Korene's Blog

Thieves Robbing The ID of The Dead

April 23rd, 2012 10:09 AM by Korene L Clopine-Seaman

ID thieves robbing the grave; 2.5 million dead hit annually

Ruthless ID thieves are robbing identities even from the grave, a new study has found.

Nearly 2.5 million dead people are victims of identity theft every year, according to a data analysis by fraud prevention firm ID Analytics being made public Monday.

The study offers the first hard data about a little-understood aspect of ID theft that can cause unnecessary pain and suffering to family members already dealing with loss.

ID Analytics works with dozens of credit-granting companies, such as banks and cellphone providers, to find common patterns among fraudsters as they fill out credit applications. The firm has unique insight intro fraud trends, as it screens more than 1 billion such applications annually. For this study, it considered 100 million applications filed during the first three months of 2011 and compared Social Security numbers and other information in those applications against the Social Security Administration's Death Master File, which tracks the identities of people after they die.

Stephen Coggeshall, chief technology officer at ID Analytics, recently crunched those numbers to look for evidence that criminals were exploiting SSNs attached to the deceased. The results showed a wide-scale problem, much larger than previously believed.

Roughly 800,000 deceased Americans are deliberately targeted by criminals each year, the study claims.

In those cases, an imposter armed with a deceased person's SSN, name and birthday tries to fully assume the dead person's identity.

ID Analytics has no information about whether or not the attempts were successful, Coggeshall said — only that the personal information was used on an application during a fraud attempt.

Meanwhile, SSNs attached to 1.6 million more dead adults find their way onto thieves' fraudulent applications through random selection, he said. Many criminals simply guess at SSNs when filling out fraud applications and accidentally use one that's already been issued to someone who's now dead. ID Analytics calls them

"identity manipulators" who make arbitrary variations on their own personal information to avoid fraud detection tools and randomly pick an SSN associated with a deceased person.

"This study brings to light a significant problem, as we see fraudsters intentionally using identities of the deceased at the rate of more than 2,000 per day," Coggeshall said.

Imposters who exploit the dead are after the same things that all ID thieves crave: theft of cellphone service or the ability to open up new credit cards or take out loans, Coggeshall said.

There are obvious advantages for criminals when using a dead person's personal information. If the fraud is initially successful, because the normal channel for discovery — a consumer who notices unauthorized charges or accounts on his or her credit history — doesn't exist. Family members or others disposing of an estate can discover the fraud through the arrival of unexpected bills, but the usual hurdles for recovering from such fraud are even higher when a third party must call and ask for corrections.

Fighting ID theft of the dead should be easier than most other forms of identity fraud. The Social Security Administration frequently updates the Death Master File, which now contains about 40 million SSNs. Firms that issue credit should routinely check their applications against this simple list; several inexpensive products offer this service, and the file is available in several forms online (there's even an app). But clearly, that kind of screening isn't happening, Coggeshall said. Otherwise, criminals wouldn't be trying to exploit the dead so frequently.

Ironically, if companies don't check SSNs against the Death Master File, it becomes a great source for criminals to obtain identities and SSNs to be exploited.

"We have no sense of where criminals are getting the numbers, but a certain portion of them probably are coming from public sources, like the Death Master File," Coggeshall said.

The study also hinted that seriously ill people are being targeted by criminals. There were 2 million cases of SSNs' being used in credit applications, with the SSN holder dying within the next two months.

"Certainly a good deal of this is not suspicious, but some fraction of these applications may be the misuse of the identities of the dying," Coggeshall said.


Family members already dealing with a tragedy have plenty to worry about, but identity theft of the dead is a reality they must consider, he said.

"While this is clearly a problem for businesses, surviving family members can also be the victims of this identity fraud as they are left to manage the estates of their deceased loved ones," Coggeshall said. "It's important for people to monitor their deceased family members' identities for at least one year."

It's possible for a third party, such as a spouse, to get a credit report for a deceased person, but it's not trivial. The bureaus will want a death certificate as proof the individual has died, and they'll want some evidence that the requester has a right to see the information — such as a marriage license or an order showing he or she is an executor of the estate. That person can request that a "deceased — do not issue credit" notation be placed on the report, but certain hiccups can occur. If a credit account, such as a loan, is in both spouses' names, a "deceased" flag can occasionally cause confusion.

A deceased person's credit report isn't deleted from bureau files immediately to safeguard against identity theft in case the deceased's identifying information is stolen. Once the death is reported, lenders can stop new credit from being issued and help prevent fraud. The simplest way to notify the three major credit bureaus of someone's death and request that a "deceased -- do not issue credit" flag be placed on the credit file is to use snail mail, certified with a return receipt requested, to make your request to the bureaus. Be sure to keep copies of everything you send, and record the date sent and the date a reply is received just in case a follow-up request is necessary.

You will need to include in the communication:

Copies of papers proving you are the executor or spouse.
A certified copy of the death certificate (one with a raised stamp).
Full name of the deceased person.
Date of birth of deceased.
Social Security number of deceased.
Most recent address of deceased.
Date of deceased's death.
Request that a "deceased -- do not issue credit" flag be placed on the credit file due to death.
If you are the spouse or executor of the deceased, you can ask for a copy of the decedent's credit report, so you'll have an accurate picture of his or her outstanding accounts. You can find a sample of a letter request at the Identity Theft Resource Center.

Mail the letter and supporting documentation certified mail, return receipt requested to:

P.O. Box 150139
Atlanta, GA 30348

P.O. Box 9701
Allen, TX 75013

P.O. Box 6790
Fullerton, CA 92834

The deceased alert will effectively freeze the credit file, so a security freeze should not be necessary. The Social Security Administration does notify the credit bureaus of persons who have died, but it can take months for the information to reach the bureaus, so it's probably better to go ahead and make the notification directly.

I would also recommend that you contact any creditors of the deceased and notify them of the death and to close the account(s) when appropriate. Be cautious about closing any accounts that may be jointly held and reported. Closing joint accounts could have a negative impact on the survivor's credit by reducing the types of credit in use and by increasing the debt-to-credit ratio of any accounts on which money is still owed. Before closing accounts, think about which you may want to keep and use to retain a strong active credit history and access to credit. The creditors will report the updated account information to the credit bureaus. Accounts that have been identified with a deceased notation will be deleted after one year, so eventually all accounts will drop from the report and the credit file will not exist.

After you have sent the notification letters to the credit bureaus and have received your certified mail receipt that they were delivered, I would wait a couple of weeks and then obtain copies of the credit reports from all three bureaus. This will give you an opportunity to check that a freeze is in place and also to review for any suspicious activity that might be related to identity theft.

Be sure to send your notices certified, return receipt for best results and best handling.

Posted in:General
Posted by Korene L Clopine-Seaman on April 23rd, 2012 10:09 AM