When you hear about identity theft, you probably think of the person who has to spend many months trying to clear up his credit report. But the ramifications of identity theft go much further than that individual. They cost businesses and banks billions each year – not just in merchandise that will never be paid for, but also in lost trust and bad publicity.
In 2004, Patrick L. Meehan, the U.S. Attorney for Eastern Pennsylvania, filed an indictment charging Harold J. McCoy, Danielle Baker and Karynn R. Long with a variety of federal charges dealing with an identity fraud scheme that stole the personal information of blood donors. The defendants used the information to obtain credit for purchases of merchandise, cash counterfeit checks and obtain bank loans.
According to the indictment, the defendants engaged in this scheme throughout the eastern United States from approximately August 2002 to April 2003. At the direction of McCoy, Baker, an employee of the American Red Cross, stole names, dates of birth, social security numbers, addresses, telephone numbers, places of employment and other information from the computer records of the Red Cross blood drives.
McCoy and his cohorts targeted the victims based on their jobs with companies that paid high salaries, which made it easier to obtain credit. With the personal information from 40 victims, they went on to fraudulently obtain $268,000 in cash and merchandise in more than 170 illegal transactions.
“You had people literally giving something of themselves to help others only to learn later that they wound up giving more than they imagined,” Meehan said. “This was a case in which people paid a price for their compassion. These defendants were responsible for a crisis from which the individual victims and the Red Cross are still trying to recover.”
This fraud case had a significant impact on the Red Cross, as many companies refused to participate in future blood drives. The Red Cross has estimated its loss from this fraud to be at least $455,000, as it had to purchase blood from other parts of the country to make up for the lost donations.
The indictment also noted that the financial loss to retail establishments, credit card companies and banks in this case was approximately $268,762.
The Red Cross defendants received prison sentences ranging from 18 months to 162 months.
I thought the Red Cross identity fraud case clearly illustrates the wide ranging effects of this crime. I contacted Richard Goldberg, an assistant U.S. Attorney and the chief of the Financial Institution Fraud & Identity Theft Section, for the U.S. Attorney’s Office, Eastern District, Pennsylvania, and asked him how business people were hurt by identity fraud cases.
“Businesses are hurt by identity theft when customers trace the theft back to the business,” Goldberg said. “When they realize that a crime is being committed at a certain location, they don’t want to take their business there anymore.”
“A good business – big and small – has to recognize that as much care as they take to safeguard their proceeds, whether cash, checks or money wired into their accounts, they have to take equal care to safeguard the information they have in their files and computers. It is just as valuable,” Goldberg explained.
Goldberg said that you must have physical security so that someone can’t just go in and walk out with a computer that holds all of your customer information. You also have to screen your employees. Many employees realize that information is worth a lot of money.
“Social engineering is much easier than hacking into a system,” Goldberg said. “To do a hacking job, you have to be experienced with computers and know to get information from the computer you’ve hacked, but to corrupt one of your employees is a low-tech technique.”
Goldberg said that in the Red Cross case, McCoy managed to corrupt an employee at Red Cross that had access to donor information.
There are two types of identity thieves, Goldberg explained. One is the homegrown variety where a relative is scamming another relative – children taking their parent’s or brother’s ID information.
The other type is the real criminal who is generally part of a highly professional organization. Goldberg said that these organizations have the tasks of individual members broken down. No one knows in particular who they are dealing with.
“Identity theft causes billions of dollars in losses to businesses each year,” Goldberg said. “Business people should be seriously concerned about identity theft.”
The U.S. Attorney’s office recommends that businesses can prevent identity theft and reduce the harm it causes by taking the following steps:
- Screen employees carefully and repeat the process frequently.
- Limit which employees have access to sensitive information about clients and customers.
- Create an audit trail so that you can locate the source of the leak if identity thefts occur.
- If an identity theft occurs, contact law enforcement immediately. They can help you investigate and determine how the information was stolen. By taking this step, you might be able to limit your liability in a future law suit.