By Amanda Thomas, MS, CFP®
Client Advisor at Mission Wealth
As a financial planning advisor, I have always recommended to my clients that they pull their credit reports annually to ensure that their credit is clear, that no records are erroneous and that no past due account is unnoticed. Yet, in spite of all of my own efforts to keep my credit and finances in check, what an eye-opening experience it was to have identity theft happen to me, and it turned my life upside down.
It started with an email from a large department store. It was a receipt of a purchase from an actual store 90 miles away. I had not been at that store, I had the store card in my possession, and at first I thought it was perhaps an incorrect card number someone used that could easily be fixed. But before I had a chance to call them, early the next morning I received a call from another department store in the same mall wanting to verify some irregular activity on my card with an in-store purchase. That’s when I knew I had a problem. Here is my first-person account (In all, it took over 20 hours of my time - on the phone and online - to handle the mess).
How can you contain the damage and do everything possible to stop the culprits?
The first thing to do is to get on the phone with any vendors, such as these department store fraud departments, and find out how the charges were made. Then put an immediate fraud alert on your card, and have a new card sent to you.
In my case, someone had walked into both stores and – using only my Social Security number – had been able to purchase merchandise as well as gift cards.
Next, go to annualcreditreport.com and take the time to review your free credit reports, as they contain a lot of info that needs a little deciphering. Annualcreditreport.com is the official site for free credit reports that is authorized by federal law. (In addition, the Federal Trade Commission has a website called identitytheft.gov that details recovery steps to clearing up your credit.) You should pull all three credit agency reports as each one may hold different info and inquiries.
As I pulled one of my own credit reports, all looked fine as far as my open accounts – no past dues, no collection items, and no unknown credit cards. But, key to getting the most out of this report is to look at the “inquiries” at the end of the report. This discloses which vendors have asked to look at your credit – existing department stores, a recent mortgage loan application, or maybe a credit monitoring company you signed up with that checks it every quarter.
In my case, as I scrolled down the list, one name looked unfamiliar. The inquiry was in the past week for a department store that I never frequented. Upon calling the customer service number, I found out that there was a current online credit card application in process in my name using an old, incorrect mailing address listed on my credit report. Wow, someone actually went online using my personal info and tried to open up an account, and how did they get that incorrect home address that only shows up on my credit report? I was able to contact the department store immediately. Thankfully they were able to stop the application and deny the card.
Filing a police report is also recommended, as the department stores may require you to complete a fraud form, and having a police report gives your claim credibility. A call to my local police department was returned shortly, and a case number was assigned that I could note in all of my fraud filings.
When you find out there is even more to the fraud
Knowing that this was now more serious, I immediately put an instant, 90-day fraud alert on all three credit reporting agencies – Experian, Transunion and Equifax. In my research, I found out that once the 90-day fraud alert expires, many fraudsters go back online on Day 91 and apply for credit in your name, again! So, how do you control that? The best recommendation is to put a “security freeze” on your credit report. This stops anyone from looking at your credit report, even if it is a company that you want to do business with. The only way to un-freeze it is to go online to the credit reporting company and release the freeze until your credit is pulled, and then put the freeze back on again.
But, to put my mind at ease I wanted to have ongoing access to my credit report, so I signed up for a credit monitoring company a few days later. They alert you to any credit inquiries, search for bank accounts that might be recently opened in your name, and several other identity related searches. Several companies that are often used are lifelock.com or protectmyid.com. My credit card company actually had their own recommended company.
As I pulled up my credit report via this website a few days later, I saw yet another unknown inquiry dated 5 days prior that had not shown up on that original credit report. It was from a company with only initials as its name, which I did not recognize. I googled the letters and found out it was a large home improvement store, where I did not have a charge card. I called them and found out that an online credit card application was in process, and again an old mailing address was used. Now I am truly concerned: how much more fraud was out there? And how clever of them to use my old address so any mailings would not reach me, or if they did, it would be too late and the damage would already be done.
It takes constant monitoring and immediate action to gain control
I did one last review of my credit report inquiries and saw one from a credit reporting agency itself, about 4 days prior to when all of the fraud started. It seemed innocent enough that a credit reporting agency could look at my report, but the timing of it was too much of a coincidence.
I called the credit reporting agency and their first comment was that this inquiry must be from my credit monitoring company. When told that I only that day had signed up for a monitoring company, they did not seem to know why the prior inquiry was there. But after persistence and being transferred to three different departments, I spoke with someone who was able to see the actual inquiry and how it was made. Turns out that the inquiry was made online through their own free credit report access company. They could see the online request, and even though the fraudster filled in my first name and Social Security number, they used an incorrect last name as well as an incorrect mother’s last name and somehow answered the security questions properly and got access to my full credit report. My guess is that they could have had multiple fraudsters applying online, trying out different answers to the security questions, or even googling my name and finding out pertinent info that might be needed for the credit report security questions – where did I work, what was my mortgage payment, etc. Then, if they hit the right combination, bingo, they were into my credit report and had access to all of my accounts and data. When asked how that could happen, the credit reporting agency apologized and said there was nothing I could do.
In the end, the credit agencies were able to delete the illegal inquiries, immediately put a fraud and security freeze on my account, and my credit score was back where it was before. This is important, as these inquiries can reduce your credit score and could affect your ability to borrow in the future at an advantageous rate. But, my immediate actions and knowledge of how to read a credit report stopped the identity theft from spreading. In fact, I found out later that the fraudsters had gone back to one of the department stores the day after the first fraudulent purchase, and had tried again to make a purchase, but the fraud alert stopped further damage.
One more precaution I took was to contact the department stores that issued replacement cards to me, and they now have a secret question or code that I must answer any time I purchase at the store without my card. What is to stop the fraudster from going back to the store again, knowing I most likely received a replacement card, and trying to charge again using my Social Security number?
So, key to thwarting identity theft: Monitor your credit often, look for inquiries that don’t look familiar, and pursue anything that looks unusual.
Here are the steps recommended on the FTC's Identity Theft website:
What to do right away
- Call the companies where you know fraud occurred.
- Place a fraud alert and get your credit reports.
- Report identity theft to the FTC.
- File a report with your local police department.
What to do next
- Close new accounts opened in your name.
- Remove bogus charges from your accounts.
- Correct your credit report.
- Consider adding an extended fraud alert or credit freeze.
