ID Theft and Why It Does Not Matter Anymore
In 2016, identity theft claimed one victim every other second in the US. This is according to a 2017 study released by Javelin Strategy & Research. The report continues by pointing out that while the number of victims are at an all time high, the aggregate amount of money lost continues to decrease. This is attributed to quicker response by consumers – shutting down fictitious accounts or calling out fraudulent activities shortly after they occur.
Early notification can also help limit the liability of a victim in some cases, as well as allow more time for law enforcement to catch the fraudsters in the act.
Having worked in insurance for a dozen years, I recall when this risk became a nuisance, which then turned into a real threat. As companies are want to do, the insurance industry determined a way to profit from this development. In the mid-2010s, insurance companies (and many other financial institutions) began offering protection against identity theft; at that time, the legal fees and resulting liabilities were extraordinary and burdensome. The protection allowed for legal consultation and a team that would work with the credit bureaus to clear up the fraudulent inquiries, which would harm your credit score.
Over a decade has passed. With tens of millions of US victims each year, the threat of ID theft has not diminished. The threat of financial loss is still present, but really only for some of the extreme cases. However, what once was a serious fiscal threat has now become a well-oiled resolution process, filled with forms and apathy. This is my story.
Correlated with the Equifax data breach of 2017, where more than 143 million American consumers‘ sensitive personal information was exposed from mid-May through July, I received a letter from TD Bank in mid-September that my application for their credit card was being held up pending some additional information; I was asked to call in. As the letter further stated that inaction would lead to declination of my application, I decided on inaction – I did not apply for a credit card and was a bit uncertain as to the authenticity of the letter.
Granted that there was an 800 number to call, I am currently living in Europe as this blog clearly advertises to the world. The opportunity to make toll-free calls does not apply in my situation. I did, however, include this phone call as one of my to-dos during my journey back to the US for Thanksgiving, the last half of November. Unfortunately, this fraudster decided to push forward.
The Fun Begins
The Tuesday before I fly back to the US, I receive a frantic email from my maternal unit: “We need to talk!” The day prior they had received no mail; this is not impossible, but highly improbable. On that Tuesday, the mailman left a vacancy notice in the mailbox: This address has no official occupants according to the USPS. Upon calling the post office, she was told that I had requested the change. After explaining to the manager that I would do no such thing, they urged her to confirm that.
Someone filled out the USPS change of address form using my name in order to forward all the family’s mail to North Carolina. Upon asking for the exact address where the family’s mail was being sent, she was informed that the USPS cannot divulge that information for privacy reasons. Feel free to take ten seconds to ponder that one.
As anyone who has changed their address in the US would know, you have to pay one dollar via credit card to process the online application. This in no way would cover the cost to process a change in address by USPS, but rather is used as an identity check. When our local postmaster was asked about this, he claimed that he had no way of accessing the credit card information used – he did not know who would. However, the postmaster reassured the maternal unit that her action was swift enough that he could contact the appropriate North Carolina postmaster and all mail would be returned – nary a letter would be missing.
Still distraught, my maternal unit began sleuthing a reason for this deception. She found one in a pile of my mail: a letter from Capital One thanking me for my accepted credit card application and requesting that I wait on bated breath for their forthcoming welcome package. The USPS change of address was perfectly timed; this welcome package never arrived.
I scoured the Capital One website for a means of contact outside an 800 number; I ended up finding one email address which was intended for fraudulent electronic and snail mail credit offers. I shot them a note knowing that it would probably get to the right people eventually. Another phone call was added to my Thanksgiving to-dos.
The Phone Call
In the early evening on the day of Thanksgiving, after all the guests had left, the message light blinked on the parental unit’s home phone. The man leaving the message spoke quickly – there was concern in his voice. He claimed that he was on his way from Florida to his elderly mother’s house in North Carolina. She had told him something disconcerting – that she had been receiving our mail, and her postal worker confronted her about it.
