This report marks an initial attempt to develop a measurement framework for identity crime and misuse in Australia. Development of the report would not have been possible without the assistance of a broad range of government agencies across the Australian Government and the states and territories, in the form of information, analysis and encouragement throughout the preparation and conduct of the pilot data collection exercise.
The report makes some initial findings on the nature and extent of identity crime, based on collection and analysis of data by agencies conducted on a ‘best endeavours’ basis. The methodology and findings in the report provide a firm basis for further work and will benefit from being refined over time.
While it has an ambitious objective, the National Identity Crime and Misuse Measurement Framework project has demonstrated that development of such a framework is both feasible and necessary.
As one of the most prevalent types of crime in Australia, identity crime is a serious and increasing criminal risk to governments and the wider community (OECD 2006; 3). It generates significant profits for offenders and causes considerable financial losses to the Australian Government, private industry and individuals (AFP 2014).
But despite its widespread impacts, a lack of comprehensive data makes it difficult to quantify the full extent of identity crime, or to assess its costs and consequences for victims. As a result, identity crime is likely to be both underreported and its impacts underestimated.
The National Identity Crime and Misuse Measurement Framework project is an important step in improving the measurement of identity crime in Australia. From undertaking this pilot, it is evident that the greatest challenges to this effort are: the underreporting of incidents by victims (both individuals and organisations), and a lack of standardisation in definitions and recording practices.
Addressing these challenges will require concerted, sustained effort by a range of organisations. A companion report produced as part of this project offers recommendations for how this work might be taken forward. This is necessary if we are to properly quantify the impacts of identity crime and to develop the most effective policy and operational responses to minimise the harm that it causes to the Australian community.
Identity crime in depth: a case study
‘Charles’ was able to obtain a wide range of genuine Australian identity documents, issued with fraudulently obtained personal information. He used some of these documents himself and sold others to his criminal associates to help avoid detection for other serious criminal activity.
This is a real life case study. It shows how vulnerabilities in the processes supporting one type of identity credential can have flow-on effects to other agencies that form part of Australia’s federated identity infrastructure; and which can be exploited by criminals to establish, use and sell fraudulent identities.
From the late 1990s to 2011, Charles searched through cemeteries in Queensland, New South Wales, Victoria and the Australian Capital Territory for the names and dates of birth of children who had died within a couple of months of being born. Using this identifying information, Charles then requested copies of the death certificates for these children.
Once he had obtained the details of the parents, Charles then manufactured counterfeit driver licences in their names, using photos taken from social media sites such as Facebook. With these two documents, he obtained the official birth certificates issued by the Registry of Births, Deaths
Charles then used the official birth certificates and counterfeit driver licences in the same name to open bank accounts and obtain credit cards. These bank accounts and credit cards, accompanied by the birth certificates, were then used to obtain genuine Medicare cards.
With these documents he was then able to obtain genuine driver licences issued in the same names.
Finally, Charles used these legitimately issued (but fraudulently obtained) identity kits to support applications for Australian passports. In total, he was able to obtain 10 genuinely issued Australian passports in various different names.
The identity kits were then sold to associates of Charles who were members of outlaw motorcycle gangs. The kits were sold for $9,000 without a passport and $30,000 with a passport.
Charles was also able to fraudulently obtain Australian Citizenship Certificates through an alternative method of ‘tombstone fraud’, using the names of children who had died during transit from the United Kingdom to Australia in post—World War II migration.
Charles’ identity crimes went undetected for over nine years. Ultimately he was arrested by police for drug-related crimes and while in custody made admissions to the identity frauds. Charles was imprisoned for a total of 4 years 6 months, with a single non-parole period of 2 years 6 months.
2007 Intergovernmental agreement to a National Identity Security Strategy
Attorney-General’s Department, (2014a), Document Verification Service website, Canberra:
Australian Bureau of Statistics, (2011), Australian and New Zealand Standard Offence Classification (ANZSOC), 2011, ABS Cat. No. 1234.0, Canberra: http://www.abs.gov.au/AUSSTATS/abs@.nsf/ProductsbyCatalogue/E6838CDEE01D34CBCA25722E0017B26B
Australian Bureau of Statistics, (2008), Personal Fraud, 2007, ABS Cat. No. 4528.0, Canberra:
Australasian Centre for Policing Research (ACPR), (2006), Standardisation of definitions of identity crime terms: A step towards consistency, Report Series No. 145.3, South Australia: http://www.anzpaa.org.au/anzpire/acpr-publications
Australian Communications and Media Authority (ACMA), (2013), Digital footprints and identities: Community attitudinal research, Melbourne: http://www.acma.gov.au/~/media/Regulatory%20Frameworks/pdf/Digital%20footprints%20and%20identities%20community%20attitudinal%20research%20pdf.pdf
Australian Crime Commission, (2013), Organised Crime in Australia 2013, Canberra:
Australian Federal Police (AFP), (2014), Identity Crime, AFP website: http://www.afp.gov.au/policing/fraud/identity-crime
Australian National Audit Office (ANAO), (2012), Management of e-passports, Audit Report No. 33—2011–12, Canberra. http://www.anao.gov.au/~/media/Uploads/Audit%20Reports/2011%2012/201112%20Audit%20Report%20No33.pdf
Australian Payments Clearing Association (APCA), (2006-2013), Payment Statistics—Fraud Statistics, Sydney: http://www.apca.com.au/payment-statistics/fraud-statistics/archive-releases
Bricknell, S and Smith, R. G., (2013), Developing a monitoring framework for identity crime and misuse, (AIC Report) Australian Institute of Criminology, Canberra.
