ID thieves discovering defenseless target - the dead

ID thieves discovering defenseless target - the dead

Summary: Nearly 800,000 deceased Americans each year have their identity stolen by thieves looking for financial or other gain, according to a new study.

SHARE:

Wisdom advises to be in heaven before the devil knows you're dead, but in today's world that's no place to hide from identity thieves.

The identities of nearly 2.5 million deceased Americans are used improperly each year, according to a study released Monday by ID Analytics.

Of those, the identities of 800,000 deceased Americans are intentionally targeted for misuse, such as to apply for credit or acquire cell phone service. The study found that more than 2,000 identities of dead Americans are used each day in a fraudulent way, mainly to apply for financial services.

The numbers also include inadvertent misuse, such as incorrectly entering a social security number or just making one up. Those mistakes show up on about 1.6 million applications for credit each year, according to the study.

In addition, several hundred thousand potential misuses of identities of gravely ill Americans occur each year.

"This is not a victimless crime," says Stephen Coggeshall, chief technology officer for ID Analytics. "There are victims directly and indirectly; alive and dead.  The survivors are left with a horrible problem. They are not only faced with the loss of a loved one but they have to clean-up these financial matters."

The study focused on applications filed through the mail, in-person and over the Internet.

"Most of the fraud occurs remotely - through the mail or over the Internet," said Coggeshall. "But people need to be cautious in all these channels."

The study compared the Social Security Administration's Death Master File (DMF) to names, dates of birth, and social security numbers on 100 million applications for credit cards, cell phones, retail and other financial services that were filtered through ID Analytics' ID Network during the first three months of 2011. The survey identified which applications used personally identifiable information (PII) associated with deceased individuals.

The DMF is a public document available under the Freedom of Information Act. Monthly and weekly updates are sold by the National Technical Information Service (NTIS) of the U.S. Department of Commerce for upwards of $14,500. The DMF is used by financial and credit firms and government agencies to match records and prevent identity fraud. The DMF contains the name, birthday and social security number of more than 85 million deceased Americans and is created from social security payment records.

Global Internet Management, in a joint venture with NTIS, offers iPhone and Android apps that provide the entire DMF list.

The ID Analytics survey projects that the entire annual U.S. volume of applications submitted for credit products and services contains nearly 6.8 million applications that at least have a partial match to the DMF. The survey concludes that roughly 2.4 million are simple typos of social security numbers.

Coggeshall says consumers might be wise to use ID protection services or monitors, both during life and for the dearly departed, as a means of protection.

The survey follows a November report by United Press International that Identity thieves were using the social security numbers of deceased children across the United States to collect dependent-children tax refunds from the Internal Revenue Service.

Topics: Banking, Enterprise Software, Government, Government US

About

John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Question

    Ok, so I get how this is harmful because somebody pays the price (higher fees from scammed companies, etc.) What I'd like to know is how does this hurt descendants of the departed? I'm not being sarcastic - is there any liability to those left behind for liabilities fraudulently incurred after a loved one's death? I can't see taking out identify protection once somebody dies, unless someone can illustrate who subsequent fraud could hurt me personally.
    amstewart123
    • As Mentioned in the Article

      Not only do the relatives have to deal with the death of a loved one, they also have to clean up their financial records. If there is an estate, purging the fraud can add time before the estate is settled and could reduce the estate. If the deceased had other financial problems then the scam on top of that can slow down resolution while interest keeps accrueing.
      sboverie
      • Not to mention...

        It's a royal pain dealing with financial institution on behalf of a deceased loved one (especially when some designates more than one beneficiary... I know this from personal experience). I don't envy the person who has to deal with any financial institution regarding this type of matter... It sucks trying to clean up a mess like this on your own behalf, but to have to do it as a 3rd party must be a royal pain in the android.
        i8thecat4
    • harm to others

      As other commenters note, it can screw up an estate, etc.

      In addition, an identity thief might list a living relative as a co-signer. (What? Without that person's permission???)

      Also, a lot of creditors (mainly small ones) and particularly individual collectors at collection agencies don't really care what the law is. They will routinely use (illegal) threats against blacks, Hispanics and Asians, such as saying they'll report the person to the police or immigration (even if the person was born in the US!)

      A LOT of people DON'T realize they are not liable for debts of deceased parents, etc. (I used to work at a law firm that did collections for Sears.) A common question is, "He was my father. Am I responsible for this debt?" The collector's response is ambiguous wording that doesn't SAY yes but gives that IMPRESSION, e.g., "I'm not a lawyer, so I can't give you legal advice. But, look, we can set up a payment plan that'll take care of this."

      (Some people DO voluntarily pay off a relative's debt even though they have no liability, and the collector has no obligation to inform the person s/he is not liable.)
      Rick_R
  • Companies must check

    Agreed, as long as there is a death certificate, its the fault of the company giving out credit or service for not checking. Had this happen for my father, and on a couple of instances just faxed/emailed copy of death certificate and never had problem afterwards.
    m_a_simons@...
  • At least they have gone green...

    They are recycling the dead... Everyone is going green now days, why not identity thieves? (it's a hue somewhere between gang green and rotton green).

    On a serious note, this is totally expected... How many movies have we seen where some immortal assumed the identityof a deceased person? If anything, I expect to see some pissed off immortals because their lives just became a little more difficult.
    i8thecat4
  • Old problem

    As noted recently by our Conservative friends, political operatives have been stealing the identities of deceased voters for generations. What is described here is merely an extension of the practice.
    John L. Ries
  • Soylent green is People!

    .
    schweddy
  • Really, what drama

    As a number of the posters have stated, ain't nothin' NEW here! First, one is not obligated to assist any business with rectifying 'there big mistake' with allowing a credit card to be activated to someone deceased. It's there obligation Period! They have the tools to do this research through the SSDI and other resources, yet, they're so dang greedy and cheap, do they? I've personally spoken to several lawyers familiar with this matter. In general, one does not have to do anything for a dumb screw-up of a Major business. Regarding so-called smaller companies, they too are obligated to do their homework. If they even threatened one, go after them - Big Time. There are various federal and state laws that protect people on being illictly assigned another person's (for gahd sake, there dead) debt obligations. There are numerous consumer organizations that can assist if some dumb company even attempts to harass someone. I refuse to assist any company with acquiring death certs., for they have the researchers and lawyers - let them spend the money. Record the dang threat and go after them. I won't even assist any company that even hints at this; recently told a company regarding a deceased aunt - Don't even go there. Bye
    alohaJammie