The man recounted his efforts to explain to his mother that tampering with someone else’s mail is a felony; he tried to explain that she was being scammed. The mother would not accept this; she was in love with someone she met online, and he would not lie to her like this. The mother had met a man and was deeply in love. This boyfriend had explained that his nephew (i.e., me) was currently living outside the country and needed her to change his/my address to hers so that he/I would know what was being sent to him/me. She was tasked with changing my address and opening every letter that came.
When the mother filled out the online form, she must have selected ‘family’ and not ‘individual’. This meant that the entire household’s mail was being forwarded as opposed to just those with my name. Had that occurred, it is unclear how much time would have passed before it was noticed that I was no longer receiving mail.
The son assured that he was on his way to her house to sort all of this out. He was extremely sorry and provided a number to call back. However, the number he provided was not the one he used to leave the message. The number provided was for a lawyer’s office. With some internet work, the number used to leave the voice mail was reverse queried, and now we had his name (which will not be shared here). The son relayed that the mother had provided front and back copies of the credit card to her online boyfriend.
A couple days later, the mother calls my maternal unit to apologize. She further reports that she did in fact go through all of the mail received as that was what she was told to do. She states that someone pretending to be me called her and thanked her for helping him/me. She further claimed that she did not provide any copies to her lover, which is not true (as is clear below). But she did say that the parental units did receive a nice thank you letter from my cousin for the wedding gift.
The two ended the conversation with an agreement to return all mail as soon as possible. Again, the phone number was reverse queried, and full name and address were documented.
Credit Freezes and Fraud Alerts
When this whole ordeal began to gain momentum, I had attempted to pull my credit reports from each of the three credit bureaus in the US, as well as set up a credit freeze with each of them. I can only assume my out-of-the-country ISP was a deterrent as I was only able to pull of one the credit reports and was completely unsuccessful in setting up any of the freezes. Even initiating a fraud alert was impossible while overseas.
For those new to fraudulent activity, a fraud alert is a temporary 90-day alert process. Setting up a fraud alert with one of the agencies is sufficient; they are required to contact the other two on your behalf. You are asked to provide a phone number; this number will be called if your credit history is accessed by anyone. You will then need to release your credit history to the requester or deny the access. This is a free service and only applies for 90 days.
A credit freeze is permanent; you must request for a freeze to be initiated, and it will remain until you request to ‘thaw’ it. Both actions cost money, and the cost varies for each state. The great state of Wisconsin has a cost of $10. When frozen, no access is granted to any requester. Keep in mind that there are three credit bureaus; you will have to pay the fee three times.
As I had already reviewed the Experian report, seeing only the two new ‘hard queries’ listed, I needed only to work with Equifax and TransUnion. Getting the free annual reports and setting up the freezes were quite straight-forward; these companies are well-versed in the process and have a somewhat-smooth system to make it all happen. The only interesting tidbit was TransUnion claiming that I had already got my free credit report this year. When pressed, they informed me that they had released my credit history to someone in early September. Recall that it was mid-September when the first credit card application was submitted to (and declined by) TD Bank.
I would like to take a moment and recap. In May and June of 2017, Equifax gave away my name, social security number, and other pertinent information to the world. In September of 2017, TransUnion then provided a ten-page document including prior employers, addresses, and phone numbers to a fraudster (for free). And on Black Friday 2017, I spent the day paying each of these credit bureaus $10 so that they can protect me from further credit-impacting fraudulent activity. I ask you: Who is the ass in this situation?
I, of course, call both credit card companies to confirm that these accounts and applications are flagged as fraudulent. My conversation with TD Bank was quite quick as no card was issued. However, there is a ‘hard inquiry’ on my credit report now. As mentioned before, ID Theft is quite common; they have a process. I was told that this inquiry will be removed from my history in 45 days. Done.
