What damage can person/s do if they have your passport number and visa control number?

Question

I read What are the potential hazards of my passport or visa number being made public? as well as What harm can be done with a copy of one's passport? but it doesn't tell of what damages can be done. I have seen several sites on which people share/show the visa without the numbers and sometimes without name as well.

The only reason which many people perceive is identity theft but am unable to see how is that possible. I have to use public facilities such as printing, scanning etc. where it is easy for the operator to make copies without my consent. Also as shared, both these details are widely circulated when you stay in a hotel or anywhere else (when abroad) where identity information is needed.

Also particular to visas, as I'm given to understand, for short-stay visas (less than 3 months) which most tourist visas operate under, the window of doing anything nefarious activities (such as terrorism) would be extremely small. If I were a terrorist and I needed those bits to make work, then I would probably go for somebody who has a long-term stay as those credentials would look valid and I could jump from place to place under the radar under a fraudulent identity. Also as a terrorist, I would take quite a long view as any such attack takes years of planning, as shown in the investigation of various terrorist attacks in India as well as the U.S. Also, although I don't know (am speculating here) don't most airports might/should be checking on status quo of a passport to ensure issues such as showing 2 entries of a passport without exit (in some database where this information is collected and collated.)

Am I missing something in the logic here ?

Answer 1

The information page of a passport is an identity document and contains several fragments of personal information that could be useful to an identity thief: your full legal name, date of birth, photograph, etc... Somebody could potentially use that information, along with other details they research about your life and some social engineering, to impersonate you.

And such impersonation need not involve traveling or passports, but could involve obtaining credit in your name, convincing your bank to allow them access to your accounts, tax fraud, or any number of other nefarious activities.

Here's a simple example: "Hi, Big Global Airline? Yes I can't get into my account online. No I don't have access to that email anymore so I can't reset it. Ok so I can email/fax you a copy of my ID? That's perfect." And then you could use their miles to book yourself a last minute flight to Tahiti before the owner notices (or more likely, try sell the miles to someone else). While some airlines might put more roadblocks in the way of this kind of operation, a thief can simply try someplace else.

It is certainly true that you present your passport to various people during the course of your travels and are not immediately victimized. The average hotel clerk is unlikely to be an identity thief (and if they are, they're probably after your credit card number). The bigger issue comes if you post the picture online, as potentially anybody could see it. Another common scenario occurs when a database of personal information is breached, as the information can be sold online among criminals. Someone who finds a copy of your passport online and matches it to your social security number which was stolen from your health insurance company last year is well on their way to making a mess out of your life.

A visa also can reveal when you plan to be gone (especially if the duration is limited to the approximate dates of your travel, as some countries do). While it's unlikely that anybody would see your visa and then decide to break into your home, why help out potential burglars?

So it's not as though someone can immediately do that much with this information, but it's a significant piece of the puzzle that someone could use both to obtain more information about you and to exploit it. As a result, it's best not to share it unnecessarily.