1. Field of the Invention
The invention pertains to electronic systems that may be used to verify the identity of a person. More particularly, a module or subcomponent of the electronic systems may be used for this purpose, to facilitate or enhance an overall system functionality.
2. Description of the Related Art
Identity theft is the fastest growing crime according to a recent Federal Trade Commission (FTC) report, Federal Trade Commission Identity Theft Report. The cost of this crime in the United States alone totaled over 50 billion dollars during 2003. Businesses and financial institutions lost approximately 47 billion dollars, and individual victims lost an additional 5 billion dollars over the course of that year. Almost ten million individuals in the United States were victims of such theft. These losses are exacerbated by the additional loss of more than 297 million personal hours, which were also spent by individuals who were affected by the consequences of such fraud. As high as those numbers may seem, it is estimated that a large percentage of identity theft goes unreported to the FTC. The true total losses may be even higher than the reported values. This crime may be perpetrated using relatively low-technology means, and offers the offender a high-payoff with a low chance of being caught and prosecuted. If the current trends remain unchecked, the costs of this increasingly organized crime will escalate about 300% annually. Identity theft occurs when a criminal obtains personal data in the name of the identity victim, and uses that information to obtain credit, merchandise, and services. The personal data is most often social security numbers and drivers' license numbers.
Businesses and financial institutions typically shoulder the financial burden of this crime. Though these losses have for years been considered part of the “price of doing business”, the growing rate of identity theft is pushing the costs of shouldering this burden too high for these businesses to sustain. In the year covered in the FTC report, businesses and financial institutions lost an average of $4,800 per victim, or about 47.6 billion dollars. This amount does not account for costs associated with fighting this crime, including for some institutions the sustenance of entire operating departments.
Identity theft has affected approximately 4.6% of the United States population in the past year, or about 9.91 million people. About 12.7% of the population has discovered they have been victims within the last five years. Even more people have heard of and are worried about identity theft. The crime produces an aftermath that is frustrating, time consuming, costly, and a major contributor to psychological and personal damage. This is why the financial aspect of the crime is not generally perceived as the worst issue confronting victims. About 21% of the victims report continuing problems from the theft. Statistically, 20% of victims report having trouble obtaining or using credit cards as a result of being affected by identity theft. Twenty percent report being harassed by a debt collector. Eighteen percent report being turned down for a loan. Thirteen percent have had other banking problems, such as being turned down for new accounts or having checks rejected.
The FTC report categorizes the different types of identity theft. The two main categories are new accounts opened by identity thieves, and misuse of existing accounts. A third category is misuse of the stolen identity in non-financial ways.
Although the opening of new accounts is not the most common form of identity theft, with 17% or 3.23 million victims, this manner of theft is the most costly category for victims, businesses, and financial institutions. At an average of $10,200 per victim loss to businesses and financial institutions, this type of fraud cost a total of 32.9 billion dollars. Out-of-pocket expenses for individuals victimized by identity theft averaged $1180 and 60 hours spent resolving various problems. Total victim costs reached 3.8 billion dollars and 194 million hours.
The most common type of new account fraud by identity thieves is the opening of credit card accounts. Almost 800,000 people are estimated to have had credit cards opened fraudulently in their names. Table 1 shows the relative frequency of new account abuse.
TABLE 1Relative frequency of new account abuseType of AbusePercent Of all IdentityBy Account TypeTheft VictimsCredit Cards8%Loans5%Telephone Service5%Checking/Savings3%Internet2%Insurance1%Other Accounts1%
Misuse of existing accounts is by far the most common form of identity fraud, affecting about 85% or 6.68 million of the individual victims. However, the costs on a per victim basis are less. Costs average $2,100 per victim, and this represents a $14 billion total loss to businesses and financial institutions. Costs to individuals average $160 out-of-pocket and 15 hours spent resolving problems, for a total of $1.1 billion and 100 million hours lost. The largest percentage of this type of abuse by far is the misuse of existing credit cards, accounting for over three-quarters, or 2.4%, of the 3.1% of the U.S. population that has been so victimized. Table 2 shows the relative frequency of existing account abuse.
TABLE 2Relative frequency of existing account abuseType of AbusePercent Of all Identity TheftBy Account TypeVictimsCredit Cards67%Checking/Savings19%Telephone Service9%Internet3%Insurance2%
About 1.5 million people, or 15% of all identity victims, report their information being used in other non-financial ways:                4% of victims report that thieves have used their information as identification after being caught committing a crime;        3% of thieves use the information to obtain government documents, such as driver's licenses or social security cards;        2% of thieves use the information to rent housing;        2% of thieves use the information to receive medical care;        2% of thieves use the information for employment;        2% of thieves use the information to file false tax returns in the victim's name; and        7% of victims report other misuse.        
Table 3 provides a breakdown of the costs that associated with identity theft by various victim categories and types of abuse.
