alan regan :: identity theft

Contents

• General Disclaimer
• What is Identity Theft?
• How Do the Criminals Get My Information?
• How Else Can I Prevent Identity Theft?
• How Do I Know if I'm a Victim?
• How Do I Respond to Identity Theft if I'm a Victim?
• Where Can I Find Additional Information?
• Footnotes

Last updated: April 23, 2002.

General Disclaimer

In a nutshell: use this information at your own risk.

While personally motivated to educate others about identity theft, I am neither a lawyer nor am I a member of law enforcement. Do not take any information here as legal advice or as a guarantee of a resolution.

If you are a victim of identity theft, contact your local law enforcement agency immediately, and if necessary, call a lawyer.

^ top

Where I Gathered This Information

The language is mine, but I gleaned many concepts from various US federal and state agency websites. I also pulled from my own experience, as well as advice from private organizations or individuals. I have cited my sources and provided links to support much of the information on this site.

^ top

Other Considerations

Since I do not control any of the external sites listed on this page, I cannot be held responsible for the content on these sites. I provide links to outside resources for your convenience, but I am not responsible for their content or the maintenance of that information. Be sure to address concerns with an outside site's content to the webmaster of that site.

As you know, laws change. While I aim to update this page often, some information may become dated over time.

Laws vary. Different states, even local governments, may interpret "identity theft" in different ways. Don't rely on one source for all of your information. Before you take any action, double-check with the appropriate local, state, and/or federal agency.

I do not endorse any outside group. Also, be careful how you share information, especially online. If you fill out a complaint form with a law enforcement agency, be sure it has a valid and secure connection (SSL certificate). You may wish to consider using toll-free numbers rather than submit "clear text" email or online forms.

Any service that expects a fee should be considered suspect. Fees should not apply as you clear your name!

^ top

Final Note

While it may sound silly, please don't sue me. I'm the victim of a crime, and I don't want what happened to me to happen to others. I offer this page as a stepping stone for you to learn more about identity theft.

If you encounter a problem with this page or find an inaccuracy, please contact me so I can address it. Thank you.

^ top

What is Identity Theft?

Definition:

According to the US Department of Justice, "Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain."1

Basically, a criminal gets ahold of your personal information, such as your Social Security Number (SSN), Date of Birth (DOB), Mother's Maiden Name, etc. This person uses that information to obtain credit, goods, and/or services under your name. They walk away with merchandise, you get the bill.

"Identity theft is costly, to the marketplace and to consumers. The Secret Service estimated the cost of identity theft at $745 million in 1997. According to a May 2000 survey by CalPIRG and the Privacy Rights Clearinghouse, the average consumer victim spends 175 hours and $800 resolving identity theft problems, and it takes two to four years for victims to clear up all the resulting problems."2

Criminals may also use your information to commit different crimes or avoid prosecution. The latter event happens rarely, however.3

^ top

Learn More:

• Sullivan, Bob. "Credit Card Fraud Hit 1 in 20 Users, And Identity Theft Hit 1 in 50 During Past Year, Study Says." MSNBC.com. March 4, 2002. http://www.msnbc.com/news/718115.asp

^ top

The Law:

Federal, state, and local laws define the crime of identity theft with different language, and the punishment for the crime may vary from jurisdiction to jurisdiction.

As of the writing of this document, it appears that at least three US states do not have explicit laws about identity theft. These include Nebraska, New York, and Vermont. The FTC website does point out, however, that the crime "may be prohibited under other state laws."4

The FTC urges citizens and victims to read about federal law and state laws to learn about your rights and responsibilities.

According to my local police department, not all states protect consumers. In California, we're lucky to be protected under PC 530.5, PC 530.6, and PC 530.8.5 But even these laws could be strengthened. And local law enforcement could use additional manpower and resources.

Some of the elements of consumer protection:

• defining identity theft as a crime
• establishing the jurisdiction of record as the victim's location
• requiring law enforcement to write a police report and provide a copy to the victim
• requiring creditors to provide victims and law enforcement copies of the false applications or other documents, such as counterfeit checks, as well as transaction information
• protecting consumers from harassment from creditors once identity theft has been established
• protecting consumers from unnecessary expenses or unreasonable requests to prove their victim status
• requiring safeguards to be sure that information is only shared with the actual victim

If your state does not protect you, write your local legislators.

