STATEWIDE GRAND JURY REPORT
Case No: SC 01-1095
SECOND INTERIM REPORT
SIXTEENTH STATEWIDE GRAND JURY
IDENTITY THEFT IN FLORIDA
November 12, 2002
(This document has been reformatted for the Internet)
During the first phase of our inquiry into identity theft in
Florida, we outlined the scope of the crisis and focused on three areas of
concern: the security of Florida's driver license; the security of our
private information; and the treatment of identity theft victims. In our
first report, we addressed the definition of identity theft and some of
the sources of the identifying information, and made recommendations for
securing our personal information contained within public records and to
enhance the security of the Florida driver license.
In this phase, we continued to address some of the ways the personal identifying information is obtained by the identity thief, and focused on the fraudulent use of the information once it is obtained. In this report, we outline some of the various frauds and abuses that occur once the identity thief comes into possession of the victim's personal identifying information or financial documents. In our work, we examined the actions and responsibilities of the various persons or entities involved in the chain of criminal events - criminals, consumers, credit grantors, financial institutions, credit reporting agencies, retail establishments, and law enforcement - and describe our findings herein with respect to the cases we examined. Following our findings, we recommend specific action that we believe can and should be taken to prevent further victimization of the tragic sort we have seen.
By no means do we suggest that our ideas are the panacea for this huge problem, nor that other ideas are without merit. We also recognize that some of our suggestions have their own drawbacks, but we take seriously our obligation to assist the State in its efforts against organized crime and to that end we offer these suggestions from our collective reasoning and common sense. Each of the criminal cases we reviewed provided us with the support for our findings. We acknowledge that we have not seen the sum of it all, but the sum of what we have seen caused us grave concern and motivated us to comment in this format.
In the course of furthering our investigation, we heard testimony from:
- representatives of the Department of Highway Safety and Motor Vehicles, Division of Driver License;
- investigators from the Florida Department of Law Enforcement;
- investigators from the Florida Highway Patrol;
- investigators from the United States Postal Inspector;
- privacy consultants;
- representatives from the banking industry, credit card industry and the credit reporting industry;
- victims of identity theft;
- representatives of the Florida Wildlife Commission;
the Tampa Police Department;
- the Orlando Police Department;
- and the Orange County Sheriff's Office.
We recognize that our work provided us with just a sampling of the total picture. According to the experts we heard, the nationwide financial losses are astronomically high. According to the civilians we heard, the emotional losses are overwhelmingly devastating. As this has become clear to us, it has caused us to believe that a shift in the collective approach and attitude toward financial transactions and the handling of personal identifying information is necessary to counteract this rising tide of grief. Consumers should be more cautious than ever, merchants more vigilant, financial institutions and credit grantors more security conscious, credit reporting agencies more responsible, law enforcement more responsive, and government more willing to provide security of personal information as a service to the citizens.
To explain what brings us to this conclusion, we first describe what we learned.
II. GENERAL FINDINGSIdentity theft can occur in two ways: identity takeover and account takeover. An identity takeover means that the thief uses personal identifying information to open new accounts, such as checking accounts, credit card accounts, cellular phone or other contractual service. An identity takeover would also include incidents where a perpetrator uses a stolen identity to commit a crime or avoid detection when he or she is arrested. An account takeover is when a perpetrator assumes the established accounts of the victim and runs up charges on a credit account or withdraws funds from a checking or savings account.
A. SOURCES OF INFORMATION
While the conduct giving rise to identity theft is not new, electronic financial transactions have made it easier for an identity thief to use the stolen information since transactions can occur without personal interaction, and at speeds unknown heretofore.
The current state of technology enables the identity thief to hack into a computer database and obtain personal information on a very large scale, but we have learned that less sophisticated identity thieves can be just as effective, even if not as profitable. Retrieving personal paperwork and discarded mail from trash barrels, commonly called "dumpster diving," is one of the easiest ways for an identity thief to get necessary information. Another popular method is "shoulder surfing," where the identity thief stands next to someone at a public office, such as the driver license or tag office, and watches as the person fills out personal information on a form. Theft of incoming and outgoing mail from residential mailboxes, called "red flagging," is also a very popular method of obtaining personal identifying information. Mail theft is attractive to the identity thief since financial institutions and credit card issuers routinely send out unsolicited checks as marketing tools to existing and potential customers. These checks, if cashed, could result in a second mortgage on the consumer's home or act as a cash advance against a credit card or an unsecured personal loan.
