identity theft: my story of prevention and safe response


I am a Software Engineering Student at Holberton School, San Francisco | contact me or follow me.

Share

Fraud Alert!  This true story is about how I realized my identity was stolen and my experiences with dealing with other people using my personal identity (and information against my authorization) to establish new credit cards in my name and use my personal credit cards.  Additionally, I discuss the problems that come from identity theft such as when said individual/robot/gang uses another person's identity for their own gain.

Definitions: in discussing with others about this event, I came across some confusion as to the actual definition of identity theft.  For the purpose of this article, I would like to define what I mean by the terms identity and identity theft because the terms may not be consistent with everyone.

your identity: is any combination of your personal information unique to you such as your: full name, birthday, driver's license number, passport number, Social Security Number (SSN), address, phone number, e-mail, credit card #, credit card security code, passwords, access to your computer,  access to other cloud / internet accounts.

Identity theft is when someone steals or otherwise obtains your identity.

non affiliation disclaimer: I suppose now is a good time to mention that I have no affiliation whatsoever to any of the companies mentioned in this article, besides being a consumer of their products.  I do not work for any of the companies mentioned in this article in any way, nor gain monetarily from any of them, nor receive any other benefit in any form from any of these companies.  I am simply a consumer with a personal experience to share that might help other consumers.  None of my experience should be considered as professional, legal, or financial advice.

Prevention

From my own experience, I was lucky to have one of my credit card company's provide me with free 24/7 access to my credit report as a package deal for a credit card I have with them that has no annual fee. So entirely free, no strings - really - because I haven't put credit on the card in probably over 10+ years .  This company just recently added this service, and also sends me electronic updates on any activity to my credit report, which ended up being the life saver for me.  Because the company has been so helpful, I'm going to give them a positive shoutout: Capital One, and their service is Credit Wise: creditwise.capitalone.com.  CreditWise uses only the TransUnion credit bureau reports, and so it is incomplete, but still very useful. While getting your credit report does not prevent identity theft, it may be very crucial in helping you to recognize when your identity has been stolen and used to obtain credit, and this step can help you take immediate action to deal with the circumstances.

To buy a copy of your credit report, contact:

  • Equifax: 1-800-685-1111; equifax.com (update: in light of the 2017 data breach, I DO NOT recommend using Equifax)
  • Experian: 1-888-397-3742; experian.com
  • TransUnion: 1-800-916-8800; transunion.com

I do not know the incident in which my SSN was stolen or how someone connected my SSN with my name and address.  I was notified by Target that my credit card information was a part of one of their breaches, but nothing ever came from that except that they gave me access to my credit report through one of the credit card bureau's for 1 year.

Additionally, I may have been a victim of gas station skimmers (gif photo to the left) as my credit was often used against my authorization after fueling up and paying with my credit at gas stations for the first time.  Another more logical guess would be from an incident in 2011 when my laptop was stolen. This was such a traumatic event for me, and of course, now that my identity has been officially stolen and used to my detriment, I will briefly share this story to possibly help someone else. I was a student at the University of Chicago, and so I took my laptop with me everywhere, as it was helpful for all my educational experiences. Since it was always with me, it had high exposure and risk of being stolen. The day it was stolen, I was spending hours in the Library at the school of social work's library, and so I needed to leave to take a bathroom break. I had always felt secure in that library because it was small and so the Librarian and almost all students in the Library can see everyone in it, there are 3 doors to pass through and 2 secretary/ admin type professionals supposedly monitoring for and checking for everyone entering and leaving the Library. Additionally, I had never seen any unusual events in our Library nor our school. Nevertheless, I decided to take a safety measure when going to the bathroom and brought my laptop to the secretary/ administrators desk for safety. I told the person in charge there that I would be gone in the bathroom for a few minutes and asked if they would safely keep my laptop behind the desk. This person responded yes that he would and kept my laptop right under his nose. Well, no more then 3 minutes later, I returned and the laptop was gone! Stolen! A brave and helpful classmate (not the librarian) had seen the guy at some point in his steeling process, and chased him down the street, but the perpetrator escaped! I suspected the secretary was in on it, but that was it. It was gone, I suffered, and moved on, learning to take extreme precautions with my personal items.

