Last Updated 5/20/2020
Issue: Identity theft occurs when someone obtains and uses your personal information fraudulently, oftentimes for financial gain. Most people think of credit reports, credit cards, and bank accounts when they hear the words "identity theft." This type of identity theft is financial identity theft; however, many more types of identity theft exist. Other types of identity theft include medical identity theft; insurance identity theft; driver's license identity theft; criminal identity theft; social security identity theft; synthetic identity theft; and child identity theft.1
Overview: The World Privacy Forum states medical identity theft occurs when someone uses a person's name, as well as another piece of their identity, without the person's knowledge or consent to obtain medical services or goods. This type of identity theft causes the placement of incorrect or fictitious information into existing medical records. Medical identity theft is one of the most difficult types of identity theft to repair once it occurs.
Insurance identity theft, like financial and medical identity theft, can affect your medical care. Most people are in need of healthcare; however, if someone is unable to obtain healthcare insurance they may go to the lengths of stealing someone's insurance identity in order to get medical services. If the victim is unaware that someone is using their health insurance, they are susceptible to fraudulent claims against a legitimate policy. The policy may reach its maximum payout, therefore causing cancellation of the policy. The victim may also have problems obtaining health insurance from another carrier.2
Driver's license identity theft is possibly the easiest form of identity theft to commit. If someone steals your purse or wallet, your driver's license can easily be sold to someone who looks like you. Once a person has your driver's license it is easy to obtain other forms of identification in your name.3 Similarly, criminal identity theft occurs when a criminal steals your identity in order to commit a crime, enter a country, get special permits, hide one's own identity, or commit acts of terrorism. It is difficult to resolve criminal identity theft, because it now looks like you are the criminal.4
A social security number is the most important piece of information a bank needs when extending credit or opening an account. Additionally, social security numbers are used to obtain medical care, file a fraudulent tax return, commit crimes, or steal your social security benefits. Many people do not want to pay taxes or child support; therefore, they may steal a social security number to avoid paying these debts. This type of identity theft is also difficult to resolve.5
Child identity theft occurs when someone steals the identity of a child, as it is unlikely that a child will look at his or her credit for several years. Unfortunately, many times a friend or family member commits this type of identity theft, which may mean the parent does not want to press charges.6
Finally, one of the newest types of identity theft is synthetic identity theft. This occurs when pieces of information is taken from many victims and combined to form a new identity.7
Identity theft remains on the rise, as the number of attacks have increased. In 2017, there were 16.7 million victims of identify fraud, a new record high replacing the previous year's record. The most popular types of identify theft in 2018 included the unauthorized opening of new credit card accounts; online shopping and payment account fraud; email and social media fraud; medical services, insurance and securities account fraud; and other identity theft. It is important to be aware of where identity theft stems from – types of schemes that criminals use.
Identity Theft Methods: Identity criminals can get access to your personal information using a variety of technological or non-technological methods. Technological methods are those that use technology, such as the internet, email, text messaging, phone calls, etc. Some common types of technological methods are:
Phishing: This is one of the most common methods criminals use to trick you into plugging in your personal information on a different platform where the attacker then obtains information. These attacks can happen through emails, text messages, etc. The most common form of phishing, is called pharming. Pharming is an attack where the criminal tampers with a website host file, and then provides you with a link to a fake website. The trick is that the fake website is made to look as if it were a real and trustworthy website, making the victim more apt to provide their personal information.
Man-in-the-Middle Attack: This method involves the interception of communication between two parties. This can happen when making an online search for the URL address of a company. When clicking on this type of link, the website of this "company" will then direct you to a different URL address. For example, when logging into your online bank account, you will be directed to a fake website mirroring the real site. Once your bank account and any other personal data are successfully put into the website, this information is then re-directed to the criminal.
Skimming: Skimming is a criminal act where information can be obtained, with just the swipe of a debit/credit card. The first way this is possible is when your card is swiped on an altered electronic card reader, all the information on the card can be sent another electronic storage device in which only the criminal can see. The main objective of this act is to obtain the victim's debit/credit card information to further copy their card, and use it for their own purchases. Other ways skimming happens can be through a recording device at an ATM machine, or even a salesman that swipe your card on his or her personal digital card reader.
Non-technological methods include:
Dumpster Diving: Dumpster diving is an act where the criminal obtains personal information by simply sifting through another person's garbage which often contains utility bills, bank statements, medical insurance and other correspondence with confidential information.
Mail Theft: This is simply an act where the criminal goes through different people's mailboxes to try and snatch anything they can use to steal your identity. An identity theft criminal sometimes goes the extra step to even re-route your mail without you ever knowing.
Shoulder Surfing: Lastly, shoulder surfing can occur at any time when plugging in a pin number, or secret code. The criminal will proceed to get closer to you, as he tries to read your secret code over your shoulder without you knowing. This can also happen through the lens of a secret camera set up by the identity thief.
Status: The NAIC and state insurance regulators are increasing efforts to tackle identify theft issues. The now disbanded Cybersecurity (EX) Working Group, Property and Casualty Insurance (C) Committee and the Financial Condition (E) Committee collaborated to develop the Cybersecurity and Identity Theft Insurance Coverage Supplement for insurer financial statements to gather financial performance information about insurers writing cyber-liability coverage nationwide.
If you are a victim of identity theft, please visit https://www.identitytheft.gov/and follow the steps provided.
Consumer Sentinel Network Data Book 2018 (Federal Trade Commission, February 2019)
CIPR Event Examines Cyber Liability Risk and Issues Facing the Insurance Industry
July 2014, CIPR Newsletter
Protecting Your Student's Future
Media queries should be directed to the NAIC Communications Division at 816-783-8909 or firstname.lastname@example.org.