Another common methodology is known as "pretext calling." This is when a caller represents himself or herself to be someone they are not, using a ruse to obtain personal information from the person being called. The pretext caller can use this ruse against the victim, a financial institution, medical provider, and others, in order to get the desired information. Callers can pretend to be customers, higher-level employees in the same bank, officials at other banks, government regulators or law enforcement officers. They can exude intimidation, helplessness, helpfulness, or breathless emergency. They can appeal to an employees' natural inclination to be of assistance or to comply with alleged official government business. They can frighten the elderly and dupe the naive. We learned that the pretext caller who does not get what he or she wants on the first call, will call employee after employee at a bank, merchant or insurance company until they find one they can manipulate. The same is true of the citizen victim. Harassment is a typical tool. Eventually, the citizen gives up some piece of the puzzle that the thief needs. According to the experts, pretext calling is associated with many of the 750,000 reported cases of identity theft each year.
The Gramm-Leach-Bliley Act (GLB) makes pretext calling a federal crime and requires bank regulators to make sure all financial institutions have policies and procedures in place to prevent the unauthorized disclosure of customer financial information and to deter and detect fraudulent access to such information. In spite of GLB, we learned that pretext calling is rampant.
One of the most valuable pieces of information that an identity thief is searching for is the Social Security number, because the American financial industry has placed great reliance on it as the primary means of identifying individuals. Universities identify students with it. Providers of medical care and insurance coverage use it to identify their patients and clients.
The sale of social security numbers has become pervasive. In response, some federal legislators have proposed legislation intended to curb the sale of social security numbers. One bill, sponsored by New Hampshire Senator Judd Gregg, is dubbed the "Amy Boyer Law." Ms. Boyer, of New Hampshire, was murdered by a stalker who bought her Social Security number on the Internet and used it to get more of her personal information leading to the address of her employer where she was murdered.
Gregg's Bill (S 2554) aims to prohibit the public display of people's Social Security numbers without their consent. However, it exempts professional and commercial users that use the numbers in the normal course of business. This exemption still allows companies to track down Social Security numbers, which are posted at the top of documents such as credit reports, and sell them. It does impose punishments on those who use someone's Social Security number for harm or identity theft.
Other proposals include HR 4857, a bill by Florida Representative E. Clay Shaw Jr. that would require credit reporting agencies to take Social Security numbers off the header areas of credit reports, which information brokers often use. It also would limit the government's ability to release information about Social Security numbers and would require the Federal Trade Commission to regulate sales of Social Security numbers.
The reporting of Social Security number misuse is rising dramatically. The Social Security Administration reports that calls about misuse to their Office of Inspector General (OIG) numbered 104,000 in 2001, up from 62,000 calls in 1999.
One truly despicable method of committing identity theft occurs when a thief reads the obituaries and calls a funeral home as a pretext caller to "confirm that we have the decedent's social security number correct on our forms." Unfortunately, we learned that there can be up to a 90-day delay between the date of a person's death and the recording of the social security number in the Social Security Number Death Master Index. This Index alerts the financial sector that the person to whom that particular social security number was assigned has been reported as deceased, but the delay in its update allows the identity thief ample time to set-up credit card accounts, run up charges and then move onto his or her next victim leaving the family of the decedent with the burden of dealing with the fraudulently created debts.
B. VICTIM ISSUES
We continued to hear troubling accounts from victims who had difficulty in getting their local law enforcement agencies to take a police report. The Federal Trade Commission (FTC) data shows that 59 percent of the victims who contacted the FTC during a 12-month period (Nov. 1999 through Oct. 2000) had already contacted the police, but 35 percent of these victims reported that they were unsuccessful in convincing a law enforcement agency to take their complaint and provide a report. This is disturbing because consumer reporting agencies will accept a police report as prima facie evidence of fraud and immediately block the reporting of the fraud related entries.
