time when plugging in a pin number, or secret code. The criminal will proceed to get closer to you, as he tries to read your secret code over your shoulder without you knowing. This can also happen through the lens of a secret camera set up by the identity thief.
Status: The NAIC and state insurance regulators are increasing efforts to tackle identify theft issues. In 2015 the Cybersecurity (EX) Working Group, Property and Casualty Insurance (C) Committee and the Financial Condition (E) Committee collaborated to develop the Cybersecurity and Identity Theft Insurance Coverage Supplement for insurer financial statements to gather financial performance information about insurers writing cyber-liability coverage nationwide.
The Cybersecurity (H) Working Group is charged with monitoring cybersecurity trends related to the insurance industry and support state insurance departments in responding to insurance industry cybersecurity events.
If you are a victim of identity theft, please visit https://www.identitytheft.gov/and follow the steps provided.
Committees Related to This Topic
How to Stay Safe and Protect Yourself Against Identity Theft
November 2023, NAIC Consumer Insight
Media queries should be directed to the NAIC Communications Division at 816-783-8909 or firstname.lastname@example.org.