California Credit Law Blog

Identity theft often results in accounts showing up on the victim's credit reports. When that happens, a first step is to go to the local police to report the theft and get a report. A next step is to send a copy of the report to each of the credit bureaus with a letter asking that the fraudster's accounts be deleted.

Police reports are important in this process because under the FCRA, 15 U.S.C. § 1681c-2, a credit bureau must block the reporting of any incorrect information in a consumer's file upon receiving: "(1) appropriate proof of the identity of the consumer; (2) a copy of an identity theft report; (3) the identification of the information by the consumer; and (4) a statement by the consumer that the information is not information relating to any transaction by the consumer."

A consumer in a lawsuit against a credit agency known as Early Warning System lost the case because he failed to file an "identity theft report" to the bureau. The judge explained that the FCRA defines that term precisely. To qualify, the report must be a document meeting the following conditions: "(A) that alleges an identity theft; (B) that is a copy of an official, valid report filed by a consumer with an appropriate . . . law enforcement agency . . .; and (C) the filing of which subjects the person filing the report to criminal penalties relating to the filing of false information if, in fact, the information in the report is false." 15 U.S.C. § 1681a.

The consumer never filed a report with the police. Instead, he relied on a report that a Maryland county police department wrote. The consumer said he sent a copy to EWS, but the court said that did not suffice. "The obstacle Thomas faces is that this report cannot qualify as an "identity theft report" under § 1681a because it was not "filed by a consumer."

The court explained that an identity theft report must be "an official, valid report filed by a consumer with an appropriate . . . law enforcement agency." A "consumer" is defined as "an individual." 15 U.S.C. § 1681a. The police department is not "an individual" and therefore cannot be a "consumer" as defined by the statute. Because the police report was not "filed by a consumer," it is not an "identity theft report" under 15 U.S.C. § 1681a. Without receipt of an "identity theft report," EWS did not have a duty to block the reporting of the incorrect information.Thomas v. Early Warning Services, LLC. (District Court, MD 2012).
...

Identity thieves steal identities by retrieving credit card offers from trash cans and the filling sending them in using their own addresses. Law professor Jeff Sovern reports that
he told his class the Fair Credit Reporting Act requires the credit card issuers to allow consumers to opt out of the applications (15 U.S.C. § 1681b(e)), thus reducing the likelihood that an identity thief will steal their identity.

But most people don't opt out and instead tear up the applications and his students brought up a MSNBC story about how a consumer tore an application up, then taped it back together, and sent it in using a different address. Chase sent him the credit card anyway.

Prof Sovern recommends that consumers should opt-out of credit card solicitations. For the FTC's advice on how to do so, go here.

The FTC reports that identity theft was the number one consumer complaint it and other federal agencies it and they receive from consumers in 2010. The agency annually publishes what it calls the Sentinel Network of consumer complaints. Last year, 6,460 California residents reported they were the victims of identity theft, which was 17% of all consumer complaints. Younger consumers were victims more often than older persons. California was # 3 in the U.S. in terms of complaints of identity theft among the states adjusted for population.

Equifax has a judgment against it for more than a million dollars to a Bay Area man whose identity was stolen. While the consumer was hospitalized, an impostor used his identity to open fraudulent accounts. He found the fraudulent accounts on his credit reports from Experian, Equifax and TransUnion and disputed them. (See my blog on why to dispute in writing, Certified Mail, Return Receipt.)

Equifax went to trial. The identity theft victim told the jury about trying to get Equifax to correct his report. Other witnesses testified about his damages. His expert explained why Equifax's procedures fail to meet the requirements of the Fair Credit Reporting Act.

The jury agreed with the identity theft victim. It awarded him over $6,000 for economic damages, $315,000 for non-economic compensatory damages and $700,000 for punitive damages. The consumer does not have to worry about paying his attorney either. The Fair Credit Reporting Act makes Equifax liable for all his attorney's fees and court costs.

Equifax made post-trial motions to get out from under this verdict, but the trial court denied them all.

As I said before, mixed file and identity theft cases can be great cases. The verdict here proves that. If you have such a claim, give me a call.

Frequently people ask me how they can get the credit bureaus to correct inaccurate information on their credit reports. I always tell them to dispute inaccurate credit reports via letter sent Certified Mail, Return Receipt. Why do that, you ask, when I can dispute on-line or by phone? If you look at their websites, you know the credit bureaus encourage consumers to phone or email. It is almost impossible to find an address to mail a written dispute letter to.

There are COMPELLING REASONS to do your disputes in WRITING, Certified Mail, Return Receipt. If you have put it in writing and kept a copy and obtained a receipt you can prove exactly what information you provided and that they received it.

You want to provide the credit bureau with as much information as possible so it can conduct a thorough investigation. If you have names and phone numbers of people they should contact, provide them. If you have documents that prove your claims, enclose copies.

Sending a written dispute letter does not guarantee that they will fix your report, but if they don't you at least have solid evidence to support your lawsuit. Phone conversations and emails are hard to prove. You don't have as good a record and the credit bureaus can dispute what you said. Emails get lost. You don't get any proof that they received them.