We were encouraged to learn that the International Association of Chiefs of Police (IACP) made attempts to urge police officers to write police reports for victims of identity theft. In November 2000, the IACP adopted a resolution calling for "all law enforcement agencies in the United States to take more positive actions in recording all incidents of identity theft." The Florida Sheriff's Association and the Florida Department of Law Enforcement both issued bulletins advising law enforcement officers of the importance of generating a report in identity theft related cases. The FTC reports that since the resolution and the various bulletins, the number of victims unable to get a police report has declined.
The plight of identity theft victims continues to disturb us. It is comforting to know that federal grants are available to set up programs to assist victims of identity crimes and that they are beginning to be tapped into by law enforcement agencies, including our Legal Adviser, the Office of Statewide Prosecution.
C. TYPES OF ABUSES
1. CREDIT CARD FRAUD
Once an identity thief has the personal identifying information of another, there are a number of crimes that can be committed. One classification of crimes is credit card fraud. This category generally includes all fraudulent uses of a credit card, but can be further defined.
a. Account Takeovers
An account takeover occurs when the identity thief uses someone else's personal identifying information in order to become that person in the eyes of the financial institution and, in turn, gain full access to the victim's existing credit card, savings and checking accounts.
We learned that the identity thief does not need an actual credit card or account number to accomplish an account takeover. Once the identity thief has the victim's personal identifying information, he or she will contact the victim's credit card company and change the address on their account(s). The identity thief will later call the financial institution or card issuer and report the card lost or stolen and request a new card replacement. The new card is then sent to the billing address the identity thief has placed on the account. Once this is done, the identity thief has successfully taken over an account. This type of fraud is very popular since it does not require the technology to create a counterfeit card, nor the delay in waiting on the approval of a fraudulent application.
Since fraudulent users often replace the billing address and the phone number on the compromised account, it is extremely difficult for a card issuer to challenge the fraudulent user effectively. In other words, the techniques and procedures generally employed by credit card issuers, i.e., velocity checks which analyze the use patterns of the credit card, address verification, and types of purchases, to guard against fraudulent account usage are much - less effective when applied to an account takeover.
We learned that this type of fraud is possible since financial institutions are limited by federal laws such as Graham-Leach-Bliley, and others, in the amount of account and personal identifying information they can share about their customers within the industry in the day-to-day operations of their business. Financial institutions are able to share a greater amount of account holder information in order to fight fraud, but generally the information sharing is limited.
On an encouraging note, we have learned that, within the confines of these laws, the Florida Bankers Association has developed a database to share information of known frauds, promote awareness and enhance the fraud prevention education of bank personnel. Additionally, the industry has created a task force with bankers, regulators and law enforcement in order to fight fraud.
In 1998, account takeover fraud exceeded $120 million. Sophisticated criminals also used counterfeit credit cards and racked up about $140 million in losses for the U.S. card industry. Other types of fraud and the subsequent cost include: lost & stolen cards - $270 million; application fraud -$220 million; issued but not received cards -$190 million and other, unclassified, types of fraud- $60 million.
b. Skimmed Credit Cards
Credit Card Skimming is a method by which encoded information from the magnetic strip of a credit card is gathered by an electronic credit card reader (skimmer). This information is used legitimately when processing a transaction. In the hands of a criminal the electronic credit card reader becomes a handy tool to gather information to use later in illegal transactions and purchases. Usually a criminal utilizes a portable, handheld, "skimmer" to swipe the credit card when the customer is not looking. When the customer makes a credit card purchase, the information will automatically be stored in the "skimmer". At a later stage the criminal will use this information to make unauthorized purchases or encode this information on the magnetic strip of a counterfeit card.
In addition to handheld skimmers, inline skimming devices are becoming popular. A small, skimming "bug" is placed into an older credit card terminal, inline on a point of sale computer, or a capture device is installed adjacent to an ATM. The bug pulls credit card data from the terminal. After a certain period of time has passed, the fraudster removes the bug, downloads the information into a computer and can then use that information to create counterfeit or cloned credit cards.
