The 15-count indictment, which was filed in federal court in Los Angeles on Tuesday, alleges that the woman has stolen goods and cash advances from at least 100 of the deceased individuals from October 2005 through last month. After locating the Social Security Number, birth date, and death date of a recently deceased individual in the Social Security Death Index (SSDI), the accused would then search online for a recent address for the deceased individual, as well as any other identifying information. It is alleged that the accused would then randomly call credit card companies to determine if the deceased individual had an account and, if so, she would take over the account by requesting that the mailing address be changed. In some cases, she would even add her own name as an authorized user of the card.
This crime apparently exploits a loophole in the use of the SSDI as a fraud-prevention tool. While companies routinely check applications for new credit card and bank accounts against the SSDI, this case involves accounts that were already open where, apparently, the verification policies and procedures are more lax.
Many say that databases and indexes such as the Social Security Death Index should not be online for fear of identity theft, but I feel it is much more important to look at the credit card companies, banks, and other such financial organizations to protect the accounts of their customers. Information is publicly available in all types of places. Many localities do not restrict access to death records, for example. Obituaries -- available in newspapers, on microfilm, and online -- often offer up a wealth of "private" details, such as the date of birth and death, and the mother's maiden name. Real estate transactions, which can help document a current residence, appear in local newspapers, and are readily available at the courthouse and online.
It's easy for people to blaim the "genealogy sites," but hopefully, this case will bring more attention to the financial institutions charged with protecting our identity. Mike Ward, spokesman for RootsWeb, said it well. "The reason the Social Security Administration has it [Social Security Death Master File] out there is to prevent fraud, and when it's used to perpetrate fraud it's because not all the checks and balances were in place on the financial institution's end." Removing publicly available information from the Internet is not the answer. It's time to for financial organizations to rethink the way they protect the privacy of their customers and close those loopholes.