Identity theft (also known as identity fraud) is the misuse of personal data (the identity) of a natural person by third parties. Although the term “identity theft” is used very often, it is not exactly “theft” because in a typical theft something is taken away from the entitled person, so that he or she no longer has it himself. In the case of identity theft, however, the entitled person can continue to use his or her identity.
The goal of identity theft may be to obtain a fraudulent pecuniary advantage or to discredit the rightful owner of the identity (rarely).
In the case of identity theft, a number of personal data, such as date of birth, address, driver’s license or social security numbers, bank account or credit card numbers, are used in addition to the name in order to circumvent or falsify the determination of one’s real identity. The more matching data the abuser has, the more certain he or she will succeed in pretending.
Data that has already been obtained – for example, the telephone number – can be used to determine further data. The misuse of someone else’s identity can lead to indebtedness for victims or, if criminal acts are carried out on behalf of the identity theft victim, to unjustified penalties. If the abuse is discovered, the perpetrator is not only punished for the abuse itself, but must bear the financial damage caused and pay the penalties for the acts committed on behalf of the victim.
Especially in e-commerce, for example when carrying out transactions via providers on the Internet, who often do not carry out legally binding identity verification, identity theft can have a significant impact on business partners. Illegally operating credit agencies manipulate the computers of the respective target persons through phishing, pharming and spoofing and thus first obtain the identity (for example, the nickname in connection with a password). With this stolen identity, they then gain access to data from online consultations, contact portals, online marketplaces, etc., and market the data obtained to “interested parties”.
A particular problem is nicknapping: appearing on the Internet under the name or pseudonym of another panelist or user. In the case of internet portals and discussion platforms that require registration, there is usually an assignment of the corresponding person to a user account and an e-mail address.
Since the Internet has also been increasingly used in public settings, it is often possible to use any name instead of one’s real name. This applies to mailing lists as well as to Usenet and forums.
It is possible to use not only fictitious names, but also names of real people who do not necessarily have to know about the use by third parties. The use of pseudonyms in factually similar forums or portals can also be a form of nicknapping, provided that there is no independence of the persons involved and the pseudonym is assigned to a well-known person in the corresponding topic society, i.e. has a high recognition value.
Under criminal law, the misuse of a real name and that of a nickname is to be assessed very differently. While the use of a false name in conjunction with other personal data and facts is always punishable, the use of the same nickname cannot be prosecuted in different systems, as nicknames are not protected and the use can only be controlled within the respective system. Only stage names entered in the ID card are legally equivalent to the “civil name”.