I’d like to spend the next 2 weeks discussing identity theft. Why? First, because it’s the fastest-growing crime in North America. Second, because we’re all vulnerable. If you don’t think it can happen to you, read the story of how the District Attorney of Harris County, Texas, who prosecutes dozens of identity theft cases each year, became a victim. Third, it’s relatively easy to make yourself an unappealing target for identity thieves. Although it’s nearly impossible to protect yourself completely from this pernicious crime, you can make it so hard to steal your identity (and hence your money) that most thieves will move on to an easier target. Although PGP products can help protect you in some very specific ways, that’s not why I’m writing these columns. As we’ll see, the main weapons in preventing identity theft are common sense and diligence.

As to the question of why identity theft is the fastest-growing crime in the U.S., let me quote the famous bank robber Willie Sutton, who’s credited with giving us the line, “It’s where the money is.” Back in the 1930s when Sutton was practicing his craft, banks were indeed where the money was, but no more. Besides being more lucrative, identity theft has the advantage of being a far safer crime to commit, and the likelihood of being caught is far lower.

There’s a common misperception that the Internet is the root cause of identity theft. The reality is that it’s far more common for a thief to initiate a successful identity theft through the technically unsophisticated approach of dumpster diving. In addition to dumpster diving, identity thieves frequently simply lift bank or credit card statements out of victim’s mailboxes between the time of delivery and retrieval. Both of these attacks are easily prevented by using two very simple pieces of hardware I recommend everyone have. The first is a locking mailbox. Although these are extremely common in large, multi-tenant buildings, they are still relatively uncommon for those of us living in stand-alone homes in the suburbs. I highly recommend them: they’re cheap, easy to install, and quite effective. The second piece of hardware I recommend everyone own and use is a simple shredder. They’re available at any office supply store, are extremely inexpensive, and utterly defeat the dumpster diver attack.

The other common type of offline attack typically starts with petty theft, when a crook either steals your wallet or laptop computer. The goal in this crime isn’t necessarily to steal your cash or to fence the computer. The goal is usually to get access to your credit card numbers or Social Security number (SSN). If you think the more valuable asset would be the credit cards, you’d be wrong. Credit card–issuing banks now have such sophisticated transaction screens that a crook can only really expect to gain $300–$400 dollars before one of the fraud screens is tripped and the bank starts calling to see if it’s really you executing the transactions.

If the crook can obtain your SSN, however, he’s had a very good day. Because this number is widely accepted as a unique identifier, the criminal can apply for other credit card and bank accounts in your name, execute multiple transactions for high dollar amounts, even answer the bank’s questions when they call, and no one is the wiser—until the bills go unpaid. At this point, the bank will contact you highlighting what’s been happening to your credit rating and then the real fun begins. You won’t be held liable for the transactions, but in our hyper-connected world, you can expect to spend 6–9 months unwinding the crime and correcting your credit report.

So, what can you do to prevent being victimized by this type of fraud? Unfortunately, there’s no single answer. First, if you carry personal financial data on your laptop, please, please encrypt your hard drive. If the data is encrypted, the laptop is essentially worthless to criminals. Second, you should definitely keep a list both at home and at work of the toll-free numbers for every financial institution with which you do business. If you lose your wallet or even one credit card, you’ll want to cancel it immediately. In a pinch, most banks can send you a replace card overnight. Third, never, ever carry anything that contains your SSN.

There are a few more things you can do to minimize the probability you’ll be personally victimized by offline identity theft. Be mindful of credit card billing cycles. If a bill doesn’t appear in the expected timeframe, contact your bank and see if they’ve delayed mailing for some reason. And finally, sign up with a credit-monitoring agency. For a small fee (typically $6–$13 per month), these services monitor financial transactions that are executed in your name. When they detect a transaction or transaction pattern that is potentially fraudulent, they alert you. There’s a really nice comparison of the leading credit monitoring services at www.fightidentitytheft.com.

Unfortunately, even if you do everything right to protect yourself from losing your personal identification information, you’re still vulnerable to identity theft. You’ve already revealed your name, address, SSN, and other unique information to every doctor, dentist, mortgage company, bank, and other service provider with which you do business. Although we’d all like to believe that each of these institutions does everything necessary to protect that data, it just isn’t so—and the bad guys know it.

We’ve all read about the impact of stolen laptops at the University of California, the Veteran’s Administration, and other institutions. There’s very little you can do personally to prevent the lost laptop scam from victimizing you. The fact is that your SSN and other personal data is probably resident on a hundred laptops sitting in car trunks and brief cases around the world as you read this. The only thing you can do is to minimize the amount of time such information is useful to the criminals that trade in it. Again, this simply requires that you carefully monitor your credit card bills and credit report.

That just about covers the situation with regard to offline identity theft. Scared? You shouldn’t be, but you should be concerned enough to take at least some of the simple preventative measures listed above. You’ll be glad you did.