With the enactment this summer of the Identity Theft Penalty Enhancement Act, criminals who steal identities to commit crimes face stiffer penalties than before - especially in connection with terrorist activity and violations of the Gramm-Leach-Bliley Act. The Act, however, has met a lukewarm reception among some analysts.
Judith Collins, a professor at the School of Criminal Justice at Michigan State University (MSU, Lansing) and a consultant to Citibank on its theft victim assistance service, says that more steps are required to put a significant dent in the problem. First, the number of jurisdictions involved with identity theft increases the complexity of prosecuting an offender. "We do need some federal legislation with respect to resolving the jurisdictional complications," Collins says. Furthermore, local law enforcement lacks the staffing, facilities and budgets to catch, prosecute and convict identity thieves, she adds. It's a costly crime to prosecute, especially considering widespread budget cuts, shortfalls in state revenues and new executive priorities. "We need to reallocate some of the resources that were given to the FBI with the establishment of Homeland Security," Collins asserts.
Police departments have felt the brunt of the lack of funding since 9/11. "They don't have money for the equipment to investigate identity theft," Collins relates. "The criminals have better equipment than law enforcement does."
The deterrent provided by the Act could be beneficial to insurance companies and banks, which are often the means through which perpetrators effectuate ID theft. But the practical issue for insurance companies with regard to identity theft resides in avoiding civil liability, advises Brian Casey, a partner in Atlanta-based law firm Lord, Bissell & Brook. Carriers can be sued on a negligence theory that argues, "You, my insurance company, were negligent and, because of that negligence, allowed my identity to be stolen," Casey explains.
Insurers must implement "common-sense" measures to prevent easy access to information for criminals, such as through the transparent window on a mailed envelope or inadequate protocols for online transactions, Casey remarks. "The insurance company also should have proper and adequate systems to show some level of detection if someone has a customer's insurance data and accesses the company's Web site," he adds.
Portions of this article, which includes contributions from Ivan Schneider and Anthony O'Donnell, were previously published in Bank Systems & Technology, a sibling publication of Insurance & Technology.
Law Adds Penalty For ID Crooks
The Identity Theft Penalty Enhancement Act spells out the sentencing requirements for criminals who commit felonies using stolen identities. For the crime of "aggravated identity theft," the act mandates an additional two years without parole. A range of felony offenses triggers the automatic two-year penalty enhancement, including:
- Stealing public money or stealing from an employee benefit plan.
- Embezzlement by a bank officer.
- Using false documents to obtain or misrepresent citizenship, or to gain a passport.
- Using false documents to acquire a firearm.
- Obtaining customer information under false pretenses.
- Ignoring a deportation order with a counterfeit ID, or other immigration-related offenses.
- Federal benefits fraud, such as falsely claiming Social Security payments.
For identity theft related to acts of terrorism, the penalty now includes an additional five years' imprisonment.