Identity Theft: Greater Awareness and Use of Existing Data Are Needed

Identity theft or identity fraud generally involves "stealing" another person's personal identifying information--such as Social Security Number (SSN), date of birth, and mother's maiden name--and then using the information to fraudulently establish credit, run up debt, or take away existing financial accounts. The Identity Theft and Assumption Deterrence Act of 1998 made identity theft a separate crime against the person whose identity was stolen, broadened the scope of the offense to include the misuse of information as well as documents and provided punishment--generally a fine or imprisonment or both. GAO found no comprehensive or centralized data on enforcement results under the federal Identity Theft Act. However, according to a Deputy Assistant Attorney General, federal prosecutors are using the 1998 federal law. As with the federal act, GAO found no centralized or comprehensive data on enforcement results under state identity theft statutes. However, officials in the 10 states selected for study provided examples of actual investigations or prosecutions under these statutes. Generally, the prevalence of identity theft and the frequently multi- or cross-jurisdictional nature of such a crime underscore the importance of promoting cooperation or coordination among federal, state, and local law enforcement agencies. One of the most commonly used means of coordination, task forces, can have participating agencies from all levels of law enforcement and, in some instances, can have participants from banks and other private sector entities. Although the Social Security Administration's Office of the Inspector General fraud hotline annually receives thousands of allegations involving either (1) SSN misuse or (2) program fraud with SSN misuse potential, the agency concentrates its investigative resources on the latter category of allegations because the protection of the Social Security trust funds is a priority.