^ top

How Do the Criminals Get My Information?

Unfortunately, criminals can get their hands on your personal information from many sources. The following are just some of the many ways bad guys get your info.

• SOURCE ONE: YOU
• SOURCE TWO: YOUR MAIL
• SOURCE THREE: INSIDERS
• SOURCE FOUR: DATA EXCHANGE
• SOURCE FIVE: HACKERS
• SOURCE SIX: MISTAKES, ERRORS, THE NEGLIGENT, AND THE DUMB

^ top

SOURCE ONE: YOU

We can often be our own worst enemies.

• The Trash
• What You Volunteer
• Strange Update Requests
• What You Show in Public
• Loose Paperwork

The Trash

Think about the information you throw away every day. If you toss out bank statements, credit applications, or other paperwork with personally identifying information, you may be handing criminals the tools they need to damage your credit.

Invest in a shredder and use it. A cross-cut or confetti shredder works best. While a shredder doesn't guarantee that a bad guy won't piece together your information, you'll make it a lot harder to do so.

^ topic

What You Volunteer

Think about the information you volunteer to people. Forms at the dentist, chiropractor, or retail store may include spaces for your Social Security Number, Driver's License number, etc. Don't fill in these spaces.

If they hassle you, find out why they need the information, how it will be safeguarded, and what happens when you close your account.6

When in doubt, take your business elsewhere.

Lastly, don't print confidential information on business cards, stationery, resumes, or your checks. This includes your Driver's License number, Date of Birth, Mother's Maiden Name, and/or Social Security Number. While it may seem convenient, it's dangerous. Don't make it easier for a criminal to commit identity theft.

As for the internet, be careful what you use as passwords, and watch what you say online. Bad guys can mine your personal information in web logs ('blogs'), public posts, or email. Avoid mentioning your family genealogy, and try not to provide your actual birth date. It doesn't take a genius to turn, "I turned 21 today" into a date of birth.

^ topic

Strange Update Requests

If someone calls you or sends you an update request in the mail or via email -- question the source.

Sometimes thieves may pose as legitimate entities to con you into releasing your valuable personal information. Don't do it.

Contact company's standard customer service number to verify if the request is legitimate. If the individual called you, be sure to take the person's name and contact number, or capture the number via Caller ID.

^ topic

What You Show in Public

When you're in public, remember to safeguard information such as your PIN or credit card number.

Shield the ATM or store keypad when you type in your PIN, and don't leave your credit cards sitting in the open. Other items to shield or hide include your house keys, car keys, and anything else a criminal could use to his/her advantage.

Plus, you should minimize the number of important documents or ID cards you carry with you. Only take into public what you need.

^ topic

Loose Paperwork

Too often we keep important paperwork lying around, rather than keeping it under lock and key.

Be conscious of important documents, including the information in your wallet and checkbook. Don't leave ATM receipts or other paperwork in your car. And never leave important information where people can see or steal it.

You wouldn't leave bars of gold sitting on your kitchen table or near an open window. Take the same care with your important documents.

Treasure your personal information. It's priceless!

^ topic

Too often we concern ourselves so much with the convenience of the moment, we fail to recognize the long-term consequences of not protecting our personal information.

Those costs include time, money, the damaging effects on your credit rating and history, and the emotional or psychological consequences of being a victim.

^ top

SOURCE TWO: YOUR MAIL

The bad guys may intercept important documents without your knowledge. Mail theft is a common means for criminals to steal your info.7

Keep Alert

Don't take your mail for granted.

Pay attention to the normal delivery dates of bank statements, utility bills, etc. If this paperwork doesn't appear on time, or if the envelopes look damaged or tampered with, contact the company immediately.

If mail theft or tampering is involved, you should also contact your local post office or postal inspector. Mail theft and/or tampering is a federal crime. The Post Office's investigation may aid law enforcement in tracking down the criminal(s).

Also, be careful where you deposit your mail. Criminals can steal your mail coming in or going out.

^ topic

Consider a PO Box

According to an employee in my local postmaster's office, the mail system does not guarantee delivery to an individual, just an address.

This is why the Post Office can't insure that your mail won't be opened by your roommate or landlord. Or if mail is sent to your place of employment, the Post Office can't insure that it won't be opened by your boss or an authorized agent of the company.

For this reason, you may want to invest in a PO box.