Credit card skimming most often occurs in businesses where credit cards are used regularly, such as restaurants and other entertainment venues. Credit card skimming has become a worldwide problem. Card losses due to skimming exceed $1 billion a year.
We learned that all of the equipment needed to commit this crime is available on the Internet. A skimmer costs approximately $300, and the equipment to make a high quality counterfeit credit card costs between $5,000 and $10,000. Equipment that could be used to manufacture a lower quality card would cost significantly less. The card stock used to create credit cards is not subject to any regulation and can be purchased in nearly any office supply store. These blank cards, commonly referred to as "white plastic," once encoded, can then be used at gas stations and other places where no person-to-person contact is required to complete a transaction. In 2001, the possession of a skimming device for fraudulent purposes became a third degree felony in Florida punishable by up to five years in prison and / or a $5,000 fine.
c. Creating New Accounts
In the creation of new accounts, the personal identifying information of another is used to establish a new credit account with a financial institution, but using a different billing address in order to facilitate the receipt of the card plate and the subsequent statements. We learned that this type of fraud is particularly easy to commit since some information, i.e., address, provided by the identity thief is not routinely verified against the various consumer reports nor address verification systems currently available. For example, a cross check can be made of the address listed on the consumer report for the applicant and the address being provided by the applicant for credit. If the addresses do not match, further identity confirmation can and should take place.
d. Instant Credit
Instant credit is a quick transaction, taking place as fast as the customer can provide the necessary information. There are "instant credit kiosks" in some establishments that allow the applicant to input information without any supervision by or assistance from the merchant. This type of credit transaction is popular with merchants who specialize in electronics, home furnishings, and home improvement-type products. If verification is conducted, it is done by the salesperson, who will probably benefit financially from the sale. Neither photographs nor fingerprints are left behind as evidence of the true identity of the thief. The opportunity for fraud is enormous.
2. CHECK FRAUD
According to the evidence we heard, check fraud is one of the largest areas of fraud loss affecting businesses and financial institutions today. Computer technology makes it increasingly easy for criminals to create or manipulate bank drafts, money orders and checks in such a way as to deceive innocent victims.
A significant amount of check fraud is due to counterfeiting through the use of a computer to generate an authentic looking financial document. Additionally, a large portion of the fraud can be attributed to copying to create or duplicate an actual financial document, as well as chemical alteration of an actual financial document. Victims of check fraud include financial institutions, businesses who accept and issue checks, and the consumer whose information was initially compromised. In most cases, these crimes begin with the theft of a financial document. The theft can be perpetrated as easily as someone stealing a blank check from the victim's home or vehicle during a burglary, searching for a canceled or old check in the garbage, or removing a check from a mailbox that the victim may have used to pay a bill.
Additionally, we learned from law enforcement and bank security personnel that investigations into fraudulently opened bank accounts are often thwarted by the lack of information required or retained by some banks in order to open the account. We heard that it is rare for some banks to retain copies of the identification provided by the individual opening the account and we heard of no banks that require and retain a customer's fingerprint for a new account. This becomes even more problematic when bank accounts are opened over the phone and via the Internet.
a. Counterfeit checks.
Counterfeiting of bank drafts, money orders and checks generally occurs using readily available desktop publishing equipment consisting of a personal computer, scanner, commercially available software and a high-grade laser printer. Counterfeiting, however, could also be simply duplicating a check with advanced color photocopiers.
There are several commercially available software packages and supplies that allow consumers and businesses to print their own checks. These software packages allow the user to input account information, payer and payee information, and to then print checks that can be tendered for payment to any institution. While we recognize that these software products serve a valid need of businesses and consumers, we have seen where these products are easily exploited by the identity thief and are successfully used to commit fraud.
We have seen cases in which a fraudster printed an account name on the top of the check that did not match with the account number printed on the bottom of the check. We learned that the merchant, utilizing commercial check authorization companies, is not in a position to automatically verify that the account name matches the account number.
b. Washed checks.
