Truth 18 Being dead doesn’t protect you from identity theft
In April 2008, federal prosecutors charged a woman in California named Tracy Kirkland (with her 13 aliases) with 15 identity theft–related charges. Her attacks took place between October 2005 and March 2008. What makes this particular identity theft case unique is that all the victims were deceased.
What makes this particular identity theft case unique is that all the victims were deceased.
There have been cases in the past in which an identity thief has used the credentials of a deceased individual to create new credit cards, but this was different. You see, Ms. Kirkland found a new way to exploit an old trick already used by many identity thieves.
Have you ever called your financial institution and been asked to supply your mother’s maiden name to verify who you were? Odds are pretty good that you have. Now try and remember the last time that was the only question the bank asked you. Hopefully you will have to think pretty hard. That’s because numerous organizations learned the hard way that tracking down a person’s mother’s maiden name was not nearly as difficult as they thought.
Go to a Web search engine and type in the word genealogy, and you will be shocked to see how many sites are dedicated to helping people create a family tree. In most cases, you are required to set up an account and, while some are free, some sites do charge, though the payoff for an identity thief is worth the investment. Once your account is set up, simply submit any information you have and start searching. Obviously, the more information you have, the more narrow your search becomes. While there are no guarantees that you will find everything you are looking for, tracking down the past is easier than you might think.
As financial institutions started getting burned by identity thieves who were tracking down mother’s maiden names, they started requiring additional validation, such as the last four digits of a social security number (SSN), current address, branch location where you set up your account, and so on. Of course, a thief could gather all of this with some time and effort as well, but it has begun to make the process far more difficult for an identity thief to subvert.
Ms. Kirkland took things to a whole new level when she discovered a Web site, Rootsweb.com. The site offers access to the Social Security Administration’s death index listing, which is an up-to-date list of people who have passed away, their birthdates, and their SSNs. The Department of Commerce actually publishes this list on a monthly basis to help banks and credit agencies prevent identity thieves from opening new accounts using the names of people who have passed away.
While the idea of this list is logical, Ms. Kirkland realized that she didn’t need to go out and create new accounts with this information. Instead, she simply started taking over existing accounts of people who were deceased.
The attack was simple; Ms. Kirkland would go to this Web site and gather the information of deceased individuals, including their names, birthdates, SSNs, and zip codes. She would then use other search engines similar to zabasearch.com to track down the most recent known address for the victims.
Once Ms. Kirkland had gathered as much information as possible about the deceased, she would then start calling every credit card company she could think of. With each call, she would pose as the deceased, verifying if there was an open account with the organization. When she discovered a live account, she would request to put in a change of address. The new address that she provided would go back to one of several mail boxes that she rented.
Someone who has passed away could continue to have an open credit account for months or even years after his death.
During the two and a half years that Ms. Kirkland spent committing identity theft, she gained access to over 100 unique credit cards belonging to deceased individuals. This was accomplished because, while the Social Security Administration death index is used to help prevent would-be thieves from creating new credit, many organizations fail to cross-reference this list against their existing customer database on a monthly basis. This means that someone who has passed away could continue to have an open credit account for months or even years after his death.
Even if the deceased has friends or family members helping settle his affairs, it’s often not possible to accomplish everything quickly, and it is all too easy to miss an account altogether. Of course, this is exactly what Ms. Kirkland spent her time tracking down and exploiting.
The best thing that you can do if you are responsible for putting a person’s affairs in order is to request a credit report from each of the three reporting agencies. (See Part IX of this book, “The Truth About Putting a Stop to Identity Theft,” for more details.) Then go through them and systematically contact each creditor listed. Doing so should go a long way toward ensuring that you get every account closed.
The following checklist should help to make sure you cover all the basics to prevent the deceased from becoming identity theft victims.
Notify the post office.
Review credit reports at least six months after the deceased has passed and make sure no new items have shown up.
Notify insurance companies (car, medical, home, and so on).
Notify the landlord if the deceased rented.
Notify pension providers and life insurance companies.
Close all bank, credit union, and other financial institution accounts.
Notify the mortgage provider.
Notify loan companies.
Close credit card and store cards.
Notify utility companies if accounts were in the deceased’s name.
Notify the passport agency and cancel the deceased’s passport.
Notify all additional creditors.