Look at your own bills. Where are your payments sent? More than likely, you mail payments or correspondence to a company's PO Box rather than a street address. What's good for the goose...?

NOTE: The postal employee I spoke with also mentioned that the same rule applies to private mail boxes. In a contract with a private mail box company, you authorize that company to receive your mail. According to the woman I spoke with, this is the same as saying they can open your mail as well. I have owned private mail boxes in the past, and haven't experienced any problems. But it's something to consider.

^ topic

^ top

SOURCE THREE: INSIDERS

What do banks, credit card companies, government agencies, insurance companies, medical offices, employers, payroll companies, utility companies, and schools have in common? They all store your personal information.

While most organizations take precautions to prevent employees from stealing your information, these systems aren't perfect. In fact, the FTC "estimates that more than half of all identity theft results from compromised business records."8

Bottom line: it's all about access. Whether they pay off an insider or work in these companies themselves, criminals can farm your information from some of the organizations we trust and rely on.

NOTE: I hate to suggest it, but we could be living with "insiders" as well. We've all heard the horror stories of college roommates who steal ATM cards and drain accounts. Other possibilities include friends, business colleagues, landlords, or even relatives.

^ top

Learn More:

• Fries, Jacob H. "Worker Accused of Selling Colleagues' ID's Online." The New York Times. March 2, 2002. http://story.news.yahoo.com/news?tmpl=story&u=/nyt/20020302/tc_nyt/worker_accused_of_selling_colleagues__id_s_online



^ topic

^ top

SOURCE FOUR: DATA EXCHANGE

One of the best ways to reduce your risk of identity theft is to minimize the number of outside sources that have your information. Nowadays, it becomes increasingly more difficult to do this when those sources sell your information to other companies.

In addition to selling your information to marketing companies, some large corporations share your information internally with different subdivisions. This increases the number of people whose fingers touch your confidential data. As the number of people increases, so do the odds that something may go wrong.

Other problems include mergers, buy-outs, outsourcing, etc. If a company is bought or merges with another, your information may transfer to a new and possibly less secure database or less strict privacy policy. It also means that new regional offices may have access to your information, along with the chance that multiple copies of your info will float between organizations.

Companies sometimes outsource work or the management of accounts to outside contractors. They may even sell accounts wholesale to other companies.

While you can't control the business decisions of the companies you deal with, you can keep up-to-date on privacy statements. You may also opt-out of some marketing and data-sharing. Read the fine print of privacy statements, and write to each company's opt-out address.

To opt-out of most "pre-approved" credit offers, contact the three Credit Bureaus:

• Phone (Equifax, Experian, TransUnion): (888) 567-8688
• Mail: see address info below, or check out each company's website for contact info: Equifax, Experian, and TransUnion

You may also remove your name from other mail and phone lists by writing to the Direct Marketing Association. Each request will remove your name from their list for five years. According to the DMA's consumer FAQ, your written removal request must include your name, complete mailing address, and signature.9 They offer an online submission process, but will charge you a fee.

• Mail Preference Service, P.O. Box 9008, Farmingdale, NY 11735
• Telephone Preference Service, P.O. Box 9014, Farmingdale, NY 11735

^ top

Learn More:

• Olsen, Stefanie. "Calif. halts birth-record sales to Web sites." CNET News.com. December 6, 2001. http://news.com.com/2100-1023-276703.html?legacy=cnet
• Staff Writer. "Four Struck By Identity Theft." TheWPBFChannel.com. March 5, 2002. http://dailynews.yahoo.com/h/wpbf/20020305/lo/1109477_1.html
• Gonsalves, Antone. "Businesses That Abuse Consumer Privacy Will Pay." InformationWeek.com. February 28, 2002. http://story.news.yahoo.com/news?tmpl=story&u=/cmp/20020228/tc_cmp/iwk20020228s0015
• Knowledge@Wharton.upenn.edu. "Up for Sale: Privacy on the Net." CNET News.com. March 25, 2001. http://news.com.com/2009-1023-254701.html



^ topic

^ top

SOURCE FIVE: HACKERS

Another way the bad guys get your information is through breaking the security on computer systems -- in homes, businesses, and websites.

In 2000, a number of major websites were hacked. For instance, RealNames, a major internet keyword registration service, discovered that its customer database had been compromised.10 This meant that the company's users were at risk of identity or credit card fraud.