Please keep copies of everything you sent with the dispute letter, including all enclosures and a copy of your signed letter. (Sometimes it is important for them to have your signature so they can compare it to the signature on the fraudulent account you are disputing.) Your file copy of the dispute letter should be an exact duplicate of what you placed in the envelope to the credit reporting agency.

If Experian, Equifax or TransUnion are reporting accounts that are not yours -- either mixed files or fraudulent accounts -- and they will not correct it, give me a call. Those are good cases.

A new report by West Point prof Gregory Conti urges the military to reform its practices to protect service members from identity theft. Conti reports that service members and their families are burdened with a work environment that shows little regard for their personal information resulting in frequent theft of their identities.

The Navy and Marines have recently made efforts to limit the use of social security numbers. Military ID cards no longer include the number. But Conti the situation had not really dhanged: “The farther you get away from the flagpole at headquarters, those policies get overturned by operational realities.”

Social security numbers are useful to identity thieves because they serve as crucial identifiers interfacing with banks and credit card companies. The thieves open accounts in the service members names leading to ruined credit reports and problems for military personnel getting security clearances or promotions.

Javelin Strategy and Research, which tracks identity theft, looked at identity theft in the military in 2006, finding that 3.3 percent of active military personnel had been victims of such fraud that year, slightly below the 3.7 percent in the public at large.

The Federal Trade Commission has a site for ID theft victims that covers every type of ID theft. The site has advice for consumers on how they may protect themselves against ID theft and what to do when their ID is stolen.

The FTC has also made available a guidebook for assisting identity theft victims. For example, the guide details how consumers may get assistance in resolving ID theft, sample letters to send to credit reporting agencies and creditors, and the best way to dispute claims by debt collectors,

This from AOL News reports

According to an Army spokesman, thieves have gone online using dead soldiers' identities to scam women into sending them money. "They look for patriotic women, and they play on their heartstrings," Christopher Grey, a spokesman for the United States Army Criminal Investigation Command, told AOL News.

The use photos and details culled from Facebook and news accounts to pose as living soldiers. They target women who are sympathetic to soldiers' in war zones.

Victim Joan Romano of Lynbrook, N.Y. said one image in particular "really got my heart going because I really do cherish our soldiers." She sent the crook her savings.

The Army has received complaints from victims reporting losses from a few thousand dollars to $28,000 in one case,

Most identity theft is for the purpose of stealing money and goods, but another type of identity theft involves theft of medical records. The thief assumes the identity of another person with medical insurance coverage in order to obtain medical services. The innocent person may lose his or her medical insurance coverage as a result or be stuck with a large bill. A study shows it can cost $20,000 on average to resolve a case of medical identity theft.

Some cases involve a friendly theft of services--one person lending his identity to an uninsured friend or relative. A study by the Ponemon Institute estimated a million Americans were victimized in this way in the last two years.

Identity theft victims are often required to obtain a police report in order to help prove they really are victims of identity theft. A problem is that some police departments will not take such reports and the great majority never take any action to solve the crime. A better alternative is to register a complaint with the U.S. Post Inspectors.

The U.S. Postal Inspectors have agents throughout the country and are far more interested in helping victims and investigating the thefts than local police departments. Their website is set up to allow victims to report online. Once the form is filled out and sent, a confirmation screen appears that be printed. A reference number is provided that can be noted in Identity Theft Affidavits. They also accept telephone calls; the telephone number for the nearest office is easily obtainable on their website.

Capital One Bank and the credit reporting agencies (Equifax, Experian and TransUnion) recently settled with our client who was the victim of identity theft. It took years for the identity theft victim to get Capital One to stop trying to collect on the account it opened for an imposter.

The story began when Capital One sent a pre-approved credit card application to our client at her former college apartment. Someone in the building got the application from the mail and used it to get a VISA card from Capital One in our client's name. The imposter took $500 from the account, but Capital One quickly learned the account was fraudulent--a law enforcement agency told it that professional identity thieves had opened the account--so it closed the account and charged off the account balance.

That should have ended the matter, but it didn't. A year later, Capital One sent another credit card application to our client at the same old address. The imposter again used the application to apply for credit in our client's name and again Capital One issued the imposter a VISA card. This time it gave the imposter a $20,000 credit line and sent "convenience" checks that the imposter used to withdraw almost $18,000. When the imposter failed to make the payments, Capital One located and began to dun our client. She disputed the account, retained a different lawyer, wrote lots of letters. Nothing worked. Capital One sued her to collect on the account.

Then she contacted us.

Continue reading "Capital One Settles With Identity Theft Victim" »

Writing in the San Francisco Chronicle, Kathleen Pender demonstrates that the credit monitoring services offered by the credit bureaus and other companies at a cost of $60 to $200 a year are a waste of your money. The services won't detect many types of identity theft and it is pretty easy to check your credit reports for identity theft for free.

Credit monitoring services promise to notify you of "key" changes in your credit reports by email or cell phone text message. How soon you are notified varies; Equifax offers daily notification, but the notification could be 30 days after a lender's report because some lenders to the credit bureaus every 30 days. Another problem is that some monitoring services only check with one of the three major credit bureaus. None of the services can prevent existing account fraud, which is a thief stealing and using your credit card and name. Nor can the services alert you that someone is using your debit card, your medical ID information, or someone using your social security number to get a job.