Other Preventative measures relate to preventing people from obtaining your personal information:

  • Do not post any of your personal information (see above note on personal information) on the internet, and Delete any of your personal information from any public posts if it is already on the internet!
  • Secure your social security number (SSN). Don’t carry your social security card in your wallet or write your number on your checks. Only give out your SSN when absolutely necessary.
  • Don’t respond to requests for personal information to anyone or any website that does not absolutely need your information.
  • Shield your screen and keypad when typing your passwords on computers and at ATMs.
  • Collect mail promptly. Ask the post office to put your mail on hold when you are away from home for several days.
  • Pay attention to your billing cycles. If bills or financial statements are late, contact the sender.
  • Review your receipts. Promptly compare receipts with account statements. Watch for unauthorized transactions.
  • Shred receipts, credit offers, account statements, and expired cards.
  • Store personal information in a safe place at home and at work.
  • Install firewalls and virus-detection software on your home computer.
  • Make diverse and complex passwords. I use LastPass, which also securely stores all my passwords: lastpass.com

Warning Signs
To prevent tax identity theft, be wary of any Internal Revenue Service (IRS) letter or notice that states:

  • Unrecognized Charges on a credit card or debit card.
  • Unrecognized e-mail notifications or alerts from your credit report.
  • Stolen Property.
  • More than one tax return was filed using your SSN.
  • You owe additional tax, you have had a tax refund offset, or you have had collection actions taken against you for a year you did not file a tax return.
  • IRS records indicate you received wages from an employer unknown to you.

Recognition

Credit Reports

In my own case, I recognized the identity theft on my Credit report. I saw there were 2 separate incidents in which someone had attempted to take out a credit card in my name with my personal information. I called the 2 agencies that received credit card applications in my name: Target and Saks Fifth Avenue. Thankfully, these companies did not issue credit cards in my name, and the cards were rejected. I called a Target official phone number and they connected me to an application and fraud department. This department worked with me to come to the realization that the application for credit had 3 crucial and valid pieces of personal information necessary to establish a new credit card in my name: SSN, Address, and Name. The application also had incorrect information in it, which is probably why the credit application was rejected.

There was, unfortunately, a company, who I do NOT recommend: TD Bank, Retail Card Services Department connected with Tourneau, LLC, a luxury watch company, who did open an account in my name! What the f*! This company opened a line of credit with only 2 valid pieces of information to my name. There was multiple incorrect pieces of information, yet the credit account was still opened in my name. The next day some imposter tried to make a purchase at Tourneau, LLC with my credit, and probably was hoping to get some new Rolexes. Fortunately the retailer suspected fraud and notified TD Retail Card Services, who put a block on my account.

No Whammies! No Whammies!

I was alerted 1 month after the fact that this happened, most likely because of TD Bank's procedures for notifying Credit Bureau's of new accounts.  When I called TD Retail Services, my account still existed with a block on it, and so next, I tried to close the account and put out a fraud alert. However, in order to process my request, TD Retail Card Services required me to send written notification of my request either by snail mail or by fax. This was a double whammy for TD Bank, and so they get a grade F from me.

Zero Liability

According to the FDIC, Federal Deposit Insurance Corporation, federal consumer laws and financial industry practices (under certain circumstances) protect victims from losses occurred from fraudulent or criminal activity using your credit against your authorization.  Additionally, many major credit card companies have voluntarily adopted zero liability policies to product consumers.  Zero liability policies go beyond the federal law requirements, which limit individuals' out-of-pocket expenses to $50 if a credit card is lost or stolen and then used fraudulently. As the name implies, zero liability policies mean that consumers are not responsible for any unauthorized transactions when their cards or account information are stolen and used fraudulently.

