Don't Allow Crooks to "Ghost" Your Loved Ones


Courtney Babin
ACFE Communications Coordinator

It’s almost All Hallows’ Eve. Your pumpkins have been carved, decorations displayed and candy has been purchased for neighborhood trick-or-treaters. Whether you’re passing out candy, dressing up or people-watching at a local pub, you will be sure to encounter a few authentic costumes. You could almost do a scavenger hunt of sorts: find a vampire, ghost and zombie. Not only do these characters have Halloween in common, they also can be categorized as the living dead.

Much like a vampire, ghost or zombie in a movie, fraud can be rampant and unforgiving. Fraud preys on anyone, even the dead. According to the Identity Theft Resource Center (ITRC), identity thieves can obtain information about deceased individuals in various ways such as obituaries, death certificates and websites that offer the Social Security Death Index. This abuse of a deceased individual’s identity is referred to as “ghosting.” The University of Texas’ Center for Identity estimates that “approximately 2.5 million identities are stolen each year from deceased victims.”

Ghosting occurs partly because accounts in a deceased individual’s name will remain active until the financial institution is made aware that the customer has passed. According to the ITRC this is because it takes time for the Social Security Administration to transmit the Death Master File to the financial industry. Also, the Death Master File is not always accurate since it is based on information provided by consumers and governmental agencies.

With identity thieves lurking, here are some steps to protect your deceased loved one’s identity so that its “ghost” does not haunt your family:

  • The IRS recommends that families “avoid putting too much information in an obituary, such as birth date, address, mother’s maiden name or other personally identifying information that could be useful to thieves.” Be aware that identity thieves do scan obituaries in newspapers. Leave out any information that could relate to applying for a credit card or opening a bank account.
  • If there is a surviving spouse or other joint account holders, the ITRC notes for them to “immediately notify relevant credit card companies, banks, stock brokers, loan/lien holders and mortgage companies of the death.
  • The ITRC also recommends contacting all credit reporting agencies, credit issuers, collection agencies and other financial institutions that need to know of the death. There might be different mandatory procedures for each agency. Here is information that the ITRC says to include in all letters  to these agencies:
    • Name and SSN of the deceased
    • Last known address and last five years of addresses
    • Date of birth
    • Date of death

Send all mail as certified mail and request the return receipt. Also keep any correspondences, noting the date sent and any responses you receive. Request a credit report as well. This report will tell you of any accounts with which you need to follow through. Once you receive the credit report, ask that it is flagged as “Deceased.”

Whether this information is helpful now or in the future, make sure that your family is protected from criminals whose only intent is to resurrect your loved one’s identity for their profit.

How We Innocently Give Away Our Data


Zach Capers, CFE
ACFE Research Specialist

Recently, I attended the ID360 conference in Austin, which was presented by the University of Texas at Austin’s Center for Identity. The theme of the conference was “The Identity Economy” with speakers focusing on such topics as personal identity management, social media and online security. The discussions of these interrelated topics made me consider the ways I leverage my own identity in the emerging identity economy, and — more concerning — how my identity is used by others.

Identity is now a form of currency, and the consequences of this development are unfolding in interesting and often unpredictable ways. As a music lover living in Austin, I have noticed during the past few years how the identity economy is developing in the realm of live music and event ticketing. For example, during the recent South by Southwest (SXSW) festival, I found myself shamelessly tweeting about the Mazda car company for a chance to win passes to an event I wanted to attend. Despite how obnoxious my shilling must have seemed to others on my Twitter feed, I felt it was worth it, particularly because I ended up winning the passes.

The identity economy was apparent in other aspects of SXSW as well. This year, an increasing number of events required that prospective attendees register through their Facebook accounts. This meant that attendees had to open their Facebook pages to applications that often collect and share personal information for marketing and other purposes. I found this too much to bear, so I avoided events that required compromising my Facebook account; however, countless other festival-goers likely did so without questioning the practice of providing access to their personal information in exchange for access to an event.