Everyone is entitled to a copy of their own credit report at no charge once a year. A Consumer Action spokesman says to pull your report from one credit bureau in January, another from a second credit bureau in May and the third in September. The free reports are available a www.annualcreditreport.com. Some services advertise they will get your name off of credit card solicitation lists, but anyone can do so at no charge by going to www.optoutprescreen.com.

Continue reading "Credit Monitoring Services Are a Waste of Money -- Free Alternatives Are Available" »

Identify theft affected somewhere between 8 and 15 million Americans in 2005, according to Tom Abate's article in today's San Francisco Chronicle. One report just issued by the Federal Trade Commission estimated that identity theft struck about 4% of all adult Americans in 2005. Those numbers mean that identity thieves are twice as likely to target American consumers as are street criminals.

But another report issued last February estimates that the problem is much worse than the FTC calculates. The market research firm Gartner's study suggested that 15 million Americans had been victimized in the 12-month period ending August 2006. If these numbers are right, you're four times as likely to be an identity theft victim as to be a street crime target.

The bottom line is, no one really knows how much identity theft occurs in the U.S. And what knowledge we do have about data breaches is only possible because California and about 35 other states require companies to reveal when certain sensitive data are leaked. Congress has so far failed to pass any equivalent federal law.

How do identity thieves gain access to so much sensitive consumer information? According to private sector data security expert Larry Ponemon, half of the data breaches were due to lost laptops. Malicious employees accounted for another 9 percent. A whopping 40 percent of the breaches involved a third party--either an outsourcer, consultant or other business partner.

Continue reading "Identity Theft Mostly Caused by Lost Laptops, Third Parties" »

Victims of identity theft may opt to have their credit files frozen--meaning no one, not even creditors, may access their credit reports without the victim's consent. Laws in 39 states, including California, have mandated this option. The credit reporting agencies have opposed these laws, but on October 25, 2007, Equifax announced it would extend the right to freeze consumer files to all 50 states according to its press release.

The California Office of Privacy Protection website www.privacyprotection.ca.gov has details on how victims may freeze their credit files.

The California Office of Privacy Protection exists to protect consumers from identity theft. Their site has valuable information for victims of identity theft. For example, one may learn how to "freeze" your credit files. The site provides step by step instructions on how to stop third parties from accessing your credit. The site collects a great deal of information on identity theft as well.

Identity thieves can deplete your available credit in no time. Dateline recently tried an experiment and documented it on video to test just how quickly sophisticated identity thieves could operate. It teamed up with a major credit card company which issued a couple of genuine credit cards under fake names. Then Dateline, with an identity theft expert posing as a thief, posted the bogus credit cards in underground chat rooms on the Internet. A fraud investigator for the credit card company monitored how much time it took for a thief to use the fake cards and max out the cards' $1,000 credit limit.

For the first credit card, the initial "hit" took only 12 seconds. The thief first began to make fraudulent charges in small amounts--like an $11 contribution to the American Red Cross--apparently to see if the card really worked. Once the thief figured the card was genuine, charges began to pile up in increments of hundreds of dollars. In less than 13 minutes, the credit card was declined for reaching its $1,000 limit.

The second credit card was maxed out in less than two minutes. This time the thief charged more than $700 in dog food alone. Illustrating the prevalence of identity theft wordwide, while the bogus card was issued for a fake person in Washington, D.C., someone in Chile charged the dog food.

The results of Dateline's experiment are illuminating. Identity thieves are operating wordwide through the Internet, and they are lightning quick and brutally efficient.

Will and Gracie Tan suffered through identity theft, fake credit cards in their name, had their bank accounts raided and then learned that their tax refund was going to someone else, as Ken Garcia recently reported in the San Francisco Examiner. The Tans' horrible experience illustrates how much damage sophisticated identity thieves can inflict upon consumers' credit--and their bank accounts--with a few key items of identification.

The Tans' problems seems to have started last year, when they refinanced their mortgage. Garcia's column doesn't say who actually stole their identifying information, only that a ring of thieves in El Paso, Texas ended up with it. Those thieves knew what they were doing--they promptly opened new fraudulent credit card accounts and stole $5,000 from the Tans' checking account. Apparently because the Tans were diligent in monitoring their bank accounts, they were able to get a refund from the Bank of America. They also had a lucky break in discovering that Macy's said they owed $1,500 that they hadn't charged, which led to their discovery that other fraudulent accounts had been opened in their name. But then they learned from the IRS that a tax refund was on the way, and they hadn't filed yet.

According to Garcia, The Examiner reported recently that the number of fraudulent tax filings is on a steady rise, with tax cheaters using computers to create fake W-2 forms that IRS officials admit are nearly identical to the real thing. IRS officials and tax preparers say 2007 may be a banner year for tax fraud. Worse, once a fake tax return has been filed, consumers are unable to file their legitimate tax return electronically. This creates a bureaucratic nightmare for consumers, especially when they are expecting refunds which they discover are being sent to someone else.