Understanding Real Identity Theft (a victim’s perspective)
Background. The National Crime Victimization Survey (NCVS) defines Identity Theft to include three general types of incidents:
- unauthorized use or attempted use of an existing account.
- unauthorized use or attempted use of personal information to open a new account.
- misuse of personal information for a fraudulent purpose.
In 2014 CBS reported that Identity theft — when someone uses such personal data to do anything from fraudulently opening a new bank account to fooling the police — is a crime on the rise in prominence, and in recent years, prevalence. They say that The Bureau of Justice Statistics, the government agency crunching numbers for the Justice Department, found that 16.6 million American adults experienced identity theft in 2012. That same year, the agency recorded just 6.8 million total non-fatal violent crimes.
Years prior, I was a victim. It seems to have gotten worse, not better…
I vividly remember an afternoon in October of 2007 when I stood at my mailbox opening a letter from Chase, confirming my request to change my Visa card’s address to Quebec. Right away I knew there was a problem, and I was in for a long journey. Then came a similar letter referring to a department store charge card… I am sharing this story of my identity theft and credit card fraud not because of my own personal situation, but to share my experiences with others, so they can know how to take swift action and avoid serious financial harm. My second reason is to serve as an advocate to publicize the disinterest of institutions in correcting this national problem. Sometimes this is due to incompetence, but in other cases opportunities to correct system and process problems are intentionally ignored, either due to profit opportunities or denial of wrongdoing. Although Credit Card Fraud and Identity Theft have become major issues for many innocent people, and the volume of incidents continues to grow, our government authorities are not properly responding – the bottom line is that there is nobody there to help the individual. If it happens to you, you will need to be armed to take care of yourself.
What caused my problem?
The root cause of my breach was actually due to XXXXXXXX, one of the three credit agencies! (I’d love to tell you which one, but their lawyers have deep pockets.)
Without proper validation, they provided my credit report to the criminal ring, which gave the thieves a convenient “grocery list” of all of my credit cards and other financial liabilities (mortgage, car loan, etc.). They then swiftly went down the list, attempting to change my address and begin spending. Addresses are changed first for a number of reasons:
- If your statement arrives elsewhere, you do not know you are being hit. By the time you realize the address change and lack of statements, severe damage has been done, and your first contact may be from a collections agency for a past due account.
- Many of the purchases are executed online, and they now have a convenient drop location.
- In my case the address change intentionally took advantage of the ineptitude of big business and large government. We have numerous legal processes and law enforcement agencies at many levels that do not talk to each other or want to work together. By moving me to Canada, it became outside of most law enforcement jurisdictions. Later, I’ll explain how no one sees the forest through the trees.
The breach in my identity that XXXXXXXX caused occurred in August 2007 when they provided my credit report to someone other than me. They might argue that they didn’t do it intentionally, but they know about flaws in their system and ignore them, allowing this to continue. By providing this “Grocery list” of my creditors, there were a few different types of fraud that followed. On a few VISA credit cards, plus a department store, my address was changed to Canada; pins were reset. On other cards at least six credit reports were ordered via my credit cards, preparing for their next victims. Yes, this well-organized ring had a strategy of using my credit cards to pull credit reports on the next six people they wanted to hit, and they sadly succeeded.
By the way, *XXXXXXXX has a mass-marketing subsidiary. There are three agencies that collect our private personal information, rate you, and then support credit checks. Unfortunately they are also in a multi-million dollar business of selling our information back to us. Each of these has subsidiaries that market via US Mail and internet services for easily obtaining credit reports. And, although they will state that it is intended as a service back to us, they reap revenue from many, including thieves who are attempting to obtain our information.
What to do next?
So I had to try to win the race against the thieves, getting to the banks before they did. I attempted to go through the list myself, contacting each credit card company to cancel my accounts. This was a revealing experience:
- Even though I explained that I was a victim of fraud and needed to cancel my account, most call center staffs insist on sticking to their scripts and try to convince the caller to keep their accounts open. Some actually tried to talk me into increasing my line of credit or transferring balances to them!
- XXXXXXXX call center staff attempted to discourage me from closing the accounts, to improve my credit score.
- I learned that I still had credit with stores that went out of business 20 years ago. I wrongly presumed my account had been closed, but they had sold open accounts to someone else.
- Some companies issued new cards, contrary to my instructions, instead of closing accounts as requested.
- I could go on and on with other anecdotes of incompetence…
Fortunately because of my well-organized records, I was able to rapidly respond, going down the list to stop their efforts before suffering major damages.
The Law Enforcement Agencies
Yes, you need to file a police report to document your credit card fraud and identity theft. But don’t expect resolution. Agency-by-agency, here’s what I experienced:
- Upon filing a local police report, I had to convince the department lieutenant to assign someone for follow-up. Ultimately the detective attempted to contact the Quebec agency, but was unable to get their cooperation.
- Thinking this was a national issue, I contacted the FBI but they never called back. Trying again, I eventually provided my information to an agent. There was no follow-up, and my requests for status went unanswered.
- The Secret Service agent was honest enough to tell me that he was working on specific cases where individuals had substantial loss, so I was the lowest of priorities and should be glad that I protected myself early.
- Since I also experienced mail fraud, I made multiple attempts to contact the US Postal authorities to initiate investigations. Each time they took my name, assigned a reference number, and said someone would call back. Out of frustration, I eventually went in person to the regional office, to seek out a postal inspector. Although he appeared interested, ultimately nothing resulted.
Cooperation and Correction
XXXXXXXX has been unable or refuses to answer my questions, which include:
- Why was my personal information provided to someone else?