There are some potential exceptions to 0 Liability:

  • wait too long to file a claim.
  • behind on credit card payments.
  • fail to exercise "reasonable care" in protecting your identity.
  • not willing to file a police report.
  • made the purchase with something other than a personal credit card.
  • made the purchase with a card not issued in the United States.
  • You are the perpetrator of the crimes

Free Annual Credit Report

There is another company that provides a free annual credit report 1 time every 12 months through their website: www.annualcreditreport.com.  Since I discovered that my free credit report from Capital One's CreditWise service only pulls information from Trans Union Credit Bureau Report Notifications, I decided to check for myself, what my complete credit report looked like from AnnualCreditReport.com.  When you request your free report, don't forget to request all reports from all 3 Bureaus: TransUnion, Equifax (update: in light of the 2017 data breach, I DO NOT recommend using Equifax), and Experian.  This service connects you to each Credit Bureau, which will ask you to verify that you are who you say you are with background information questions.  My updated report from Experian showed more activity of Credit inquiries.  The Equifax Report had technical issues and they would not issue my report electronically, and so I am still waiting for the report, and the process has been very troublesome.  While Equifax successfully notified all Credit Bureaus of the fraud alert, they have been very disappointing in other major areas of service, and so I do NOT recommend Equifax (update: in light of the 2017 data breach, I DO NOT recommend using Equifax).

Credit Card Statements

I have also had incidents in the past in which someone had attempted to use my credit card to make small purchases in remote countries or through online accounts such as Netflix. This is a different type of identity theft in which someone attempts to impersonate you with a credit card that you already own, and attempts to use your credit card to make purchases for them. In this case, the credit card companies are responsible for issuing your credit to the wrong person, and so they take great measures to help you resolve the issue. For example, all credit card companies that I have worked with have algorithms set up to help detect fraud. They will attempt to notify you when a credit card purchase is flagged in their system. This usually happens with purchases in a new state or country for your purchase history.

In the case in my life in which someone tried to use my credit card, I detected the fraud myself. I noticed the minor purchases when reviewing my account and notified my credit card company. The credit card company immediately took action, and did not charge me for the purchases. I happen to catch the charge before I had paid my credit card bill, and I believe the charges were still pending. This may have influenced my success in not having to pay for those charges, but I do not know? In this incident, I believe that my credit card information was stolen from a Citgo gas station from one of the scams where thieves insert credit card readers into gas station pump credit card readers. I think this because the Citgo was the only unique place I had never purchased at in the past weeks before the charges occurred. I could be totally wrong about this though as you can see my logic has many flaws. That's why I just let this one go, and didn't boycott Citgo or pursue any reparation.

Response

The steps that I took were to:

  • Contact a credit reporting company such as Equifax (update: in light of the 2017 data breach, I DO NOT recommend using Equifax), Experian or TransUnion to report the fraud and begin an initial fraud alert. This then initiates a 90-day alert that increases the security of your credit. The company that I called had a 24/7 phone line that automated this process.  The company you contact should take the initiative to contact the other 2 credit reporting agencies. You may also initiate the fraud alert using a web interface (more info here).  Later, I received a notice from my credit report of the fraud notification.  Note that when you submit a fraud notification, you agree to the following:

YOU MUST READ, UNDERSTAND, AND AGREE TO THE FOLLOWING TERMS OF USE AS WELL AS THE GENERAL TERMS OF USE FOUND AT THE LINK AT THE BOTTOM OF THE PAGE IN ORDER TO USE THIS WEB SITE.

If you request an initial fraud alert then you are also making the corresponding certification: You certify that you have a good faith suspicion that you have been or are about to become a victim of fraud or related crime, including identity theft; or If you are a Personal Representative You certify that you have the express written authority to act on the consumer's behalf to place an initial fraud alert on his or her credit file and such consumer has a good faith suspicion that he or she has been or is about to become a victim of fraud or related crime, including identity theft. If you request an active duty alert be placed, then you are also making the corresponding certification: You certify that you are an active duty military consumer; or If you are a Personal Representative You certify that you have the express written authority to act on the consumer's behalf to place an active duty military alert on his or her credit file and such consumer is an active duty military consumer.

