Id Theft

Identity Theft Is Epidemic. Can It Be Stopped?

AUSING in the foyer of a comfortable suburban home two days before Halloween in 2002, Kevin Barrows, a special agent with the F.B.I., could not bring himself to open the front door. He and a team of agents had just spent several hours searching every room in the house, in New Rochelle, N.Y., but they were leaving empty-handed. Months of investigating had led Mr. Barrows to believe that someone was orchestrating a huge fraud from the house, yet he had not found a single scrap of evidence.

Still, something bothered him about the furniture in one of the bedrooms. It seemed oddly oversized. So he headed back upstairs for a second look, and his attention focused on an expansive canopy over the bed. When he pushed at the draping, he found that it was weighed down with files. They contained reams of confidential financial information about hundreds of individuals whose identities had been pilfered in an intricate scheme that illicitly netted more than $50 million.

Two years later, the New Rochelle home has emerged as a linchpin in what federal law enforcement authorities describe as the biggest case of identity theft ever uncovered in the United States. The scheme was essentially masterminded by just two people: Linus Baptiste, who lived in the house and had contacts with a sprawling ring of Nigerian street criminals, and Philip A. Cummings, his former brother-in-law, who worked as a help-desk clerk at a Long Island software company. At least 30,000 people nationwide were victimized, according to law enforcement authorities and court documents.

"In a lot of ways it could have been the perfect crime," Mr. Barrows, who now works as a private investigator, recalled in a recent interview. "The execution was seamless, and if they had been smart enough not to use a phone line that traced back to that house we probably never would have found them."

The Baptiste case and others like it are at the forefront of one of the fastest-growing white-collar crimes in the country. Identity theft involves the most intimate, the most stealthy and perhaps the most intrusive of frauds - the wholesale lifting of someone's financial persona to secure bank loans, credit cards and mortgages in that person's name. Even when the crimes are discovered early, it can take months, sometimes years, for innocent people to restore tattered credit histories. While most consumers usually do not have to pay for illicit purchases on their credit cards, they may be held liable in thefts involving other types of loans.

"Ultimately, victims don't have to pay debts incurred by another person, but that's not the point," said Bridget J. Thomas, a homemaker in Prairieville, La., who spent months repairing her credit history in 2002 after a thief appropriated her identity to snare about $65,000 in loans. "It's the sleepless nights, and the time, and the stress you have to go through to clean up your record that really hurts victims."

ANALYSTS say several factors have combined to make identity theft a particularly intractable crime: the growth of the Internet and digital finance, decades of expanding consumer credit worldwide, the hodgepodge nature of local and federal law enforcement, and the changing but often still inadequate regulations governing the credit industry.

Everyone is fair game. Thieves recently snatched the identity of a three-week-old infant in Bothell, Wash. And authorities say that the dead have been favorite targets of identity thieves for years. Nor is identity theft limited to people. A growing number of thieves now assume the false guise of entire companies, adopting a business's employer identification number to secure commercial loans, corporate leases or expensive office products, according to analysts, security specialists and law enforcement officials.

Schemes known as "phishing'' use e-mail messages to lure unwitting consumers to Web sites masquerading as home pages of trusted banks and credit card issuers, corporate security specialists say. Online visitors are then induced to reveal passwords as well as bank account, Social Security and credit card numbers.

The F.B.I. says that many identity thefts and cyberschemes that play out in the United States are hatched in Russia, Romania and West Africa and that the agency is trying to work with law enforcement officials in those places to stem the problem. A leading bank regulator, the Federal Deposit Insurance Corporation, warned in June that increased corporate outsourcing of call-center tasks and other jobs overseas had heightened the risk of identity theft.

Authorities have only recently grasped the full scope of the problem. It began to gain more attention a decade ago, prompting Congress in 1998 to make identity theft a federal crime and the Federal Trade Commission to set up a special victim assistance center a year later. Until a couple of years ago, analysts and federal authorities estimated the annual number of identity thefts to be in the hundreds of thousands. But in September 2003, the F.T.C. offered an eye-opening assessment of how widespread and damaging such crime might be.

In a report prepared by its consumer protection bureau, the F.T.C. said 27.3 million Americans had their identities stolen from April 1998 to April 2003 - with more than a third of them, or 9.9 million, victimized in the last 12 months of that period alone. The crimes ranged from the theft of a credit card number to more elaborate identity thefts used to secure loans. During those 12 months, the report said, businesses and financial institutions suffered about $48 billion in losses because of identity theft, and victimized consumers paid more than $5 billion in out-of-pocket expenses to regain their financial identities.

"The number of victims we were estimating in 2000 were 400,000 to 500,000 annually and by 2003 we were saying 750,000," said Linda Foley, executive director of the Identity Theft Resource Center, a nonprofit consumer advocacy group based in San Diego. "The business community said 'Oh, you are wrong; those numbers are wrong.' Well, we were wrong. The numbers were much higher."

Experts say identity theft has evolved from isolated examples, like Ms. Thomas's, to ever broader and more financially damaging cases, like the one investigated by Mr. Barrows, that involve the speedy theft and aggregation of hundreds or even thousands of identities. Many of the most vicious cases, say analysts, involve corporate insiders who hijack sensitive personal information from corporate databases in order to begin picking people's pockets.

"We're in the information database age, and insider theft has turned

...