At KnightsBridge Castle we deal with Identity Theft in all its forms every day. We understand the current limits of the law and the many failures of our legal system to adequately protect us against both identity theft and the new technologies that facilitate commission of the crime. After three years of fighting Identity Theft and assisting thousands in the prevention, detection, recovery, and prosecution of the many crimes of identity theft the team at KnightsBridge Castle calls for the following general legislative initiatives at both the state and federal level.
Require that consumers provide affirmative consent before selling personal information or “profiles” from commercial databases to others.
Require notification to the consumer within 48 hours and, for free, of any sale of his personal information to another. The person or entity purchasing the information should be clearly identified as well as the purpose for such access.
Establish a definition for identity theft that includes the three general elements of the crime – credit fraud, impersonation crimes, and criminal identity theft.
Require affirmative confirmation for credit applications. Passive confirmation of credit applications, such as mailing in pre-approved credit forms, should be forbidden. To complete a credit application, the applicant should physically present themselves together with their identity documents to the credit grantor or his agent.
Prohibit pre-approved credit card and bank draft solicitations.
Require police departments within the jurisdiction of the victim to take police reports for identity theft even if the actual identity crime occurred in another jurisdiction. Identity crimes are committed against a person living in a locality, even though the incident of the crime occurred in another jurisdiction often hundreds or thousands of miles away. Do not require that victims travel to a remote location to file a police report.
Make it an additional and serious crime for persons arrested with multiple and different forged identity documents in their possession at the time of arrest. Own recognacense release on bail should be disallowed if a person has multiple identity documents in his possession.
Dumpster diving, for the purpose of committing fraud, should be a crime.
For Data Breach remediation, breached companies must provide comprehensive identity theft prevention solutions for a minimum of three years. Such comprehensive services must include social security number use monitoring, false identity document use notification, account data monitoring, as well as other indicators of significant impersonation crimes. Credit monitoring alone is not sufficient.
Require credit grantors to report the issuance of new credit instruments to the credit rating companies immediately upon issuance. Credit rating companies currently report “credit inquiries” instantly. If credit is granted then the credit rating companies and credit grantors must be required to immediately update the credit records. Current lag times of 60 to 90 days are woefully inadequate.
Establish tougher laws for identity thieves working in organized groups. Most professional identity thieves need the cooperation and assistance of others to be effective. Establish penalties for identity thieves conspiring to commit impersonation crimes and fraud.
Require merchants with video surveillance of identity theft incidents, to release the videos to identity theft victims who have filed police reports and who have legal representation in seeking redress of an identity theft crime.
Require government agencies who issue identity documents, such as deriver’s licenses, to provide mechanisms for validation of identity through the document granting agency. Currently, most identity document granting agencies will not validate documents, or the existence of documents, except for the license purpose for which it was issued – e.g. driving a car and internal use by government. Government needs to recognize that a drivers license or state issued identity document is used for more than just driving. Validation systems supported by the government agency are critical in establishing a true identity.
Establish penalties for employees of companies holding sensitive personal information if they sell or transfer that information to others for purposes of committing fraud or identity theft.
Require that social networking websites that solicit minor children to their sites, or fail to affirm age allow automated programmatic access to their systems by independent entities for purposes of monitoring the safety and security of minor children in these systems.
Establish firm legislation making “pretexting” or the access for personal information records, such as phone records, bank records, or personal identity records, a crime if committed by an individual or corporate entity.
Make it a criminal offense to “spoof” another’s telephone number in committing a fraud.
Require companies performing background checks for purposes of employment to carry prospective employee messages in the record, if serious errors are contained within the report.
Require “permissive use” for access to all personal information resources on the internet. Hold “independent” information brokers to the same standards of information dissemination as established information brokers. Establish brokers adhere to GLBA, and other state and federal rules for information dissemination. The new breed of internet brokers ignores all laws and offer information for sale to anyone.
Establish a uniform credit freeze demand document and credit freeze criteria. Disallow each credit rating company from using its own forms for purposes of delay or denial in requesting credit freezes.
Require cellular telephone providers to destroy SIM cards immediately when SIM upgrades are required or cell phone upgrades are required. SIM cards contain extensive personal information.
For internet access to public records, require registration and logging of all information requests. Registration must be easy and simple. Logging should not be restrictive. An audit trail must be established and available if public records access is used in committing fraud or identity theft.
Make it a felony to use the Social Security Number of another person in committing employment fraud, medical benefits fraud, insurance fraud, or other fraud and identity theft.