Online stores and services make perfect targets for hackers, since they offer a centralized source for names, addresses, credit cards, and other personal identification. E-tailers have obviously stepped up their security measures, but online security remains a major concern as hackers get more and more clever.

But hackers don't just target websites. They also hunt down vulnerable business databases, from the small mom-and-pop to the king-sized corporation. Quoting a 2001 survey from CIO Magazine, CNET reports that out of 350 executives polled, almost "one in five [Chief Information Officers] said their company had been attacked by hackers in the past three months, and more than 60 percent of those companies lost money in the attacks."11

And let's not forget about home machines. Hackers sniff around for any "listening" computers. This includes home machines, especially computers on high-speed lines.

An investment in a basic firewall -- software or hardware -- may save individuals from lost data and prevent identity theft. If you use personal accounting or tax software, or keep passwords and account information in an unprotected file, you're at risk.

^ top

Learn More:

• Sandoval, Greg. Wolverton, Troy. "Security, Privacy Issues Make Net Users Uneasy." CNET News.com. January 7, 2000. http://news.com.com/2100-1017-235381.html?legacy=cnet
• Wolverton, Troy. "FBI Probes Extortion Case at CD Store." CNET News.com. January 10, 2000. http://news.com.com/2100-1017-235418.html?legacy=cnet
• Hu, Jim. "RealNames' Customer Database Hacker." CNET News.com. February 11, 2000. http://news.com.com/2100-1023-236815.html
• Livingston, Brian. "US West Customers Vulnerable to Hackers." CNET News.com. April 7, 2000. http://news.com.com/2010-1080-281299.html
• Musil, Steven. "Western Union Web Site Hacked." CNET News.com. September 10, 2000. http://news.com.com/2100-1023-245525.html?legacy=cnet
• Sandoval, Greg. Shankland, Stephen. "Company Says Extortion Try Exposes Thousands of Card Numbers." CNET News.com. December 12, 2000. http://news.com.com/2100-1017-249772.html
• Lemos, Robert. "ID Theft a Worry for CIOs." CNET News.com. January 31, 2001. http://news.com.com/2110-1001-251854.html
• Livingston, Brian. "Bugging the Perpetrators." CNET News.com August 31, 2001. http://news.com.com/2010-1080-281548.html
• Swanson, Sandra. "Faith in E-Government Tempered By Security Privacy Concerns." InformationWeek.com February 26, 2002. http://story.news.yahoo.com/news?tmpl=story&u=/cmp/20020226/tc_cmp/iwk20020226s0007
• Musil, Steven. "The Week in Review: Security Concerns." CNET News.com March 2, 2002. http://news.com.com/2100-1001-849827.html



^ topic

^ top

SOURCE SIX: MISTAKES, ERRORS, THE NEGLIGENT, AND THE DUMB

If you've ever received your neighbor's mail, then you know mistakes happen.

The postal service can lose or misdirect important letters. You could tip over a pile of papers, and accidentally throw away an important document. Or even simple "user error" could result in something devastating.

That happened to Western Union in 2000. Routine maintenance opened a window of opportunity to a hacker. According to the news story, roughly 15,700 customer accounts were copied by a hacker due to "human error."12

Another major problem was a recent error in judgment that lead to the printing of hundreds of thousands of tax forms... with the recipients' Social Security Number on the outside!13

Sometimes people just don't think. You can be sure there are medical offices that fail to shred confidential records when disposing of old client files. There are also company employment records in unlocked file cabinets, ready to be plucked by unscrupulous employees, janitors, or even visitors.

Then there are the occasional government decisions that put us at risk. Take for example the practice of selling birth and death records. California had to recently ban the sale of resident birth and death records to prevent private companies and individuals from accessing Social Security numbers, Mother's Maiden Names, and Dates of Birth -- all the info identity thieves need to damage your credit.14

Or consider the sale of court case information, including the potential that confidential personal information may also be included. In early 2001, the privacy-rights group, The Privacy Foundation, fought the decision to sell sensitive court documents online.15 The PACER system they fought against is currently in operation. According to the website, recent policy changes mean that "personal data identifiers" will be modified or "partially redacted by the litigants."16 They continue to sell Civil and Bankruptcy files with these minor modifications.