Armed with some commonly available chemicals and ingenuity, an identity thief can "wash" checks to completely or partially alter the document (the latter is known as "spot alteration"). Once the information is "washed" from the check, the thief then rewrites the check to themselves or another party, increasing the amount payable by hundreds or even thousands of dollars. Generally, the thief will come into possession of legitimate checks by stealing outgoing residential mail, taking the checks the victim wrote and washing the payee line and the dollar amount.
The extent of this type of fraud is immense. Industry representatives told us that check washing or spot alteration accounts for $815 million in losses annually in the United States.
We learned that there are various security measures that can be utilized by a check printing company in order to make check washing and other types of check counterfeiting more difficult to accomplish.
1. Watermarks. Watermarks are made by applying different degrees of pressure during the paper manufacturing process. Most watermarks make subtle designs on the front and back of the checks. These marks are not easily visible and can only be seen when they are held up to light at a 45-degree angle. This offers protection from counterfeiting because copiers and scanners generally cannot accurately copy watermarks.
2. Copy Void Pantograph. Pantographs are patented designs in the background pattern of checks. When photocopied, the pattern changes and the word "VOID" appears, making the copy nonnegotiable.
3. Chemical Voids. Chemical voids involve treating check paper in a manner that is not detectable until eradicator chemicals contact the paper. When chemicals are applied, the treatment causes the word "VOID" to appear, making the item nonnegotiable. Checks treated with chemical voids cannot be altered without detection.
4. High-resolution Micro Printing. High-resolution micro printing is very small printing, typically used for the signature line of a check or around the border in what appears to be a line or pattern to the naked eye. When magnified, the line or pattern contains a series of words that run together or become totally illegible if the check has been photocopied or scanned with a desktop scanner.
5. Three-dimensional Reflective Holostripe. A holostripe is a metallic stripe that contains one or more holograms, similar to those on credit cards. These items are difficult to forge, scan, or reproduce because they are produced by a sophisticated, laser-based etching process.
6. Security Inks. Security inks react with common eradication chemicals. These inks reduce a forger's ability to modify the printed dollar amount or alter the designated payee because when solvents are applied, a chemical reaction with the security ink distorts the appearance of the check. This makes such items very difficult to alter without detection. The chemical reactants produce permanent stains when bleach or solvents are used to alter the check document.
7. Invisible Fibers. (Covert). Embedded in the sheet, fibers are visible only under ultraviolet light, and are extremely difficult to duplicate.
8. Visible Fibers. (Overt). Fibers are visible in ordinary light and arranged on both sides of the check. These fibers will extend from a torn edge to verify its authenticity.
A combination of these security enhancements could prevent check washing and check duplication.
III. SUMMARY OF ADDITIONAL FINDINGSIn addition to the evidence described above, we have drawn several additional conclusions about the sources of information, abuses of information, and the loopholes that allow identity theft to occur.
A. INADEQUATE VERIFICATION OF IDENTIFICATION
We have seen numerous cases where a more diligent check of identification at the point of sale would have prevented the fraudulent transaction. Merchants and financial institutions are not routinely checking identification of credit card and check customers. When identification is checked, we have seen numerous instances where subjecting the presented identification to some scrutiny would have quickly revealed that it was counterfeit or did not belong to the person by whom it was presented.
Further, we learned that in many instances simple follow-up questions could have been asked by the merchant that would have revealed that the person in front of them was not the person they represented themselves to be.
B. INADEQUATE RECORD KEEPING
During our investigations, we saw many times when financial institutions did not retain copies of identification or any identifying features of their customers. The failure to retain a photocopy of the identification presented during the opening of an account or to retain a digital photograph or fingerprint of the person opening the account presented a serious impediment to the banks own fraud investigations as well as law enforcement investigations. The problem is worse when the accounts are opened over the telephone or via the Internet with no in-person interaction between the customer and the financial institution ever taking place.
C. CUSTOMER ACTIVATED POINT OF SALE TERMINALS
We heard cases involving customer activated terminals that allow the customer to insert their own credit or debit card into the payment device or point of sale terminal and conduct their own transaction without any interaction by the merchant. While these "pay at the pump," self-service, types of technology may make life easier on the consumer, they are subject to a great deal of fraud. We learned that fraudsters run their recently created counterfeit credit card through these types of terminals to see if they encoded the card correctly and if it is valid. We further learned that when the customer is required to input their zip code into the terminal prior to authorization, the instances of fraud are dramatically decreased.
