In fewer than six months, some $900,000 in merchandise, gambling and telephone-services charges were siphoned out of his debit card. His attempts to salvage his finances have cost him nearly $100,000 and have bled dry his savings and retirement accounts. His credit score, once a strong 780, has been decimated. And his identity — Social Security number, address, phone numbers, even historical information — is still being used in attempts to open credit cards and bank accounts.
“I have no identity,” said Crouse, 56. “I have no legacy. My identity is public knowledge and even though it’s ruined, they’re still using it.
“It really ruined me,” he said. “It ruined me financially and emotionally.”
Crouse is among the 11.1 million adults — one in every 20 U.S. adults — last year who have the dubious distinction of breaking the record of the number of identity-fraud victims in the U.S., according to a recent study by Javelin Strategy and Research. That figure is up 12% over 2008 and is 37% ahead of 2007. The cost to the victims: a collective $54 billion.
“The odds have never been higher for becoming a fraud victim,” said James Van Dyke, Javelin president and founder. “It’s an easy crime to perpetrate, a crime that’s almost impossible to catch when done in a sophisticated manner and a crime in which enforcement is very limited.”
Crouse can attest to that. Once an avid fan of online shopping and banking, the Bowie, Md., resident would auction on eBay.com, download songs from iMesh.com and use his ATM card like a credit card.
He first noticed suspicious activity in his account in February of 2009 for small charges of $37 or $17.98. He had a full-time job then and was spending out of an account that generally held $30,000.
“All of a sudden it really got bad,” he said. “In August the charges hit big time — $600, $500, $100, $200 – all adding up from $2,800 to $3,200 in one day.”
He called his bank immediately and started what began a tiresome process of filling out what he said finally amounted to about 20 affidavits swearing that he was not responsible for the charges. He said one day he filled out an affidavit about a charge and the next day the bank had accepted similar charges approaching $4,000.
“At that point I was going to the bank every day and looking at everything,” he said. He had the time then. Five months before that he had been laid off his $180,000 a year construction-industry job.
Now he was in a double bind: His $2,300 a week net income had dwindled to $780 in unemployment checks every two weeks and his accounts were getting drained daily — even after he closed his debit account.
He opened a new account at a new bank and the next day both accounts got hit with a $1,100 charge. The new bank told him it was keystroke malware that had likely done him in. Someone had hacked into one of the sites he visited regularly, his computer got infected and picked up all his personal information by tracking every key he struck.
While much of the fraud came from online purchases and at gambling sites, there were new accounts opened in different names but linked to his bank account. There was one purchase of a plasma TV from a Best Buy in Florida that was shipped to a Brooklyn. N.Y., address. In another case a woman in North Carolina was writing out checks tied to his account.
“It was nasty,” he said, admitting that he even contemplated suicide. “I just couldn’t take it. I didn’t feel like a man anymore. I was violated and I didn’t know what to do.”
Identity thieves steal mostly through two means, according to Michael Stanfield, chief executive of Intersections Inc., a risk-management firm. They take an established address and phone number of an identity that “has some value,” he said, like a doctor or a lawyer. In many instances, they can go to the Internet and acquire the matching Social Security number for as little as $50. They then have enough information to get an address changed with your bank account or a credit card account. They apply for new accounts as you.
Others take over existing accounts, Stanfield said, through keystroke malware that you — and probably hundreds or even thousands simultaneously — have picked up through the Internet.
Listening software then sits on your computer, perking up when you go to a bank site. It copies all your key strokes — your user name, password, challenge question, account numbers, everything.
“You leave and the bad guy goes right back in behind you,” Stanfield said. “We’ve seen examples where that has occurred and its gets fixed and a month later the computer gets cleaned out again and he becomes a new victim, even with a new account.
“It’s a horrible event and it’s happening every minute of the day to someone,” Stanfield said.
According to Javelin, the number of fraudulent new credit-card accounts shot up to 39% of all identity-fraud victims in 2009 from 33% the year before. Fraud from existing credit-card accounts rose to 75%. New online accounts opened falsely more than doubled from 2008. The study also found that 29% of victims said new cell-phone accounts were opened deceptively.
No one is immune
Identity theft is indiscriminate, cutting across all age and income levels. But those most at risk are those who spend the most and that tends to be middle-income families. Those most likely to miss fraud are usually 18 years old to 24 years old, simply because they don’t pay enough attention to their accounts and — though most are technologically savvy — they’re not protecting themselves against the worst of technology through malware, viruses and Trojan horses.
“The more you transact, the more you’re at risk because you leave a trail behind,” Van Dyke said.
Criminals turn to in-store and online purchases to steal most often, accounting for four in 10 cases of fraud, according to Javelin. Some 20% of victims have had their information used to make phone or mail-order catalog purchases.
“A lot of these crimes are really a battle of who can get their hands on the most information,” Van Dyke said. Remember too that not all identity fraud is committed by strangers. Last year at least 13% of all ID crimes were committed by someone the victim knew, like a family member or friend.
As for Crouse, the trouble extended into other areas of his life. He fell behind on paying bills — though the mortgage on the house his ex-wife and two sons live in was kept current — and racked up myriad late fees, higher interest costs and penalties. One son dropped out of college and another is reconsidering where he’ll go because of costs.
In the meantime, he was having trouble finding work. With a doctorate degree in organizational psychology and a longtime veteran of contracting work at federal facilities like the FBI and the Secret Service, Crouse was getting high acclaim in interviews but no calls back. Finally one recruiter told him that companies were turning him away because his credit reports were so poor and his debt was mounting. As a result, his security clearance to work on government buildings was yanked.
“It affected me. It affected my livelihood. It affected my whole family,” he said.
He finally found a job, though he took a significant pay cut because he lost his clearance. He figures he’ll be 61 by the time he crawls out of the debt the fraud caused and is able to rebuild any kind of nest egg. He’s sold many of his prize possessions, including a 1993 Corvette and assorted pieces of gold and silver. He uses coupons now, shops food sales, even eating things he doesn’t like such as macaroni and cheese because they’re cheaper.
“It’s just like I’m back in college,” he said.
His advice to others: Don’t touch Web sites that offer free things or 30-day trials; never give out personal information; and always keep your receipts.
Don’t become a victim
Javelin has recommendations for what it calls “prevention, detection and resolution” of identity fraud: