International In March 2014, after it was learned two passengers with stolen passports were on board
Malaysia Airlines Flight 370, which went missing on 8 March 2014. It came to light that
Interpol maintains a database of 40 million lost and stolen travel documents from 157 countries, which Interpol makes available to governments and the public, including airlines and hotels. The Stolen and Lost Travel Documents (SLTD) database, however, is rarely used.
Big News Network (which is based in the
UAE) reported that Interpol Secretary-General
Ronald K. Noble told a forum in
Abu Dhabi in the previous month, "The bad news is that, despite being incredibly cost-effective and deployable to virtually anywhere in the world, only a handful of countries are systematically using SLTD to screen travelers. The result is a major gap in our global security apparatus that is left vulnerable to exploitation by criminals and terrorists."
Australia In
Australia, each state has enacted laws that deal with different aspects of identity or fraud issues. Some states have now amended relevant criminal laws to reflect crimes of identity theft, such as the Criminal Law Consolidation Act 1935 (SA), Crimes Amendment (Fraud, Identity and Forgery Offences) Act 2009, and also in Queensland under the Criminal Code 1899 (QLD). Other states and territories are in states of development in respect of regulatory frameworks relating to identity theft such as Western Australia in respect of the Criminal Code Amendment (Identity Crime) Bill 2009. At the Commonwealth level, under the
Criminal Code Amendment (Theft, Fraud, Bribery & Related Offences) Act 2000 which amended certain provisions within the
Criminal Code Act 1995, Between 2014 and 2015 in Australia, there were 133,921 fraud and deception offences, an increase of 6% from previous year. The total cost reported by the Attorney General Department was: There are also high indirect costs associated as a direct result of an incident. For example, the total indirect costs for police recorded fraud is $5,774,081.
Hong Kong Under HK Laws. Chap 210
Theft Ordinance, sec. 16A Fraud: The
Personal Data (Privacy) Ordinance (PDPO) regulates the collection, use and retention of personal information in Hong Kong. It also provides citizens the right to request information held by businesses and the government to the extent provided by this law. The PDPO establishes the
Office of the Privacy Commissioner for Personal Data which enforces the law and advises on the use of personal data.
India Under the Information Technology Act 2000 Chapter IX Sec 66C:
Philippines Social networking sites are one of the most famous spreaders of
posers in the online community, giving the users the freedom to post any information they want without any verification that the account is being used by the real person. The Philippines, which ranks eighth in the numbers of users of
Facebook and other social networking sites (such as
Twitter,
Multiply and
Tumblr), has been known as a source of various identity theft problems. Identities of people who carelessly put personal information on their profiles can easily be stolen just by simple browsing. Some people meet online, get to know each other through Facebook chat, and exchange messages that share private information. Others get romantically involved with online friends and end up sharing too much information (such as their social security number, bank account, home address, and company address). This phenomenon leads to the creation of the
Cybercrime Prevention Act of 2012 (Republic Act No. 10175). Section 2 of this act states that it recognizes the importance of
communication and
multimedia for the development, exploitation, and dissemination of information, but violators will be punished by the law through imprisonment or a fine upwards of ₱200,000, but not exceeding ₱1,000,000, or (depending on the damage caused) both.
Sweden Sweden has had relatively few problems with identity theft because only Swedish
identity documents were accepted for identity verification. Stolen documents are traceable by banks and certain other institutions. Banks are required to check the identity of anyone withdrawing money or getting loans. If a bank gives money to someone using an identity document that has been reported as stolen, the bank must take this loss. Since 2008, any EU passport is valid in Sweden for identity verification, and Swedish passports are valid all over the EU. This makes it harder to detect stolen documents, but banks in Sweden still must ensure that stolen documents are not accepted. Other types of identity theft have become more common in Sweden. One common example is ordering a credit card to someone who has an unlocked letterbox and is not home during the daytime. The thief steals the letter with the credit card and the letter with the code, which typically arrives a few days later. Usage of a stolen credit card is difficult in Sweden since an identity document or a PIN code is normally demanded. If a shop does not demand either, it must take the loss from accepting a stolen credit card. The practice of observing someone using their credit card's PIN code, stealing the credit card, or
skimming it, and then using the credit card has become more common. Legally, Sweden is an open society.
The Principle of Public Access states that all information (e.g. addresses, incomes, taxes) kept by public authorities must be available for anyone, except in certain cases (for example, the addresses of people who need to hide are restricted). This makes fraud easier. Until 2016, there were no laws that specifically prohibited using someone's identity. Instead, there were only laws regarding any indirect damages caused. Impersonating anyone else for financial gain is a
type of fraud in the
Criminal Code (). Impersonating anyone else to discredit them by hacking into their social media accounts and provoke is considered
libel. However, it is difficult to convict someone of committing this crime. In late 2016, a new law was introduced which partially banned undetermined identity usage.
United Kingdom In the United Kingdom, personal data is protected by the
Data Protection Act 1998. The Act covers all personal data which an organization may hold, including names, birthday and anniversary dates, addresses, and telephone numbers. Under
English law (which extends to
Wales but not to
Northern Ireland or
Scotland), the
deception offences under the
Theft Act 1968 increasingly contend with identity theft situations. In
R v Seward (2005) EWCA Crim 1941, the defendant was acting as the "frontman" in the use of stolen credit cards and other documents to obtain goods. He obtained goods to the value of £10,000 for others who are unlikely ever to be identified. The Court of Appeal considered a sentencing policy for deception offenses involving "identity theft" and concluded that a prison sentence was required. Henriques J. said at para 14: "Identity fraud is a particularly pernicious and prevalent form of dishonesty calling for, in our judgment, deterrent sentences."
Cifas, a fraud prevention nonprofit in the UK, said there were 421,000 cases of fraud reported in the UK in 2024, with 59% of cases related to identity fraud.
United States The increase in crimes of identity theft led to the drafting of the Identity Theft and Assumption Deterrence Act. In 1998, The Federal Trade Commission appeared before the United States Senate. The Act also provides the
Federal Trade Commission with authority to track the number of incidents and the dollar value of losses. Their figures relate mainly to consumer financial crimes and not the broader range of all identification-based crimes. If charges are brought by state or local law enforcement agencies, different penalties apply to depend on the state. Six Federal agencies conducted a joint task force to increase the ability to detect identity theft. Their joint recommendation on "red flag" guidelines is a set of requirements on financial institutions and other entities which furnish credit data to credit reporting services to develop written plans for detecting identity theft. The FTC has determined that most medical practices are considered creditors and are subject to requirements to develop a plan to prevent and respond to patient identity theft. These plans must be adopted by each organization's board of directors and monitored by senior executives. Identity theft complaints as a percentage of all fraud complaints decreased from 2004 to 2006. The Federal Trade Commission reported that fraud complaints in general were growing faster than ID theft complaints. The commission's 2003 estimate was that identity theft accounted for some $52.6 billion of losses in the preceding year alone and affected more than 9.91 million Americans; the figure comprises $47.6 billion lost by businesses and $5 billion lost by consumers. According to the
U.S. Bureau of Justice Statistics, in 2010, 7% of US households experienced identity theft - up from 5.5% in 2005 when the figures were first assembled, but broadly flat since 2007. In 2012, approximately 16.6 million persons, or 7% of all U.S. residents age 16 or older, reported being victims of one or more incidents of identity theft. At least two states,
California and
Wisconsin have created an Office of Privacy Protection to assist their citizens in avoiding and recovering from identity theft. In 2009, Indiana created an Identity Theft Unit within their Office of Attorney General to educate and assist consumers in avoiding and recovering from identity theft as well as assist law enforcement in investigating and prosecuting identity theft crimes. In Massachusetts in 2009–2010, Governor
Deval Patrick committed to balancing consumer protection with the needs of small business owners. His Office of Consumer Affairs and Business Regulation announced certain adjustments to Massachusetts' identity theft regulations that maintain protections and also allow flexibility in compliance. These updated regulations went into effect on 1 March 2010. The regulations are clear that their approach to data security is a risk-based approach important to small businesses and might not handle a lot of personal information about customers. The
IRS has created the IRS Identity Protection Specialized Unit to help taxpayers' who are victims of federal tax-related identity theft. Generally, the identity thief will use a stolen SSN to file a forged tax return and attempt to get a fraudulent refund early in the filing season. A taxpayer will need to fill out Form 14039,
Identity Theft Affidavit. As for the future of medical care and Medicaid, people are mostly concerned about
cloud computing. The addition of using cloud information within the United States medicare system would institute easily accessible health information for individuals, but that also makes it easier for identity theft. Currently, new technology is being produced to help encrypt and protect files, which will create a smooth transition to cloud technology in the healthcare system.
Notification All 50 states have enacted mandatory
data breach notification laws. As a result, companies that report a data breach typically report it to all their customers. == Spread and impact ==