The subscription system you describe sounds exactly like the subscription and security sytsem used by ChoicePoint. They knew who was accessing their information or at least thought they did. The identity thieves used previously stolen identities. They filled out the ChoicePoint forms claiming to operate legitimate check cashing and collections agencies. In some cases they did this from public computers like Kinko's.

I went on a County site in Ohio recently that used a similar system. I completed the subscription form. Within minutes I was granted full access.  I completed the form honestly but how could they have known? I could have been sitting at a public computer anywhere in the world. Or, once I had my password I could have distributed it worldwide by the Internet.

The Wall Street Journal just reported on an undergroud webb site calling itself ShadowCrew that was actively trading American identities and financial information. The going rate was $100 a name for U.S. Citizens and $200 for European. The Webb site had 4000 members from countries all over the world.