It may sound like the plotline of a hackneyed Hollywood thriller, but hundreds of thousands of Americans may have already been victims of identity theft. Last year alone, the Federal Trade Commission logged more than 85,000 complaints from people whose identities had been pirated. That may only be the tip of the iceberg; some consumer advocates suggest as many as 750,000 identities are stolen each year.
What, exactly, is identity theft? How does it happen? And how can you protect yourself against this growing trend? TIME.com spoke with Ted Claypoole, a technology lawyer concentrating in financial services and security at the firm of Womble Carlyle Sandridge and Rice in Charlotte, North Carolina.
TIME.com: You don't seem particularly shocked by these figures.
Ted Claypoole: No, I'm not. It's actually frighteningly easy to steal someone's identity in this day and age. And the key is in the numbers that have come to identify all of us.
Your online identity consists of numbers and other information that describes you — it's not really you, of course, but to anyone online it is you. In other words, if someone can use your social security number, which is really the key to identity theft, and find your financial information, like a bank account number or credit card number, they can begin to build an identity of someone online who has a lot of your characteristics.
So what pieces of information are particularly key to identity?
There are three basic ways to authenticate oneself: One is something you know. Two is something you have. Three is something you are.
Something you know is easy: it's a password, a personal identification number that no one else should have. Something you have is an ATM card or an ID card at work. Something you are can be your handwriting, your fingerprint or your DNA sample, depending on how detailed you want to get. Some very advanced systems use GPS to pinpoint where you are, but that's a different level of technology.
Anyone who understands identity theft knows these things — so if they can get hold of this information, they can fake your identity.
Many people are particularly concerned about using credit cards to make online purchases. Is it safer to use credit cards in person than online?
I don't see a bigger problem with using a credit card online than using it offline. It's just as big a risk to make a credit card transaction at a restaurant as it is to make a transaction on a trusted web site.
What's the motive behind identity theft? I can imagine people wanting to steal money, but beyond that I'm at a loss.
You're right, the purpose is generally to steal money, or account information, or credit, or someone's good name.
Another reason people steal identities is to mask their participation in a crime. The more convincingly a criminal can establish he is someone else, the more likely it is the authorities won't come after that criminal.
Okay. Now for the important information. What can any of us do to shield ourselves from identity theft?
There are things that are standard, generally accepted methods of keeping information secure that lots of people don't follow.
Some people are going to read this and start worrying about shredding every piece of personal information that comes across their desk. How nervous should this threat make us?
There's no reason to be paranoid; there's just reason to be careful. If someone wants desperately to target you, they can probably get a lot of information about you — so you just need to minimize the criminal's opportunities to get that information. You can make yourself a harder target, and that's probably your best defense.