  • For a 7-year fraud block (increased security), you need to contact the police to report the identity theft, and send this information to a one of the major credit bureaus.
  • I did contact the Police to file a police report and I used the Federal Trade Commission's identitytheft.gov identity theft reporting web interface to file a report.  I can use both of these reports to file an extended fraud alert of 7 years.

What is a fraud alert?

A fraud alert on your credit report notifies lenders and creditors who pull your report to take additional steps to verify your identification before they extend a credit line or loan in your name.

Under the Fair Credit Reporting Act (FCRA), consumers may place fraud alerts on their credit reports with the three major credit bureaus, free of charge. The bureau you contact is required to notify the other two credit bureaus to place an alert on your file.

There are three types of fraud alerts:

Type Duration Requirements Key Benefits
Initial Fraud Alert: Available if you are concerned about becoming a victim of fraud/ID theft 90 days Appropriate proof of identity Creditors who pull your report are required to take reasonable steps to verify identity
Extended Fraud Alert: Available if you are a victim of fraud/ID theft 7 years Appropriate proof of identity and copy of an identity theft report
  • Creditors who pull your report are required to take reasonable steps to verify identity
  • Two free credit reports from all three credit bureaus in the first 12 months (after that, you're entitled to request one per year from all the credit bureaus)
  • Name is removed from "prescreened" offer list for five years
Active Duty Military Alert: Available if you are in the military and want to minimize your risk of fraud/ID theft while you are deployed 1 year Appropriate proof of identity
  • Creditors who pull your report are required to take reasonable steps to verify identity
  • Name is removed from "prescreened" offer list for two years

If you are a victim of identity (ID) theft, report it immediately. The Federal Trade Commission and your local police department are critical in filing the complaint. Once you file the ID theft with the FTC, you will have an ID theft affidavit. Print and take this with you to file the crime with the local police and get a police report. These two documents together are your identity theft report. Your identity theft report will be very important as you resolve the problem with creditors, banks, and any other companies where fraudulent accounts were set up in your name. You may also report specific types of identity theft to other agencies.

  • Long-term Care Identity Theft - Report a claim to the long-term care ombudsman in your state, if the theft was a result of a stay in a nursing home or long-term care facility.
  • Medical Identity Theft - Contact your health insurance company’s fraud department or Medicare’s fraud office.
  • Tax Identity Theft - Report this type of ID theft to the Internal Revenue Service and your state’s Department of Taxation or Revenue.

In addition to federal government agencies, you should also report the theft to other organizations, such as:

  • Credit Reporting Agencies - Contact the three major credit reporting agencies (listed above) to place fraud alerts or freezes on your accounts so that no one can apply for credit with your name or social security number. Also get copies of your credit reports, to be sure that no one has already tried to get unauthorized credit accounts with your personal information.
  • Financial Institutions - Contact the fraud department at your bank, credit card issuers and any other places where you have accounts. You may need your ID theft reports from the police and Federal Trade Commission in order to report the fraud.
  • Retailers and Other Companies - You will also need to report the fraud to companies where the identity thief created accounts, opened credit accounts, or even applied for jobs in order to clear your name.
  • State Consumer Protection Offices or Attorney General - Your state may offer resources to help you contact creditors, dispute errors and other helpful resources.

Protect Your Social Security Number

If your social security number was or may have been compromised, contact the Social Security Administration (800–269–0271) and the Internal Revenue Service (800–829–0433). Regarding, tax ID theft you may also find this information on Tax ID Theft valuable: Internal Revenue Service. It’s important to talk to the SSA if you have reason to believe your social security number has been compromised, even if you don’t yet see any evidence of financial fraud. A thief could be planning to swipe your tax refund, or to obtain employment in your name.

Below is a more complete and official informational .pdf from identitytheft.gov

Note: This blog is still in editing progress as I am still in the middle of dealing with identity theft!

Posted in security and tagged , , , .