TABLE 3Identity theft cost breakdownMisuse of ExistingNew Accounts OpenedAccountsAll ID TheftVictims in YearPercent of Population1.5%Credit Card 2.4%4.6%Non Credit Card 0.7%Total Number3.23 million6.68 million9.91 millionBusiness & FinancialInstitutions LossAverage per Incident$10,200$2,100$4,800Total$32.9 billion$14.0 billion$47.6 billionVictims direct expensesAverage per Victim$1,180$160$500Total$3.8 billion$1.1 billion$5.0 billionAverage Hours Spent60 hours15 hours30 hoursTotal164 million hours100 million hours297 million hours
The problem is severe, but some countermeasures do exist. One remedy is for people to frequently check or monitor their credit reports. An individual may make direct requests to the credit agencies or through one of many services, and thereby obtain a copy of their credit report to monitor suspicious activities or accounts. It is also possible for an individual to place a “fraud alert” on his or her credit report. Once an alert is placed, financial institutions are prevented from opening accounts without first mailing confirmations to the address on the credit report to confirm or authorize the opening of the new account.
Banks have begun advertising similar services in a variety of areas. Accounts may be monitored for unusual activity. For example, a lending institution or credit card agency may monitor existing accounts for unusual spending activity. Once activity is detected, the bank may hold transactions until they can contact their customer. Individuals should also monitor their account statements. By paying close attention to credit card and bank statements, unauthorized use is more quickly detected. Preventative measures may include placing a photograph of the account holder on credit cards, and the shredding of personal documents and mail that contain personal-identifying information.
The measures discussed above are primarily reactive monitoring measures, and they do not equate to being protected. Of new account fraud victims, 17% were already aware that their information had been taken. At least 8% of existing “credit card only” fraud victims, and 9% of other existing account fraud victims, were also aware of the theft of their identity before discovering the extent of the fraud. Five percent of all victims stated that the abuse was still continuing. Two percent did not know for sure if it had stopped. The situation is worse for those victims that had four or more cases of abuse. For those people, 13% stated the abuse was continuing and another 4% did not know if it had stopped. Photographs on credit cards or bank accounts may protect that card or a customer's accounts at a specific bank, but they do not prevent a thief from opening accounts with other banks. While these reactive steps are important and can mitigate the expense of existing identity theft, in most cases they still do not prevent the initial theft from occurring.
Electronic systems may be equipped to combat identity theft; however, the magnitude of the problem shows that current implementations are largely ineffective measures. The systems that have been proposed and/or implemented fail for a number of reasons, but key issues include complexity, lack of standardization, and security risks that devolve from the transmission of sensitive information.
In one example, U.S. Pat. No. 6,879,966 issued to Lapsley et al. describes a system for tokenless biometric electronic transactions that are confirmed by a third party identifier. In this type of transaction, the payor inputs biometric data that is obtained from the payor's person. The biometric data may be fingerprints, hand prints, voice prints, retinal images, facial scans or handwriting samples. Lapsley '966 recognizes that information which is obtained from the payor's person may be checked against pre-confirmed data that is stored on a token, such as a magnetic swipe card or smart card. This creates a security risk, according to Lapsley et al., because either the comparison and verification process is not isolated from the hardware and software that is directly used by the payor who is attempting access, or because the user's financial data is stored directly on the token.
Examples of a biometric approach to system security are described in U.S. Pat. No. 4,821,118 to Lafreniere; U.S. Pat. No. 4,993,068 to Piosenka et al.; U.S. Pat. No. 4,995,086 to Lilley et al.; U.S. Pat. No. 5,054,089 to Uchida et al.; U.S. Pat. No. 5,095,194 to Barbanell; U.S. Pat. No. 5,109,427 to Yang; U.S. Pat. No. 5,109,428 to Igaki et al.; U.S. Pat. No. 5,144,680 to Kobayashi et al.; U.S. Pat. No. 5,146,102 to Higuchi et al.; U.S. Pat. No. 5,180,901 to Hiramatsu; U.S. Pat. No. 5,210,588 to Lee; U.S. Pat. No. 5,210,797 to Usui et al.; U.S. Pat. No. 5,222,152 to Fishbine et al.; U.S. Pat. No. 5,230,025 to Fishbine et al., U.S. Pat. No. 5,241,606 to Horie; U.S. Pat. No. 5,265,162 to Bush et al.; U.S. Pat. No. 5,321,242 to Heath, Jr.; U.S. Pat. No. 5,325,442 to Knapp; and U.S. Pat. No. 5,351,303 to Willmore. Due to the inherent risks of having this data available to a local electronic reading system, Lapsley et al. proposes to maintain the biometric verification data and financial data at a remote site that performs verification on the basis of data obtained from the payor's person. This scheme results in the transmission of financial account identifiers, which itself results in an additional security risk.