"Last year alone, nearly 10 million Americans had their
identities stolen by criminals who rob them and the nation's
businesses of nearly $50 billion through fraudulent transactions,"
said the President. "The bill I'm about to sign sends a clear
message that a person who violates another's financial privacy will
be punished."
Most identity theft, where a fraudster uses a victim's personal
information in order to obtain benefits, such as access to bank
accounts, social security benefits or even a passport or driving
licence, occurs off-line.
Fraudsters can obtain the necessary details from rummaging
through rubbish bins, looking over a victim's shoulder at a cash
machine or through 'skimming' - where a credit card is passed
through a reader that downloads the information contained on it,
allowing another unauthorised card to be made.
But the growth of the internet has created another opportunity
for fraudsters to obtain this information, through on-line scams
that fool web and e-mail users into handing over personal details,
whether by inadvertently downloading keylogging software that
allows a third party to read information as it is typed into the
computer, or by the growing phenomenon of phishing.
Phishing occurs when a fraudster sends an e-mail that contains a
link to a fraudulent web site where the users are asked to provide
personal account information. The e-mail and web site are usually
disguised to appear to recipients as though they are from a trusted
service provider, financial institution or on-line merchant.
The number of phishing attacks is rising. Around 57 million
Americans have been subject to an attack, costing US banks and
credit card issuers around $1.2 billion last year, according to a
Gartner report issued in May. The call for action is
increasing.
In response the US has tightened up the criminal penalties that
may be imposed upon individuals committing identity theft.
Introduced by Congressman John Carter, and signed by the
President on Thursday, the Identity Theft Penalty Enhancement Act
introduces a new offence of aggravated identity theft, which means
that a person convicted of a crime involving identity theft will be
given an additional two years in prison, in addition to any other
sentence he or she may receive.
The penalty is increased to five years, where the crime was
related to terrorism.
The Act also allows for the introduction of tougher sentences
for employees who steal information from their corporate database,
to be used in ID theft related crimes.
The Act was signed less than a week after Senator Patrick Leahy
introduced a Bill into the Senate which, if passed, would leave
phishers facing a prison sentence of five years and a fine of
$250,000.
The final text of the Act was not available on-line at the time
of writing.