Commonwealth Ombudsman, (2010), Australian Taxation Office: Resolving Tax File Number Compromise, Report 12/2010, Canberra. http://www.ombudsman.gov.au/files/ATO_resolving-TFNcompromise.pdf
Council of Australian Governments (COAG), (2012), National Identity Security Strategy,
Cuganesan, S and Lacey, D, (2003), Identity Fraud in Australia: An Evaluation of its Nature, Cost and Extent, Sydney: SIRCA.
Department of Human Services, (2008-2013), Annual Reports, Canberra: http://www.humanservices.gov.au/corporate/publications-and-resources/annual-report/
Defence Signals Directorate (DSD), (2012), Top four mitigation strategies to protect your ICT system, Canberra: http://www.asd.gov.au/publications/csocprotect/Top_4_Mitigations.pdf?&verNov12
Harrell, E & Langton, L, (2013), Victims of Identity Theft, 2012, Bureau of Justice Statistics, Office of Justice Programs, US Department of Justice. http://www.bjs.gov/index.cfm?ty=pbdetail&iid=4821
House of Representatives Standing Committee on Economics, Finance and Public Administration, (2000), Numbers on the Run: Review of the ANAO Report No.37 1998-99 on the Management of Tax File Numbers, Transcripts of public hearings: 05/04/2000, EFPA 164. http://www.aph.gov.au/parliamentary_business/committees/house_of_representatives_committees?url=efpa/tfnaudit/report.htm
Identity Theft Resource Centre, (2010), Identity Theft: The Aftermath 2009, California:
Lacey, D, (2013), Identity Theft and Misuse in Australian and New Zealand: iDcare Report on Establishing a Trans-Tasman Identity Theft Victim Support Centre, Gold Coast. http://www.idcare.org/idcare-aus-nz
Lawson, P, (2011), Responding to Victims of Identity Crime: A Manual for Law Enforcement Agents, Prosecutors and Policy-Makers, International Centre for Criminal Law Reform and Criminal Justice Policy, Canada: http://icclr.law.ubc.ca/sites/icclr.law.ubc.ca/files/publications/pdfs/00%20Victims%20of%20Identity%20Crime%20Manual.pdf
Lindley, J, Jorna, P. & Smith, R.G., (2012), Fraud against the Commonwealth 2010–11 annual report to government. Australian Institute of Criminology, Monitoring Reports: Canberra
Lozusic, R, (2003), Fraud and Identity Theft, Briefing Paper No. 8/03, New South Wales Parliamentary Library Research Service: Sydney. http://www.parliament.nsw.gov.au/prod/parlment/publications.nsf/0/08ACDBBA372ED89DCA256ECF0007C146/$ File/08-03.pdf
Ludington, S, (2006), Reining in the Data Traders: A Tort for the Misuse of Personal Information, Maryland Law Review, Vol. 66, pp. 140-193. http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=5&ved=0CEMQFjAE&url=http%3A%2F%2Fscholarship.law.duke.edu%2Fcgi%2Fviewcontent.cgi%3Farticle%3D5492%26context%3 Dfaculty_scholarship&ei=qhDwUq6nGca6lQXM1IC4Bg&usg=AFQjCNEAtBThhSLLS-pl_-bjpe1oBEz_IQ
Microsoft, (2014), 2013 Microsoft Computing Safety Index: http://www.microsoft.com/security/resources/mcsi.aspx
National Fraud Authority, (2013), Annual Fraud Indicator—June 2013, London: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/206552/nfa-annual-fraud-indicator-2013.pdf
New South Wales Registry of Births, Deaths & Marriages (NSW RBDM) (2013), Statistics from 1996 to 2012: Births, Department of Attorney-General & Justice, Sydney: http://www.bdm.nsw.gov.au/resources/statsinfo.pdf
Office of the Australian Information Commissioner, (2013a), OAIC Annual Report—2012–13, Canberra: http://www.oaic.gov.au/about-us/corporate-information/annual-reports/oaic-annual-report-201213/
Office of the Australian Information Commissioner, (2013b), Community attitudes to privacy survey: Research report 2013. Canberra: http://www.oaic.gov.au/privacy/privacy-resources/privacy-reports/oaic-community-attitudes-to-privacy-survey-research-report-2013#_Toc368300726
Office of the Australian Information Commissioner, (2012a), OAIC Annual Report—2011–12, Canberra: http://www.oaic.gov.au/about-us/corporate-information/annual-reports/oaic-annual-report-201112/
Office of the Australian Information Commissioner, (2012b), Data breach notification: A guide to handling personal information security breaches, Canberra. http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-guide-to-handling-personal-information-security-breaches
Office of the Australian Information Commissioner, (2011a), OAIC Annual Report—2010–11, Canberra: http://www.oaic.gov.au/about-us/corporate-information/annual-reports/oaic-annual-report-201011/
