What Is Identity Theft and How Does Criminal Law Address It?

Prosecutors must prove both that you knew you were using another person's information and that you intended to defraud. This dual requirement means that mere possession of someone else's identifying data does not automatically constitute identity theft; there must be evidence of a deliberate plan to use that information for financial gain or other fraudulent purpose. Courts examine the timing between obtaining the information and using it, communications showing planning, and the nature of the transactions or accounts opened. From a practitioner's perspective, the distinction between recklessness and knowing intent often becomes the pivotal factual dispute at trial.

The definition extends beyond obvious financial identifiers. Biometric records, email addresses, and phone numbers can all serve as identifying information if used without consent to commit fraud. This breadth means that identity theft charges can arise from scenarios ranging from opening a credit card account in someone else's name to creating fake social media profiles or obtaining medical services under another person's identity. Each use of the information can constitute a separate count.

Bank statements, credit card applications, loan documents, and email records form the backbone of most identity theft prosecutions. Prosecutors also rely on IP address logs, device identifiers, and geolocation data to place a suspect at the location where fraud occurred or to show access to accounts from a device the suspect controlled. Handwriting analysis or voice identification may be used if applications or transactions occurred in person or by phone. These records are often supplemented by subpoenaed communications between the suspect and merchants, lenders, or other third parties.

The victim typically testifies that they did not authorize the accounts or transactions and that they did not recognize the signature, voice, or other identifying markers on the fraudulent applications. Employees of financial institutions or credit card companies may testify about their company's procedures for opening accounts and verifying identity. In cases involving organized rings, law enforcement undercover operations or cooperating witnesses may provide evidence of the suspect's role in the scheme.

Sentences range from probation for Class E felonies to up to fifteen years imprisonment for Class B convictions. Beyond incarceration, a conviction carries collateral consequences including mandatory restitution to victims, civil liability, professional license suspension or revocation, and employment barriers. In New York County and other high-volume courts, prosecutors often pursue restitution as a condition of plea agreements, requiring defendants to repay the full amount of documented loss. Documentation of loss timing and amount becomes critical early in the case, as incomplete or delayed victim affidavits can affect the restitution amount a court can order.

Beyond criminal prosecution, victims pursue civil remedies through identity theft lawsuits under federal law (the Fair Credit Reporting Act, the Identity Theft Enforcement and Restitution Act), and state common law. Civil liability does not require proof beyond a reasonable doubt; the standard is preponderance of the evidence, making civil recovery a lower procedural hurdle. A defendant may face both criminal penalties and civil damages simultaneously, creating parallel legal exposure that requires coordinated defense strategy.

If the victim authorized the use of their identifying information, even for a limited purpose, the defendant may argue lack of criminal intent. For example, if a family member was authorized to use a relative's social security number for a specific transaction but exceeded that authorization, the scope of consent becomes a factual issue. Courts examine the nature and extent of the authorization granted and whether the defendant's conduct fell within those bounds.

IP addresses, device identifiers, and geolocation data are not always conclusive proof of a defendant's actions. Defense counsel often challenge the reliability of these records, the chain of custody of digital evidence, and whether law enforcement obtained the evidence in compliance with warrant requirements and statutory procedures. These technical challenges can significantly weaken the prosecution's case, particularly when the defendant argues that someone else had access to their device or account credentials.

Understanding the statutory framework and evidentiary standards surrounding identity theft helps clarify where factual disputes are likely to emerge and which procedural safeguards may protect your interests. Early assessment of the evidence—particularly the digital forensics, documentary records, and witness credibility—allows for informed evaluation of negotiation posture and trial readiness. Documenting your own timeline, communications, and device access history before formal charges are filed can preserve information that may otherwise be lost or become difficult to reconstruct. If you are under investigation or have been charged, gathering records of authorization, consent communications, and your own financial transactions creates a foundation for defense strategy and positions counsel to challenge the prosecution's narrative from the outset.