- Since I understand that the credit report that initially exposed me was ordered via someone else’s credit card and someone else’s email/internet account. Why wasn’t this cross-checked, and why did XXXXXXXX* refuse to provide me with the details on the individual that sought and obtained my personal information? It amazes me that in the healthcare profession patients are protected by the HIPPA Privacy Rule, but I am unaware of anything to this extent comparable for consumers.
- When my visa accounts were breached and used to fraudulently order credit reports on other victims, why wasn’t my credit card validated against their names prior to accepting the credit card transaction?
- After I personally identified the fraudulent transactions, and learned the names of these next victims, I asked if they would be notified that they, too, had become victims. Why was this request refused, allowing them to be further compromised? And when I pursued this, why did the XXXXXXXX Vice President inform me that their legal department advised against it?
- Since XXXXXXXX (by nature of their possessing my credit information) has a lot of information about me, why didn’t they cross-check that one of my legitimate credit cards was used when my credit report was provided? Why did they allow my credit card to be used to order reports on the six other victims?
- And after I identified the flaws to them, why did they fail to correct their system to protect future potential victims?
- Why can’t they tell me details of those making Soft Credit inquiries, yet they provided my information to the perpetrator?
Criminal Persistence These thieves are not amateurs – they know what they’re doing. I was hit by a sophisticated ring. They know the corporate and law enforcement incompetence I described above, and play against it.
There were numerous incidents where the thieves attempted to re-open and/or establish new credit cards after I closed them. They also were able to again change the addresses. And the call centers were delighted to help, even though the thief didn’t know key information such as mother’s maiden name! So be prepared to continually check to re-validate that closed accounts are still closed. Even taking a thorough approach that insists on placement of notes in your file is ineffective, since the call center staff typically ignores them. Placing a PIN on your account can help in restricting access, although there were times when they failed to perform the PIN check.
This is not One-Time correction
There are a number of recommended safety precautions, but do not put your total faith in any of the commercial protection products. When my problems first started, I implemented a six-month Credit Alert. With additional paperwork, this was then extended to a longer-term seven-year alert. In the alert I included a statement that I was a victim of credit card fraud and identity theft, I listed my cell phone number in the alert, and asked that institutions call me before issuing credit to validate that it was legitimately requested. (You can argue that anyone granting credit without following your request then incurs the liability).
If you can deal with further inconvenience, investigate a Credit Freeze which can further help by preventing your credit reports from being made available to anyone.
The criminal rings are unfortunately good at what they do. Sure enough, at the six-month point, when basic alerts typically expire, things heated up again. Suddenly there was a wave of new attempts to take out credit cards. In most cases, because of the specific message in my alert, I started getting calls from numerous banks. In other cases, I learned about odd credit inquiries and had to track down the banks that did not call. By acting swiftly I was able to stop the new fraud attempts before they proceeded too far. Through persistent inquiry I was able to determine a new US drop location in Philadelphia, where they sought to have the new credit cards delivered, so I again contacted all of the above law enforcement agencies, as well as state and federal prosecutors offices, hoping that since this was within the border, we might attempt to finally nab them in the act. Again I got the run-around, where they each tried to pawn it off to a different group (my local FBI said it was out of their jurisdiction and referred me to the Philadelphia branch, but the Philadelphia branch said I wasn’t in their jurisdiction, so they couldn’t help). Although I also made multiple pleas to my US Congressman, there was similar lack of response.
Some final thoughts:
- Protect yourself – no one else will. At a minimum you can put a security freeze on your credit so no one can see it without your permission. You can also have a credit alert placed on your records so that lenders will call you before issuing credit.
- Don’t expect help on this journey – you’ll be on your own. Yes, I had many dealings with local police, FBI, Secret Service, our local congressman, and others. But other than filling out a police report, and sending me form letters, no one was willing to help further. You will have to take care of yourself. So be prepared.
- Isn’t it ironic that the credit agency divulged my personal information to the criminal that stole my identity and credit cards, yet they would not alert other known victims that they were at risk. The agency had the ability to prevent this, but they allowed it to happen. Even when I had identified others who were at risk, they intentionally did not notify them. When I pushed the issue, I was told that their legal department advised against it.
- And isn’t it ironic that the people entrusted with our private information are able to give it away and not be required to fix process flaws —– “The fox has the keys to the chicken coop”.
- Our government has the ability to prevent/reduce this, too. But based on my pursuits with local and national law enforcement agencies and US Postal service, no group appears to be tackling this national crisis. They all evaluate within their local organizations and refer to someone else, but sadly no one sees the forest through the trees.
- Is it my imagination, or is there a correlation between this increase in crime and the increase marketing and profit of credit report publishers? What role do lobbyists take in discouraging government corrective measures?
- It seems that agencies do not want Identity Theft to be resolved.
- They profit from individuals by selling us “protection”. (Isn’t this similar to racketeering?)
- But sadly, the real business model of the credit agencies seems to be thriving on identity theft incidents. They make substantial profits shaking down companies that experience breaches, selling them large volume contracts to make amends with compromised customers. So why would they want Identity Theft crime to be reduced or eliminated?
- Lastly, since credit agencies are strong sponsor with TV, Radio, and Newspaper commercials for free credit reports, is there any chance that someone in the media would touch this issue?
Your Next Step As I mentioned above, I was fortunate and did not suffer severe damages because of my well-organized records. You should also be prepared to rapidly respond, to stop criminal efforts before suffering major damages. Having well organized personal records is critical. At a minimum, prepare manual records, and for additional information on this topic, see our Organizing Primer. But clearly, a subscription to MyLegacyBackup will help.