Office of the Australian Information Commissioner, (2011b), Vodafone Hutchison Australia: Own motion investigation report, Canberra. http://www.oaic.gov.au/privacy/applying-privacy-law/privacy-omi-reports/vodafone-hutchison-australia
Organisation for Economic Co-Operation and Development (OECD), (2006), Report on Identity Fraud: Tax Evasion and Money Laundering Vulnerabilities, http://www.oecd.org/ctp/crime/identity-fraud-tax-evasion-and-money-laundering-vulnerabilities.htm
Ponemon Institute, (2012), 2011 Cost of Data Breach Study: Australia, http://www.ponemon.org/library/2011-cost-of-data-breach-australia
Ponemon Institute, (2013), 2012 Cost of Data Breach Study: Global Analysis, http://www.ponemon.org/library/2013-cost-of-data-breach-global-analysis
Prenzler, T, (2012), Responding to welfare fraud: The Australian experience, Research & Public Policy Series 119, Australian Institute of Criminology: Canberra. http://www.aic.gov.au/media_library/publications/rpp/119/rpp119.pdf
Reserve Bank of Australia (RBA), (2014), Inflation Calculator, http://www.rba.gov.au/calculator/annualDecimal.html
Richards, K, (2009), The Australian Business Assessment of Computer User Security (ABACUS): a national survey, Research and Public Policy Series 102, Australian Institute of Criminology: Canberra.
Smith, R. G. & Hutchings, A. (2014), Identity crime and misuse in Australia: Results of the 2013 online survey, Research & Public Policy Series, Australian Institute of Criminology: Canberra.
Smith, R, Jorna, P, Sweeny, J & Fuller, G, (forthcoming), Counting the costs of crime in Australia—2011 update, Research and Public Policy Series, Australian Institute of Criminology: Canberra.
Sproule, S and Archer, N, (2008), Measuring Identity Theft in Canada: 2008 Consumer Survey, MeRC Working Paper No.23, McMaster University. http://merc.mcmaster.ca/working-papers/23.html
Van Vliet, J, (2010), Stolen Identities: A Qualitative Study on the Psychological Impact of Identity Theft, University of Alberta: http://news.ualberta.ca/newsarticles/2011/04/uofaresearcherfindsthepsychologicaleffectsofidentitytheftlingerswithvictims
Unisys, (2013), Australia Unisys Security Index—May 2013, http://www.unisyssecurityindex.com/usi/australia/reports
Case Study 1: Australian Transaction Reports and Analysis Centre (AUSTRAC), (2012), AUSTRAC typologies and case studies report, Pg. 45. http://www.austrac.gov.au/files/typ_rprt12_full.pdf
Case Study 2: Levy, M, (2012), Truckies face retest amid licence fraud probe, The Age, published 21 September. http://www.theage.com.au/victoria/truckies-face-retest-amid-licence-fraud-probe-20120921-26acr.html
Case Study 3: Grubb, B, (2013), Oops: Google search reveals private Telstra customer data, Sydney Morning Herald, published 16 May. http://www.smh.com.au/it-pro/security-it/oops-google-search-reveals-private-telstra-customer-data-20130516-2jnmw.html
Office of the Australian Information Commissioner, Telstra breaches privacy of 15,775 customers, Media release published 11 March 2014. http://www.oaic.gov.au/news-and-events/media-releases/privacy-media-releases/telstra-breaches-privacy-of-15-775-customers
Case Study 4: Commonwealth Director of Public Prosecutions, 2009–10 Annual Report. Available at: http://www.cdpp.gov.au/case-reports/george-hebaiter/
Case Study 5: Australian Taxation Office, (2011), Targeting tax crime: A whole-of-government approach. Available at: http://www.ato.gov.au/General/Tax-evasion-and-crime/In-detail/Targeting-Tax-Crime-magazine/2011/Targeting-tax-crime--A-whole-of-government-approach---February-2011/?page=8
Case Study 6: Harris, A, (2012), VicRoads goes hi-tech to end driving licence fraud, The Australian, published 29 October. http://www.theaustralian.com.au/news/vicroads-goes-hi-tech-to-end-driving-licence-fraud/story-e6frg6n6-1226504896204#
Case Study 7: Styles, A, (2010), Property scam highlights need for greater security: REIWA, WA Today, published 13 September. http://www.watoday.com.au/wa-news/property-scam-highlights-need-for-greater-security-reiwa-20100913-15952.html
Case Study 8: Commonwealth Director of Public Prosecutions. 2010. 2009–10 Annual Report. Available at: http://www.cdpp.gov.au/case-reports/marita-quetcher/
Case Study 9: ABC News, (2005), Nurse jailed for massive Centrelink fraud, published 16 December.