Another facet of the identity economy is the phenomenon of developing a user reputation to enhance standing within a particular user base. For example, the ticketing firm 1iota provides free tickets to television shows and concerts based largely on reputation. If you sign up for an event, win tickets and subsequently follow through with attending the event, your chances of winning tickets to the next show increase. Conversely, if you win tickets and fail to attend the show, your chances of receiving tickets in the future plummet. The idea is that those who build a strong reputation on the site tend to be more enthusiastic and dependable fans whom organizers prefer to have at their events. Reputation systems have been in use for many years with websites such as eBay and LinkedIn, and they will only increase in number and variety going forward.

At last month’s Coachella music festival in Indio, California, the identity economy was also in full swing. All ticket buyers were required to wear a wristband containing a registered radio-frequency identification (RFID) chip, and all wristbands had to be activated with the individual’s personal information, with the option to connect the wristband to a Facebook or Spotify account. No doubt much of this information was collected for demographic research and subsequent marketing efforts. However, the RFID technology was also used to streamline entry, reduce fraud in the secondary market and track the movement of individuals inside the festival grounds to maximize logistical efficiency. Another result is that individuals can no longer attend America’s most popular and profitable music festival anonymously.

While many of these uses of identity might seem relatively innocuous, we must always question how much of our identity we are willing to trade for convenience. Our evolving — or devolving — concepts of privacy and identity are fundamentally changing not only commerce, but also the strategies through which companies and criminals exploit our personal information for profit. At the ID360 conference, the University of Texas announced a Master of Science in Identity Management and Security degree program; the first of its kind in the nation. Perhaps a new generation of identity experts will help guide us through the burgeoning convergence of our identities and the economy.

Top Fraud Predictions for 2015: Technology will shape the fight


Scott Patterson, CFE
ACFE Senior Media Relations Specialist

Technology will give fraudsters an edge in 2015, but it will also provide new tools for organizations and investigators. Three of our experts weighed in on digital currencies, information security and other issues that will help shape the effort to prevent and detect fraud in the new year:

  • Technology will increase the sophistication of fraud schemes. This is an existing trend that will accelerate in 2015, according to ACFE Regent Gerard Zack, CFE, Managing Director – Global Forensics for BDO Consulting. “More and more we are reacting to reports of fraud with, ‘how did they do that?’” Zack said. “It’s a reflection of schemes becoming more complex and capitalizing on technology, including some of the new technology deployed by companies in the interest of improving efficiency. While simple frauds still exist, we are seeing a distinct proliferation of more complex fraud schemes.”
  • But technology (like data analytics) will also help catch tomorrow’s frauds. Zack is quick to note that for fraudsters, technology is a double-edged sword – as it will also be leveraged by the professionals trying to catch them. “There will be more breakthroughs in the use of technology to detect fraud – particularly in the use of visual analytics and also in the use of tools to mine unstructured data.”
  • Improving information security will be a major priority. More massive data breaches, like the ones that have stricken Home Depot, Target Corp. and other large retailers over the past two years, are likely to occur in 2015, according to ACFE Vice President and Program Director Bruce Dorris, J.D., CFE. “These breaches have exposed widespread vulnerabilities among organizations that store and maintain personal information, putting millions of individuals at risk,” Dorris said. “Considering that storage of data continues to grow at an exponential pace, more trouble lay ahead – and there is an increasing need for information security and protecting against data breaches.”
  • Digital currencies will shake up fraud risks for retailers and consumers. An increased acceptance of bitcoin and other digital currencies among merchants will signal a shift in fraud risk, according to Jacob Parks, J.D., CFE, Associate General Counsel at the ACFE. “Vendors/sellers face reduced fraud risks from ‘friendly fraud,’ where customers fraudulently cancel credit card or bank payments after receiving an item,” Parks said. “Digital currency transactions are generally permanent, which makes this scheme untenable. However, consumers face an increased risk of fraud by dishonest sellers, since the transaction is often not insured or protected by an agreement with a financial institution. Additionally, consumers using digital currencies have a reduced identity theft risk because the transactional data stored by the seller cannot be used by malicious parties to charge the customer (this also means vendors have a reduced risk of data breaches involving these customers).”
  • With protections for whistleblowers increasing, more people will step forward to report fraud. Dorris said that a decade ago, few countries had whistleblower protections. However, increased awareness about the harm caused by major frauds at organizations has led to legislators looking to whistleblowers to prevent or mitigate such crimes. “France, South Africa, South Korea, Australia and other countries have all taken substantial reforms to protect whistleblowers, particularly those who identify crimes in the public sector,” Dorris said. “U.S. policy has moved beyond simply protecting whistleblowers; it now has several programs that financially incentivize whistleblowing regarding bribery, tax evasion and corporate accounting fraud. The programs are largely still in the beginning stages, but have already had major payouts.”

