With advances in technology and the expansion of the Internet, people and companies are transacting more of their business electronically via the Internet. Many relationships between businesses and their customers are formed and maintained via electronic communication or through the telephone without the business' representatives having any physical interaction with their customers. Usually an exchange of products and services for money results from these relationships.
Some of these relationships between companies and customers involve companies setting up accounts (e.g. extending loans and credit) to customers. In order to form this relationship, a person provides the company with some important information, like their name, address, phone number, employer, Social Security Number (SSN), and birthday. With the name, SSN, and birthday, the business can check the person's credit score or credit worthiness with a credit agency and potentially extend the person the loan or credit. Anyone who possesses these limited pieces of information of a person's name, SSN, and birthday may have the ability to pose as the person and get a loan, credit, products, and services from businesses.
Since the loan, credit, or account is tied to the person's identity, name and SSN, and not the impersonator, the impersonator or identity thief can steal money, products, and services from the businesses leaving either the person or business to pay for the loss. Usually the person whose identity was used does not know about the use of their identity until weeks or months after their identity was used and an account previously unknown to them shows up on their credit report. As a result of the previously unknown account, the person may receive a poor crediting rating or a collection agency can attempt to recover payment from the person for the business. Once a person discovers this identity theft, they can go through a laborious process of proving they did not apply for the loan, credit, or account and showing that their identity was stolen. After this occurs, the business is left to find the impersonator or absorb the loss. Finding impersonators or an identity thief is difficult because most if not all of the identity information known about the thief is actually the identity information of the person whose identity was stolen. Identity theft has cost businesses and individuals billions of dollars and millions of hours of time to identify the fraud and clean up the individual's credit.
The identity theft problem exists largely because a person's name, SSN, and birthday are frequently used and given to others to verify the person's identity. The second problem is a person's name, SSN, and birthday are permanently associated with the individual. Individuals use this information to get employment, apply for a credit card, obtain a mortgage, buy a mobile phone, get healthcare, and perform numerous other transactions. A person's SSN and birthday are usually stored by businesses electronically in databases or on physical paper documents which can be viewed by many individuals within a business. Once a person supplies a SSN and birthday they lose control of how that information will be used and who will view that information. Sometimes business computer systems and databases get hacked into allowing the hacker access to the person's personal identity information. Sometimes the SSN and birthday are transmitted to businesses and others electronically via the Internet. The Internet is an unsecured network, so information not properly encrypted can be viewed by others on the Internet. There are various ways an impersonator or identity thief can obtain a person's SSN or birthday. The thief can obtain this information by looking at business records, viewing unencrypted messages with this information, or other types of fraud.
Once a thief has someone's SSN and birthday, the thief can use that information anytime during the lifetime of the person because of the permanence of SSN and birthday and its association with the person. The SSN and birthday have been reliable indicators of a person's existence but their widespread use by both the person and identity theft impersonators has made them of little use in authenticating the identity of person using the information.