I am the victim of identity theft

[baldeagle]

I thought long and hard before posting this. I do not want anyone's sympathy. I'm doing fine, and I haven't lost any money (yet!) I thought perhaps my experience might help someone else in the future. I am a computer security professional. I deal with fraud and abuse and internet scams on a daily basis. I never thought this would happen to me, nor do I have any idea how this happened. I am very careful about giving out information, and I've been shredding all documents with my name or any other personal information on them for over ten years.

On November 16 I got a call from Citibank congratulating me on the issuance of my new Platinum Edition card with an $11,500 limit and asking me to confirm my name and zip code. I thought it was odd, because I've had a Citibank Card for 29 years. So I asked the guy why they were issuing me another one. He said he didn't know, but I could talk to the fraud department if I was concerned. At first I thought it was another case of a behemoth corporation having a right hand that didn't know what the left hand was doing. Then I thought, I'll call the fraud department and check on it anyway. The fraud department told me that the number that had called me didn't belong to Citibank and that I should be concerned. I googled the number and found out that it does belong to Citibank. So much for the left hand knowing what the right hand was doing.

Two days later I got a fraud alert from LIfelock. That raised alarm bells, so I called the fraud department again and asked them about the details of the application. Of course, they won't give you any of that. They were able to confirm that none of the personal information matched except my name and SSN. I immediately told them to cancel the card - that it was a fraudulent application. They did. I got the card in the mail the next day. So much for the right hand knowing what the left hand was doing. So the crook was successful at obtaining over $11000 of credit in my name. Citibank just "screwed up" by sending the card to my address. (Figure that one out!)

Over the eight days between 11/16 and 11/23, I discovered that someone, apparently in the Houston area, is trying to open credit accounts in my name using my SSN. There have been a total of nine separate attempts (that I'm aware of); Best Buy, Walmart, Jewelers Exchange, American Express, Citibank, First Premier Bank, Capital One, Bank of America and GE Capital. The fraudster has used three different addresses; Conroe, Houston and Humble and one phone number. (Might be his downfall.) I've also suddenly become twelve years younger.

I contacted all FOUR credit agencies. (Yes, that's right - there's four, not three; Equifax, Experian, TransUnion and, the new kid on the block, Innovis.) I placed 90 day fraud alerts on my account (Innovis doesn't share with the others, so you have to duplicate everything you do. ) I also requested credit reports from all four, asked them to investigate the known instances of fraud and disputed every inaccuracy on the reports. Then, after I had obtained sufficient information to prove the attempted identity theft, I went to the police department and filed a report. (The investigation is ongoing - i hope they catch the guy(s?) and crucify him/them.) I also filed a complaint with the FTC and with the Internet Crime Complaint Center. All these things are necessary to protect you in the attempt that money or goods are obtained by the fraudsters. You need to be able to prove that you were aware of and actively combatting the attempts to defraud vendors in your name.

Some lessons learned that might help someone else:

• The easiest and most helpful credit bureau to work with was TransUnion. Go to them first. They will notify the other two. (Innovis needs a kick in the pants.)
• If you even suspect that you are an identity theft victim, immediately place a 90 day fraud alert on your accounts. No one will be able to issue credit without verifying first with you by calling a phone number that you designate. You are not required to provide proof of identity theft before setting the 90 day alert.
• If you have proof of identity fraud attempts, you can place a 7 year fraud alert on your account. Only TransUnion will volunteer this information. You have to extract it, grudgingly, from the others. (Some call it an extended alert.)
• If you have a police report, you can place a 7 year FREEZE on your accounts. (They normally charge for this service.) This means even your own creditors cannot approve a transaction without your voice approval and certain proofs of your identity. Only TransUnion will volunteer this information.
• When you call credit bureaus and credit granting agencies and you get the endless loop phone tree asking you for your account number (I'm a fraud victim - how would I know that?) just keep saying "agent" over and over again. Eventually you will get a human being who you can talk to and explain your situation.
• Experian will change your address without your knowledge based on a fraudulent application sent in by a member credit granting agency. Then, when you tell them that the address is fraudulent, they will tell you that they have no control over that - you will have to contact the credit granting agency that reported the address. Keep a close eye on Experian's records of your credit and dispute ALL inaccuracies.
• TransUnion will let you lock your personal information in perpetuity. This means that no one can change anything about your personal information without TransUnion verifying the change with you by calling the phone number you designate. NONE of the other agencies will do this simple protective step for you.
• You can place blocks on all your credit accounts. This means even you can't borrow money without proving your identity. You should do this with every department store account you have.
• My bank lets you put a password on your account. The password is required to do any business (deposit, withdraw, verify information) with the bank at any location. Your bank might have the same protection. (They should!)
• DPS requires certain proofs found only on your drivers license before they will make changes to it. Make a photocopy of both sides of your drivers license in case it is lost or stolen.
• DPS only requires D/L, SSN and DOB to change your address. Make a photocopy of both sides of your CHL for proof should you lose it or have it stolen.