IV. RECOMMENDATIONSAs we are wrapping up our deliberations, we must start with what we said in our first report: The Florida driver license is technologically outdated as a foolproof means of identification. Therefore: first, and foremost, the Florida driver license has to be modernized and made tamper proof. We are told that the options are being evaluated by our government. Any increased costs should be weighed against savings in fraud deterrence, taking into account greater peace of mind. As Florida citizens who want greater protection, we urge our leaders to make it available.
Second, the sale of social security numbers must be stopped. The federal proposals must be adopted and Florida must continue its efforts to enforce the recently enacted laws that make social security numbers confidential within public records and prohibit its release. Florida must also continue to minimize the requests for Social Security numbers to be included on documents that will become public record, where the number is of little relevance to the government function.
Third, the Master Death Index of expired Social Security numbers must be promptly updated upon death. Regulation of funeral homes, hospitals, and the Bureau of Vital Statistics must be reviewed to see that this is done as expeditiously as possible.
Fourth, financial institutions must recognize that their marketing strategies may be hurting their customers, and ultimately their own "bottom lines." Management should give greater weight to security issues and provide additional security features on accounts (i.e., customer photographs on credit cards and checks and PINs), until the tide has turned. All customers should receive greater security protection, and should be allowed to "opt-out" of such things as "gift checks for holiday shopping," "mini-credit cards for key chains," a "free duplicate card for a relative," and other such unsolicited materials that are identity theft tools ripe for the picking. Further, financial institutions and merchants should cap instant credit transactions at a reasonable dollar amount.
Fifth, financial institutions and merchants must adopt new technologies and change old habits to keep up with the criminal element. Financial institutions must experiment with and employ new technology in the printing of their checks and instruments that would prevent the document from being altered by use of a chemical bath. Financial institutions, working with regulators, should explore and utilize methods to disguise or make unreadable to the naked eye the routing number and account number on the bottom of the check. Financial institutions and merchants should make certain that statements and billings are not sent through the mails that contain the full account number or social security number of the consumer. Financial institutions should explore the creation of credit card terminals that cannot be bugged and implement smart card technology where the data on the credit card is encrypted. Financial institutions must encourage and cooperate in the implementation of address verification systems and personal identifier numbers (PIN) to be used at customer activated point of sale terminals. Further, financial institutions should produce public information campaigns to alert consumers to the existence and danger of skimmers, and merchants should explore the use of portable credit card terminals so the credit card never has to leave the customer's sight.
Sixth, financial institutions and merchants must constantly train staff to be on the look-out for unusual or suspicious transactions, and to verify all information provided to them. The financial industry should take a proactive approach when dealing with customers that are not known to them and fully examine the information on the application and within the transaction to minimize the likelihood that the transaction is a fraudulent one. Financial institutions should employ technology that can monitor the cashing of multiple checks at different branches and in these types of situations issue a notice to the tellers to thoroughly scrutinize the transactions.
Seventh, financial institutions should push for elimination of the legislative barriers to database sharing. Communication between institutions is essential to stop repeat victimization of multiple institutions. Although it contains only post-fraudulent transaction information, the Florida Bankers Association has created a subscription database for the sharing of fraud alerts among the industry and law enforcement. This database is an outstanding example of how effective the information sharing can be in the prevention of fraud.
Eighth, the legislature should consider regulating equipment that is used for counterfeiting credit cards and creating fake financial documents, and explore ways to offer tax incentives for businesses and consumers who purchase identity theft protection equipment or supplies.
Ninth, consumer reporting agencies that do not implement fraud alerts as requested and as required by law, should be held liable for their negligence. Credit grantors who ignore or override a credit alert and grant new credit should likewise be penalized. The liability for such action, absent due diligence, is clearly on the shoulders of those who control the events in question. We believe a major reduction in fraudulent transactions would occur if their commercial interests were more at stake. Additionally, the legislature should consider requiring consumer reporting agencies to provide Florida citizens with two free credit reports per year so the citizen can routinely monitor their reports in order to minimize the effects of identity theft.