We'll all need to keep diligent. Educate others about the costs of innocent mistakes, and keep an eye out for foolish practices that risk our privacy and finances.

^ top

Learn More:

• Musil, Steven. "Western Union Web Site Hacked." CNET News.com. September 10, 2000. http://news.com.com/2100-1023-245525.html?legacy=cnet
• Sandoval, Greg. "Employee Data Posted on Living.com Yanked After Complaints." CNET News.com. October 20, 2000. http://news.com.com/2100-1017-247366.html
• Olsen, Stefanie. "Privacy Group Seeks Review of Net Access to Court Files." CNET News.com January 26, 2001. http://news.com.com/2100-1023-251615.html
• Olsen, Stefanie. "Calif. halts birth-record sales to Web sites." CNET News.com. December 6, 2001. http://news.com.com/2100-1023-276703.html?legacy=cnet
• Staff Writer. "Employees Responsible for Tax Snafu Resign." WDIV ClickOnDetroit.com February 6, 2002. http://dailynews.yahoo.com/h/wdiv/20020206/lo/1070120_1.html



^ topic

^ top

How Else Can I Prevent Identity Theft?

"...anyone -- even people who handle their personal data with great care -- can become a victim of identity theft..."17

My local police detective gave me some sound advice. He said, "Control the things you can, but don't beat yourself up over the things you can't."

Be proactive and disciplined in your approach to identity theft prevention, but realize that you can't stop an insider from selling your information. Neither can you stop corporate mergers, stop thieves from raiding business dumpsters or databases, or stop hackers from cracking into websites.

When it comes to outside people and organizations, there's a limit to your influence. Read privacy statements, encourage improvements to security measures and privacy protection, pay attention to proposed legislation or information access changes, and educate others about the threat of identity theft.

^ top

What You Can Do

Here is a quick checklist of personal steps you should take to minimize the likelihood of identity theft:

• Shred confidential documents before throwing them away
• Check your credit reports from all three credit bureaus once a year
• Don't give out your Social Security Number
• Don't give out personally identifying information
• Be mindful in public for eavesdroppers
• Be mindful what you post on web pages, forums, etc.
• Shield your PIN and credit card numbers from view
• Don't leave important documents lying around your home
• Don't leave important documents in your car or at work
• Don't carry your Social Security card on you
• Carry only one credit card and ID into public; leave what you don't need at home
• Don't print your Social Security Number, Birth Date, Driver's License or personally identifying information other than your name and address on your checks, resume, or correspondence
• Keep track of standard delivery times for bills and statements; report missing bills or statements immediately
• Pay attention to bills for fraudulent items or services
• Limit or avoid the use of personal checks at stores
• Watch out for scams and cons
• Be careful what you submit to contests/sweepstakes
• Use a PO Box or secure mailbox
• Opt-out of marketing, pre-approved credit, and other mailing lists
• Implement passcodes on credit cards, bank accounts, and other important accounts
• Don't rely on mail forwarding; update your address directly with each creditor, bank, the DMV, IRS, SSA, and other important companies or agencies
• Meet your letter carrier so he/she will recognize you as the valid recipient
• Meet your neighbors or fellow tenants so misdirected mail won't be discarded

^ top

What Others Suggest

You may also want to refer to tips from government and private organizations:

• Better Business Bureau: "Want to Keep Your Identity?"
• CA DCA: "Credit Identity Theft: Tips to Avoid and Resolve Problems"
• CA Office of Privacy Protection: "Identity Theft Prevention Tips"
• FTC: "Minimize Your Risk"
• FBI: "Protecting Yourself Against Identity Fraud"
• FDIC: "Classic Cons and How to Counter Them: A laundry List of Dirty Tricks Used by Fraud Artists"
• Identity Theft Resource Center: Prevention Tips
• National Check Fraud Center: Ten Ways to Be a Smart Bank Customer
• Social Security Administration: Your Number and Card
• US Department of Justice: "What Can I Do About Identity Theft and Fraud?"
• US Postal Inspection Service: "Mail Theft"

^ top

Get Active

I would also encourage you to read the warnings from consumer advocacy groups, and write your local and federal legislators about key issues.

You help battle the problem by becoming part of the solution.

