Identity theft, the sequel
Apr 27th, 2010 by Jesper Kråkhede
In a Swedish newspaper today they ran a story regarding identity theft. A woman´s drivers license (the main identification in Sweden) was stolen and used to take out credits in here name. They got several thousands of SEK before she finally understood and contacted “Upplysningscentralen”, UC where you block the possibility to take credits in your name.
Usually an identity theft stops here but not in this case. The imposter sent a new application to lift the ban to take out credits in her name. During the same time they had her mail temporary stored at the post office where they, with the same drivers license, was able to confirm lifting the ban and then take out credits for over 100 000 SEK.
So where are the problems here? The obvious is that the ID was not checked enough by any clerk where they managed to get credits. Even if an application exists that should be used for checking the ID against UC it is not always used. Secondly there is no way to distinctly tell that a single ID has been used for fraud. When the woman got her new ID it looked exactly as the first one. Third and most important, relying on mail service for security is still very unreliable. The possibility to have mail stored at the post office is of course very convenient but there has to be a check to UC if this should be allowed for the single client.