Tenth, law enforcement needs to be continuously encouraged to take reports from identity theft victims. The legislature and law enforcement must continue the development of a statewide database of identity theft victims and suspects in order to streamline the investigative process and minimize duplication of efforts during investigations.
Eleventh , a statewide, toll free, victim hotline and identity theft victim advocates are critically needed resources in minimizing the harmful effects identity theft can have on victims.
Twelfth, consumer education is vital. It has been said that no amount of government regulation can take the place of consumer education and heightened awareness on the part of the public. If ever there were a time to prove this maxim, it is now. We call upon every involved entity to put this on the front burner of their public relations campaigns in Florida.
V. CONCLUSIONIdentity theft has been around for some time and is ever worsening, but it was not until the events of September 11th that many of these issues moved from the circle of law enforcement and unfortunate victims to the front pages. Not a day goes by that the media does not carry a story about some form of identity theft victimization or attempt to evade law enforcement using false identity. As a result, citizens are more aware of the dangers involved. After September 11th, citizens are willing to accept and engage in more pro-active security measures. If applied to financial transactions, this will go a long way to help prevent identity theft.
Identity theft is very much a creature of our information and technology age. The same easy transfer of information that has fueled so much of our economic and social progress over the last few decades has also contributed to the expansion of white collar fraud, as exemplified in perhaps its most destructive form - identity theft. No other single crime has so much potential to cause loss and suffering to individuals while also putting a major cramp in continuing economic growth by deflating confidence in the marketplace. The same technology that allows instant transfer of money, ideas, information and innovation in society also helps to disseminate and proliferate these very same things amongst the criminal element. Fraud methodologies and techniques that took years to spread from one region of the country to another now shoot across the world via broadband communications. There are even web-sites and discussion groups where criminals can get almost instant access to newly stolen information. We must avail ourselves of the same technological advances to thwart the thieves who prey upon us.
As is often the case, Florida is at the forefront of this emergent criminal wave, both in the scope of the problem and in our State's response. One of the most important things we have learned about these identity crimes is that criminals move quickly and decisively when opportunities present themselves.
We have learned how the mind so bent can create many ways to abuse someone's identity. We have also learned that the legislature and law enforcement agencies work very hard to stay ahead of the criminal mind. But we have seen how very naive the public can be with an "it won't happen to me approach."
We are encouraged by the fact that financial institutions and the retail industry are sending representatives to work with law enforcement to find ways to prevent these criminal acts. We are excited by the activities of these different task forces, the legislative action, and the attention of the Governor and Cabinet to this issue.
We do not want the focus to unravel or the good work to stall because of assumptions that the public will react negatively to heightened security features, or reluctance by the Legislature to fund enforcement initiatives due to the current economic situation. If Florida is to stay ahead of this criminal wave, we must also move quickly and decisively in our response and continue with constant vigor to fight the scourge that is identity theft.
THIS REPORT IS RESPECTFULLY SUBMITTED to the Honorable Belvin Perry, Jr., Presiding Judge of the Sixteenth Statewide Grand Jury, this 12th day of November, 2002.
KEVIN F. MORRIS
Sixteenth Statewide Grand Jury of Florida
I, MELANIE ANN HINES, Statewide Prosecutor and Legal Adviser, Sixteenth Statewide Grand Jury of Florida, hereby certify that I, as authorized and required by law, have advised the Grand Jury which returned this report on this 12th day of November, 2002.
MELANIE ANN HINES
Sixteenth Statewide Grand Jury of Florida
I, THOMAS A. SADAKA, Special Counsel and Assistant Legal Adviser, Sixteenth Statewide Grand Jury of Florida, hereby certify that I, as authorized and required by law, have advised the Grand Jury which returned this report on this 12th day of November, 2002.
THOMAS A. SADAKA
Assistant Legal Adviser
THE FOREGOING Second Interim Report was returned before me in open court, this 12th day of November, 2002.
HONORABLE BELVIN PERRY, JR.
Sixteenth Statewide Grand Jury of Florida