^ top

Learn More:

• Rusch, Jonathan J. "Making a Federal Case of Identity Theft: The Department of Justice's Role in Identity Theft Enforcement and Prevention." US Department of Justice. Fall 2001. http://www.usdoj.gov/criminal/fraud/fedcase_idtheft.html
• Vigoroso, Mark W. "Report: Merchants Race to Outpace Online Fraudsters." EcommerceTimes.com March 4, 2002. http://story.news.yahoo.com/news?tmpl=story&u=/nf/20020304/tc_nf/16599
• Olsen, Stefanie. "California Opens First State Privacy Office." CNET News.com December 4, 2001. http://news.com.com/2110-1023-276577.html
• Staff Writer. "Protecting Yourself Against Identity Theft." TheStreet.com February 27, 2002. http://story.news.yahoo.com/news?tmpl=story&u=/street/20020227/bs_street/protecting_yourself_against_identity_theft

^ top

How Do I Know if I'm a Victim?

In order to respond to identity theft, we must know that we're victims. Here are a few of the indicators.

Common Signs of Identity Theft:

• Receiving Newsletters, Thank You Gifts, Privacy/Policy Statements, or Other Correspondence from Companies with which You Do Not Do Business (Especially if Directly Addressed to You)
• Receiving Business Correspondence with Incorrect Contact Information (Your Info, but Incorrect Middle Initial, Misspellings, Etc.)
• Receiving Credit Cards or Credit-Related Materials You Did Not Order
• Receiving Bills, Collection Notices, or Phone Calls regarding Goods or Services You Did Not Purchase
• Receiving Insufficient Funds Notices or other Fee-Related Notices from Banks, Stores, or Credit Institutions
• Receiving Legal Notices, Fines/Tickets, or Other Crime-Related Information for Crimes You Did Not Commit
• Receiving Tax, W-2, or other Social Security Statements for Employment, Income, or Benefits with which You Were Never Affiliated
• Suddenly NOT Receiving Mail or Phone Calls
• Hearing Strange Clicking Sounds on Phone (Possible Call Forwarding or Other Phone Service Fraud)
• Termination of Phone Service or Utility Service(s)
• Strange Accounts or Other Inaccurate Information Listed on Your Personal Credit Report (From the Three Credit Bureaus)
• Or Anything Else that May Suggest that Someone Else is Using Your Personal Information to Commit Fraud or Other Crimes

Do not ignore the above indicators! Even though you did not purchase or apply for goods or services, the companies don't know this. Until you recognize that identity theft has happened and dispute the false items, creditors will still try to collect. The only lead they have for the debt is you.

^ top

How Do I Respond to Identity Theft if I'm a Victim?

Unfortunately, by the time we discover we've been the victim of identity theft, it's often too late. The damage is done, and the criminal is long gone.

For instance, it may take two weeks or longer before a bank or creditor will send you a notice of insufficient funds or a bill for the false charges.

You first priority, therefore, is to dispute the false charges, stop any damaging accounts or services, and focus on your financial recovery.

Sadly, getting the bad guy is a secondary concern.

• STEP ONE: CONFIRM THE WORST
• STEP TWO: CONTACT THE CREDIT BUREAUS
• STEP THREE: CONTACT LAW ENFORCEMENT
• STEP FOUR: CONTACT CREDITORS
• STEP FIVE: FOLLOW UP
• STEP SIX: OTHER STEPS

Remember to take detailed notes of all conversations. Consider buying a notebook or notepad dedicated to your identity theft communication and research. Write down the company, phone number, representative's name or badge number, the substance of the conversation, and any reference or confirmation number. Record the calls you make as well as the calls you receive. The notes you take will help you write the "Letter of Circumstance" companies may require. Write down send/receive dates for all mail, as well as any fees or expenses you incur. The FTC offers a sample phone log form for your reference or use.

^ top

STEP ONE: Confirm the Worst

The moment you suspect that you have been the victim of identity theft, you must act.

Your first step is to verify whether your fear is real. In the event that you've been slammed with multiple incidents of identity fraud, you only need to verify that one of the incidents is genuine.