My call with Capital One was a bit more interesting. I mentioned to the service representative that I was calling about a card that was issued. After he pulled up my info, he put on his concerned voice and stated that this account was flagged for fraud. I exclaimed how happy I was to hear that. He then transferred me to the Fraud Protection Department. I was happy to learn that my email did make it to the right people, and that account was locked. I was further informed that someone called in four days after I had sent the email; this person claimed to be me and tried to activate the card. Looks like the mother did in fact send copies of the front and the back of the card to her lover.
This inquiry, too, would be off my credit history in less than two months. After a day of phone calls, my credit history was restored to its pre-fraud state.
The Police Report
While perusing the internet to learn what steps I should take after this type of event, it was suggested that one should get a police report detailing the events in the case that further liabilities are incurred; this documentation will show that one took all steps available and could limit that potential liability. So, I packed up all my documentation, names, phone numbers, and somewhat complicated story and headed to the police station in town.
Upon arriving, I approached the thick transparent barrier and told the receptionist that I would like to create a police report for ID Theft. I was asked, “what kind of ID Theft.” This utterly baffled me; I got a feeling that I often have in Germany where I understand the words, but not the meaning. So I responded, “what are my options?” From this, we were able to clear up that my ID was not stolen (i.e., my drivers license), but rather I was a victim of ID Theft. A police officer would be out shortly.
A male police officer comes out, tucks his thumbs in his belt, and welcomes me with a “so, what do you want?”. It is quite clear that he had drawn the short straw. I explained my predicament, and I think all he chose to hear was North Carolina. “Ah! You’ll have to work with a department in North Carolina, then.” So, um, no? I explained that that was not going to happen; I just needed a police report for documentation. That was apparently okay. We walked into an interviewing room, and he gave me a statement form and was about to leave to make some copies of my documentation when he stopped. “You don’t live in town; this address is out in the country.” This translates to, “you don’t pay taxes here; we can’t help you.”
I would have had to drive another half hour to the county sheriff’s office, but luckily there is one officer assigned to the eastern part of the county. I was asked to wait in the lobby until he arrived.
A male police officer walks in, shakes my hand, and warmly asks how he can help me out. I explain my predicament, and he agrees that it is complicated and unfortunate. We head back to the interviewing room to fill out a statement form. He took photos of my documentation, which I found impressive for rural Wisconsin. He was obviously younger than I, but then also attentive and human; a huge step up from the city cop…
I detailed my story, gave him the names and phone numbers, and wrapped up the report. The officer did set my expectations that it would be extremely unlikely that anything would happen with this case; it would be seen as an informational report. ID Theft is such a common occurrence that little to nothing is being done about it. Credit card companies are known to write off the purchases as ‘bad debt’, and we consumers then pick up the tab. Every victim’s story is unfortunate, but these occurrences are not a priority for law enforcement.
I agreed with the young officer’s candor and thanked him for his time. I understand that nothing is being done about ID Theft. I also know that the cleanup process after a breach has been extremely streamlined although not yet customer friendly. As a citizen, I could talk with my law makers in order to get more funds allocated to stop this type of activity; however, I agree with his statement – there are simply bigger fish to fry.
As I left the police station, I had to shake my head: no one ever checked my ID.
The Saga Continues
About a month after freezing my credit, I did receive a letter from T-Mobile stating that I would have to pay a down-payment because they could not check my credit; I made no such application. Having no ability to call the listed 800 number, I again shot an email to the only email address I could find on their site. The response simply reiterated that if I had any concerns that I should talk with the credit agencies.
Though I was thankful to have been written an actual response (rather than a form letter), I further pressed the woman to know what would have happened if someone created a new phone line with my name. I asked if she could point to a website where I could better understand T-Mobile’s protection against fraud. I wanted to know how this occurred: in a store, online? How am I supposed to protect myself?
“I fully appreciate your concern as this is a very serious incident. Please understand that processes must be followed in instances of potential identity theft as this is in fact a crime. Possible victims must file a police report and the appropriate law enforcement group will perform the investigation.”
I will now wait on bated breath for the appropriate law enforcement group to perform the investigation.