As a result of my experience, I have contacted both my State and US Senator and will be sending both a letter explaining certain things that I believe credit bureaus should be required to do.

• They should be required to lock your personal information at your request for whatever period of time you specify. No one but you should be allowed to change your birth date, street address, city, state, zip code or any other personally identifiable information.
• They should be required to explain that you have the options of a 7 year fraud alert and a 7 year security freeze at no cost to you if you are a victim of identity theft
• They should be required to have an identity theft victim hotline that takes you directly to an agent who can assist you and inform you of all the options available to you and prominently display that information on their home page
• They should be required to share identity theft information with all the other bureaus as soon as you report it to one
• They should be required to allow you to create an online account without charge so that you can verify and/or dispute items on your credit report without having to jump through a thousand hoops to do so

[BobCat]

baldeagle,

First of all, I'm glad you haven't lost any money (yet!) and hope your quick action prevents any loss, ever.

Mainly, thanks for posting your experience and recommendations. Like getting jumped in the parking lot, identity theft is something we are all aware can happen, but do not expect to happen to us in particular. Carrying a pistol and keeping your eyes open is good for the first; until I read your post I had no clue how to guard against the second.

Years ago I scanned both sides of each of my credit cards, so I'd have the phone numbers to call to cancel them if I ever lost my wallet (or it got stolen). Out-of-date, time to re-do and add DL and CHL as you suggest.

Thanks again and I hope they catch the guy!

Regards,
Andrew

[baldeagle]

BobCat, if I can help one person go through less hassle than I have, it will be well worth it.

I should have also mentioned the Identity Theft Resource Center, which has a wealth of useful information including templates for letters that you can send to the various agencies that will be involved in your case. One note from their site: the credit granting agencies are required to provide you with a copy of any fraudulent applications. You must request it and provide proof of identity and copies of your police report, but you will get a copy of each application, which you can then provide to your police agency for followup. The police have far too much to investigate already. You must be proactive if you want your case to move along. Getting copies of those apps will save them time and maybe even tip you off as to who might be behind the fraud. (But don't take the law into your own hands!)

[esxmarkc]

Been there done that.

Went through the same gyrations. Actually the person made a supposedly flawless replica of my bank debit/credit card - front and back. I have only to think that some waiter scanned the card while it was out of my possession for a few moments. I download all my transactions into Quicken every day and I noticed several transaction totaling $2500 in the far west Houston area. I immediately got on the phone with the bank and disputed them all, cancelled the card and started a fraud investigation.

Looking through the transactions I noticed several were at a Hilton hotel on I-10. I called there and got the manager on the phone and told her the situation. She claimed individuals were still checked in and after checking their room there was still merchandise in the room. She had the room key disabled so anyone returning to the room would need to go back to the front desk to get a new one. She had everyone on standby to stall and delay them until they could be apprehended. Whoever they were got spooked and never returned to the front desk.

I filed a police report and immediately got all my money back.

Now here's the kicker: I already had Lifelock and all the triggers in place on all the credit reporting companies. Didn't do one bit of good and never kicked in.

I stall had to do all the things anyone else (who didn't have Lifelock etc.) would have had to do to get their money back.

The moral is: In the end, if you file all your paperwork and reports you get all your cask back - within days if you bank where I bank. It was a frightening experience at the time but it could still happen again tomorrow and this time it wouldn't be as scary since I have been on that ride. Although I have Lifelock I'm now questioning it's necessity since you can get all the credit reporting authorities to place all the safeguards on your accounts without them.

Anyways, glad you made it though the ordeal unscathed as well and "Welcome to the club!"

[BobCat]

Thanks! We need an "embarrassed giggle" smilie - I won't "take the law into my own hands" but might spend some time being angry.

There is another saying, "Anger is only one letter away from Danger" that is useful in keeping one's blood pressure under control.

And you are right, the police have plenty of work to do so the best way to move the case along is to do as much "legwork" and information gathering as possible, to take some of the load off them.

Regards,
Andrew

[baldeagle]

Anyways, glad you made it though the ordeal unscathed as well and "Welcome to the club!"

Not a club I ever wanted to be a part of.

This was particularly scary to me, because I am close to retirement. A major money loss would devastate us and we would not have time to recover. Definitely made my shorts cinch up tight.

[3dfxMM]

When you call Transunion to give them a phone number to call whenever new credit is requested how do they verify your identity? Would it be possible for the perpetrator of the fraud to call and give them his number? He already has your SSN and name. It is also quite possible that he has other information about you as well. I am just curious if this could be a potential hole in the protections provided.

[baldeagle]

When you call Transunion to give them a phone number to call whenever new credit is requested how do they verify your identity? Would it be possible for the perpetrator of the fraud to call and give them his number? He already has your SSN and name. It is also quite possible that he has other information about you as well. I am just curious if this could be a potential hole in the protections provided.

