Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:30 PM
Dark Reading
Dark Reading
Products and Releases

Colorado Supreme Court Ruling Over SSN Fraud Opens Dangerous Door, ITRC Says

Identity Theft Resource Center concurs with the three dissenting judges

(November 1, 2010, San Diego CA) The Colorado Supreme Court recently over-ruled (4-3) a lower court decision that convicted a man of criminal impersonation when he fraudulently used the Social Security number (SSN) of another when applying for a car loan. The trial and appellate court in Montes-Rodriguez v. People found that Mr. Montes-Rodriguez defrauded a car dealership which required an SSN on its loan application. The Supreme Court however held that since Montes-Rodriguez used his own name, birth date and address, the use of another person’s SSN was not criminal impersonation even though he had also used it for employment as well.

The Identity Theft Resource Center (ITRC) concurs with the three dissenting judges. The use of a false SSN even without using the victim’s name is one of the core issues of identity theft, whether the SSN has been issued or fabricated. As Justice Coats said, “Because I consider the defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes to be precisely the kind of conduct meant to be proscribed as criminal by this statute.” (18-5-113 Criminal Impersonation).

This is further validated by Section 603.2 of the Federal Fair Credit Reporting Act (FCRA) which states that “identity theft is a fraud committed or attempted using the identifying information of another without permission.” That section specifically states that the unauthorized use of another’s SSN is Identity theft.

By using a SSN which was not issued to the defendant, he assumed the capacity to gain a benefit - in this case, a car loan (and a job) he would not have received if he used his own SSN, which apparently he did not have. This act defrauded the car dealership and the woman whose SSN was used without her permission.

Attorney Mari Frank, frequently called as an expert witness to testify in court, before legislative hearings and who teaches law classes in identity theft, said: “ This 4 to 3 decision demonstrates that false identification and identity theft are still misunderstood by the ‘majority’ of people including judges. For far too long, the courts and industry have not taken identity theft seriously and here is but another example. Clearly the woman whose SSN was used already was hampered by the fraud appearing on her credit report as an inquiry. If the defendant stops payment, all the creditors with whom he has established credit with using this SSN will demand payment from the woman who was issued this number. If he doesn’t pay taxes, the IRS will call upon the victim. It might even impede her ability to get a job. I have seen victims trying to unravel the challenging mixed file mess numerous times.”

ITRC is very concerned by this decision. Identity theft crimes are evolving daily. It is critical that law makers, law enforcement, and the judicial system stay abreast of the actions of identity thieves. Semantics must not get in the way of “intent.” In over-ruling the lower court, the Colorado State Supreme Court has implied it is permissible to use an SSN that was not issued to an individual to establish new lines of credit. That was not the intent of the Colorado statute or that of the FCRA. This is a dangerous precedent that has now been established and which could permit abuses of the system designed to protect innocent bystanders from fraud.

About the ITRC The Identity Theft Resource Center' (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. Visit www.idtheftcenter.org Victims may contact the ITRC at 888-400-5530.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.
PUBLISHED: 2020-11-23
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
PUBLISHED: 2020-11-23
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
PUBLISHED: 2020-11-23
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In partic...
PUBLISHED: 2020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.