Identity theft is a group of criminal activities in which the criminal uses one or more pieces of the victim’s identity. It can involve monetary loss, as when the criminal uses the victim’s credit card; “account takeover,” when the criminal uses account access to lock the owner out of his or her account; or “true name” theft, when the criminal uses the information obtained to open new accounts and create an alternate reality for the identity. Identity theft is a federal offense in the United States. There are two types of identity theft programs: a specific program undertaken by any business, educational institution, or other organization to protect its employees or members from identity theft and a specific Federal Trade Commission (FTC) program, commonly referred to as the “FTC Identity Theft Program.”
Organizations institute identity theft programs for a variety of reasons. One is to protect their employees and members and help them avoid the time and disruption of identity theft, which can also interfere with their work. Another is to protect the organization, because identity theft from a member or an employee can lead to the organization being exposed to criminal activity if, for example, a user name and password connected to the victim’s workplace is stolen.
An individual organization’s identity theft program is likely to include several different initiatives. These may include insuring that no identity theft has already occurred by reviewing credit information and providing access to free credit reports. It may also include support in the case of lost or stolen credit cards or suspicion of identity theft, including emergency assistance.
The FTC Identity Theft Program grows out of the 1998 Identity Theft and Assumption Deterrence Act. Through this act, Congress directed the FTC to establish a repository for complaints and education for consumers and assistance to victims.
There are a number of facets included in the FTC Identity Theft Program. First, the FTC set up a toll-free number for consumers to use in reporting identity theft. Second, the FTC set up a website that provides information as well as a secure web form for filing a complaint online. Third, the FTC publishes a consumer education book in English, titled Identity Theft: When Bad Things Happen to Your Good Name, and in Spanish, titled Robo de Identidad: Algo malo puede pasarle a su buen nombre.
Among other initiatives, the FTC also established the “Red Flags Rule,” which requires financial institutions and creditors to each create an Identity Theft Prevention Program. It provides assistance and support to organizations who are required to do this. For example, in 2009, the FTC made available “A Do-It-Yourself Prevention Program for Businesses and Organizations at Low Risk for Identity Theft.” As organizations worked to set up their programs, the FTC delayed enforcement of the Red Flags Rule until 1 June 2010.