With a new year also comes new threats. But, as many anti-fraud professionals know, just as the fraudsters think of new techniques to wreak havoc, the fraud fighters standing on the other side are armed and ready to prevent and detect it. 

Want more? Visit to find two more fraud predictions for 2015.

Are We Losing the War on Identity Theft?


Steve Lappenbusch, Ph.D.
Tax and Revenue Strategic Market Planner, LexisNexis Risk Solutions

An identity is stolen every three seconds – adding up to about 27,000 per day. In 2012, more than 12 million Americans were victims of identity theft. Furthermore, there have been a record number of security data breaches in recent years that have exposed more than 822 million records, compromising individuals’ personal information such as name, Social Security number (SSN) or bank account. The likelihood that at some point in our lives  each of us will fall victim to a data breach or identity theft is alarmingly high.

Identity theft has become an epidemic for government agencies as well. No sector of government is immune for the simple reason that the government cannot possibly know all there is to know about a person’s identity footprint. This is advantageous to identity thieves. who take advantage of the vast quantities of confidential personal data that is transmitted online. They are using this information against us – and, sadly, they are winning.

There are three critically important factors that LexisNexis has learned that can help government stop the current epidemic of identity fraud. All three things challenge current assumptions in every government system:

  1. Everyone’s identity has already been compromised. 
  2. Government programs cannot possibly know all there is to know about a person’s identity. Identities are always bigger than the government.
  3. To assess an identity for risk, you have to understand identity risk outside government data.

Simply put, we are losing the war on identity theft. Our identities are freely available for pennies a piece on the Internet. It is time to defend ourselves against a crime where the fraud weapons used against us are our own identities. This is a fundamental change in the assumption around identities in government systems. Self-reported data must all be suspected, as most, if not all, identities have been compromised over time. Once the identity is assumed to be stolen, a new approach in identity risk analysis must be used.

Proceeding from the new, data-driven assumption that all identities are already stolen enables the government to think outside the traditional box of identity protection and begin thinking in terms of risk – identity risk. Specifically, how do tax agencies control the risk of all those stolen and synthesized identities hitting their tax systems – tax systems never originally designed for a world where you could not depend on the identity presented?

So, what is the answer? An approach that embraces identity risk analysis, rather than data matching, has proven effective at the state level. Primarily this means analyzing input tax identities against identity information far outside the tax system, or any government system, and against analytics derived from decades of identity risk expertise. 

Avoiding costly identity risks requires reconsidering what an identity really is, carefully cataloging and mapping your identities, and leveraging a unique combination of expertise, patented identity integration technology and a massive, unmatched, nationwide repository of identities going back more than 40 years. This allows you to take into account the complex, dynamic and rapidly changing nature of tax filer identities. It can also solve both owned and matched identity risks simultaneously by allowing identity integration. 

To learn more about identity challenges and risks facing the government today and solutions to help resolve these issues, visit