They asked me questions about my credit that (I hope) no one else would know. For example, (I think there were four or five questions like this) what year is your Honda? What's the monthly payment on your mortgage? Have you ever lived in any of the following cities? They know the answers and so do you. No one else should. In fact, my wife couldn't even answer some of those without looking it up first.

[esxmarkc]

Although it's scary, you gotta imagine how I felt when I saw they were pulling money directly out of my bank account.

Baldeagle, here is the kicker, If I were in your shoes and someone opened up a huge credit line in my name I would do all the right stuff to prove it was fraudulent then I would would wash my hands of it. Not a soul on this planet is prying a dime out of me for something I do not owe. As far as the creditor is concerned THEY ( the criminals) stole the money from YOU (the creditors) not me. I will do everything in my power to help them catch the bad guys if they ask me to but my money stays in my hands.

What you really need to worry about is the scenario I encountered where I had to get my money back. I was successful at it but there a couple of scary days. I actually contacted the two biggest hits (Hilton and Walgreens) and disputed the charges directly and they actually reversed them. The rest came back through the bank two days later.

My lesson there was to keep that account limited on funds and set daily spending limits on that account to limit my exposure.

[Bob in Big D]

"Two days later I got a fraud alert from LIfelock"

I have been considering using Lifelock. How much help have they been in all of this? Arn't they supposed to be the best at protecting you aganist ID Theft?

[macavity]

-removed by user-

[baldeagle]

"Two days later I got a fraud alert from LIfelock"

I have been considering using Lifelock. How much help have they been in all of this? Arn't they supposed to be the best at protecting you aganist ID Theft?

I don't know if they're the best. I think they were the first.

I got alerts from them for the retail credit accounts but not for the credit cards. They told me the credit card companies will not share that information with them. I got a phone call a few minutes ago from a woman with Lifelock who has been assigned my case. She said that she will contact all the credit bureaus and dispute all fraudulent and incorrect information as well as contact all the credit granting agencies and request copies of the credit applications. She will forward those to the RPD to add to my case file. She also gave me two new agencies to contact to request fraud alerts as well as credit reports; Scan (800-262-7771) and Telecheck (800-428-9623). Those two cover check cashing services and payday loans.

Basically Lifelock is acting on my behalf to pursue the case and attempt to get a conviction. I pay $132 annually for the service and think it is worth it. I first got Lifelock when my information was exposed by the loss of a VA laptop. I've had it ever since. It's a small price to pay for obtaining assistance from knowledgeable people when something goes wrong, in my opinion.

[baldeagle]

Arn't they supposed to be the best at protecting you aganist ID Theft?

Apparently they are the best at advertising

I would suggest Googling "suit against lifelock" (without the quotes). They are a service, so you are paying them for something you could do yourself.

The federal law suit against Lifelock was filed by the credit bureaus (the big three). They claimed that Lifelock didn't have the power of attorney to place fraud alerts on your account every 90 days. The court found for the plaintiffs and enjoined Lifelock from offering the service any longer. Then all three immediately started up their own identity theft services, one of the features of which is to place lock and unlock your account any time you want.

It was a simple case of big businesses trying to squash a little business. Now Lifelock sends me an email reminder whenever the fraud alert is expiring and I have to remember to renew it (until now.)

[macavity]

-removed by user-

[baldeagle]

Arn't they supposed to be the best at protecting you aganist ID Theft?

Apparently they are the best at advertising

I would suggest Googling "suit against lifelock" (without the quotes). They are a service, so you are paying them for something you could do yourself.

The federal law suit against Lifelock was filed by the credit bureaus (the big three). They claimed that Lifelock didn't have the power of attorney to place fraud alerts on your account every 90 days. The court found for the plaintiffs and enjoined Lifelock from offering the service any longer. Then all three immediately started up their own identity theft services, one of the features of which is to place lock and unlock your account any time you want.

It was a simple case of big businesses trying to squash a little business. Now Lifelock sends me an email reminder whenever the fraud alert is expiring and I have to remember to renew it (until now.)

Hmm... didn't know about that suit. I don't really follow this stuff, and I don't know exactly how Lifelock works or what they do. But I can tell you there are/were other suits too. The guy who posts his SSN in the ads? He is a MAJOR victim of identity theft.

He has had some minor credit fraud, which has been corrected. These are all internet rumors spread by people (not accusing you) who think the service is ridiculous. Yes, it's true, you can do the same thing that Lifelock does for you. All you have to do is be very disciplined and keep very good records and stay on top of your accounts constantly and consistently. I prefer to spend my time doing other things.

As with many things Wikipedia's Lifelock page is a good place to start if you want to know the truth.

The obvious question to those who protest that you can do all this yourself is, "Do you?" I've never had one of them answer yes. To me, that is a greater advertisement for this type of service than anything Todd Davis has done.

The real question is, why do credit granting agencies have such lax standards when it comes to granting credit?