• Locate a customer service or fraud prevention phone number
• Identify yourself and the reason you are calling
• Record the customer service representative's name (full name/badge number/phone extension) and the date and time you called
• Determine whether identity theft has happened
• In the event that an alternate department or person must handle your dispute, obtain that contact information; be sure to get a direct number or extension if available
• Gather and record as many details of the crime as possible, including account numbers, dollar amounts, store locations, dates, etc.
• Determine what personally identifying information was used by the criminal (rather than expose yourself to further fraud, confirm the abuse of your SSN, DOB, DL, MMN, etc. with partial information)
• In the event that the criminal used the above personally identifying information, dispute the account/charges as "True Name Fraud"
• If the ID theft involves a fraudulent application, clarify that you never applied for the account
• Be sure that the account is closed or a security hold is placed on the account to prevent further misuse/fraud during the investigation
• Ask about the policies, procedures, and requirements to resolve the matter
• Request copies of the fraudulent checks or applications for evidence, and so you can dispute the signature(s)
• Obtain a case or reference number

Remember, this first phone call is to confirm that identity theft has happened. Check the status, keep a log, and start the dispute process.

Once you have verified that identity theft has happened, your next step is to contact the three Credit Bureaus. You will contact any additional companies after you have alerted the Credit Bureaus.

^ topic

^ top

STEP TWO: CONTACT CREDIT BUREAUS

Someone has abused your personal information, and you want to prevent the criminal(s) from opening additional fraudulent accounts. You also want to dispute any inaccurate or fraudulent account information that has hit your credit file.

To tackle both of these objectives, contact the three Credit Bureaus. Remember, as a fraud victim, you are entitled to a free copy of your personal credit file. Call the hotlines or write-in to avoid fees.

Once you receive the credit reports, carefully review each one. Note any fraudulent accounts or inaccurate information. The reports should list the phone number or address to dispute each inaccuracy. Be sure to follow up with each Bureau so all false information is removed.

Although you can call to dispute information in your personal credit file, the Fair Credit Reporting Act seems to focus on written notices. If you have any questions about the best legal approach to disputing information in your credit report, be sure to refer to a lawyer, your state Attorney General's office, local consumer protection agency, or the FTC at their Identity Theft hotline (1-877-ID-THEFT).

Equifax*

Consumer Fraud Division
PO Box 740256
Atlanta, GA 30374

Phone: (800) 525-6285
Phone: (404) 885-8000
Fax: (770) 375-2821

www.equifax.com

Experian*

Experian National Consumer Assistance
PO Box 9530
Allen, TX 75013

Phone: (888) 397-3742

www.experian.com

TransUnion*

Fraud Victim Assistance Department
PO Box 6790
Fullerton, CA 92834

Phone: (800) 680-7289
Fax: (714) 447-6034

www.transunion.com
www.tuc.com

* Be sure to first double-check all addresses and phone numbers with the companies, in the event contact information has changed.

^ topic

^ top

STEP THREE: CONTACT LAW ENFORCEMENT

The most powerful tool you will have to dispute false claims is a police report. For this reason, it's very important to contact your local law enforcement as soon as possible.

Before you contact your local police or sheriff, be sure to gather as much preliminary information about the crime(s) as possible. This information should include the names of the companies involved, the amounts, the type of merchanidise (if applicable), any account numbers, the dates of each incident, and the locations of the activity (city and state). You'll also benefit by determining what type of information was used to commit the crime(s). Verifying the misuse of your social security number18, driver's license number19, and other information is also key.

Some of this information may come from the credit reports, and some must be gathered directly from the companies themselves.

Armed with your detailed notes, call the non-emergency phone number of your local law enforcement. File your report, and request a copy of it for your records.

If you provide original documents into evidence, such as correspondence, credit cards, or other statements related to the crime(s), be sure to make copies for your records. If the officer takes the original information, it may be difficult to retrieve or copy that information in the future.

In the state of California, citizens have the right to request a police report in the event of identity theft. If your state or local laws do not protect you, be sure to write your state government representatives. You may also wish to write your Congressman, to encourage national consumer protection for identity theft victims.

Remember, an official police report is crucial evidence of the identity theft, and key in correcting and protecting your good credit.

^ topic

^ top

STEP FOUR: CONTACT CREDITORS

You've confirmed the worst, and alerted the credit bureaus to place a security alert on your credit file. You've also contacted the local authorities to file a crime report. Now comes the task of contacting all of the companies where the criminals have used your information to obtain goods or services.

Before you phone up companies ready to scream them out, remember that the companies are co-victims. The criminals have walked away with their products and/or services, and each company will now face revenue losses. You won't help your case if you approach them aggressively. Afterall, you should share a common bond -- to get the bad guys!

As I mentioned earlier, many companies will require a copy of a police report substantiate your identity theft claim. Often, these companies will require that your dispute letter and a police report must be submitted within a specific timeframe.

In the case of check fraud, you will first contact your bank to dispute the forged or counterfeit checks. You should also follow up with each store to inform them that you did not write those checks and that the store should contact their local police to report the crime.

As you struggle with check collection agencies, your bank should be able to help you. You must personally dispute each claim in writing, but your bank can also write or fax the companies to support your claim(s).

Whenever you contact someone in relation to your identity theft case, be sure to follow all of the steps outlined in the Confirm the Worst section. Clarify that you did not purchase, apply for, sign, or otherwise authorize someone else to obtain the goods or services in question. If the criminal(s) used your Social Security number, state that you're also victim of "true name fraud." Write down as many details of each conversation. It will help you resolve your issues with each company, and will help the police if you need to update your crime report later on.

Bottom-line: be sure that you clearly dispute any charge, account, service, etc. To protect your name and credit, you must make this good faith effort to inform the creditors that their records are inaccurate.

^ topic

^ top

STEP FIVE: FOLLOW UP

After you have spent time and money responding to the fraudulent charges and accounts, it's very important to follow up with each company. Not only do you need to verify that they have received your notifications of dispute, but also to be sure that the company is responding to your dispute with all due diligence.

You must also follow up with the credit bureaus, to be sure any inaccurate or fraudulent information has been corrected. If you have placed a fraud alert on your credit file, remember that you may need to renew that fraud alert on a regular basis. While TransUnion and Experian offer seven-year alerts, Equifax's alerts expire every six months. It's easy enough to extend the alert via their toll-free number, but you'll need to mark your calendar and stay on top of it.

^ topic

^ top

STEP SIX: OTHER STEPS

[COMING SOON.]

...report identity theft to local postmaster, report it to your DMV office, contact police in cities where crimes occurred and request police cases (file DPR if necessary), contact stores where theft occurred to encourage them to report the crime to law enforcement, contact FTC hotline, follow up with new or strange mail, newsletters, etc.

^ topic

^ top

Where Can I Find Additional Information?

A list of government agencies and private organizations with a wealth of information on Identity Theft.

• Better Business Bureau
• Article: "Want to Keep Your Identity?"
• CA Department of Consumer Affairs (DCA)
• CA-DCA General Info on Identity Theft
• CA-DCA Detailed Tips about Identity Theft
• CA Department of Motor Vehicles (DMV)
• CA-DMV General Info on Fraud and Identity Theft
• Article: "Identity Fraud: What to do if it Happens to You?"
• Article: "Identity Theft: Have You Been a Victim?"
• CA Office of Privacy Protection
• Identity Theft Information
• Identity Theft Prevention Tips
• Identity Theft Victim Checklist
• California Public Interest Research Group (CalPIRG) (private org)
• CalPIRG Consumer Program
• Privacy Rights and Identity Theft Campaign
• Credit Bureaus (private orgs)
• Equifax
• Experian
• TransUnion
• Direct Marketing Association (private org)
• DMA Consumer Information
• Federal Bureau of Investigation (FBI)
• Protecting Yourself Against Identity Fraud
• Federal Deposit Insurance Corporation (FDIC)
• Article: "When a Criminal's Cover is Your Identity"
• Article: "Who to Call to Report a Possible ID Theft"
• Article: "Classic Cons and How to Counter Them: A laundry list of dirty tricks used by fraud artists"
• Article: "Your Wallet: A Loser's Manual"
• Federal Trade Commission (FTC)
• Centralized Identity Theft Information Site
• Article: "When Bad Things Happen to Your Good Name"
• Article: "How to Dispute Credit Report Errors"
• Fair Credit Billing Information
• Fair Credit Reporting Information
• Fair Debt Collection Information
• FAQ: Id Theft Clearinghouse Fact Sheet
• FTC's ID Theft Affidavit
• FTC's Links to Federal Laws on Identity Theft
• FTC's Links to State Laws on Identity Theft
• FTC Reports on Identity Theft
• Identity Theft Center (private org)
• Identity Theft Resources
• Prevention Tips
• Self-Help Articles
• National Check Fraud Center (private org)
• Privacy Rights Clearinghouse (private org)
• Identity Theft Resources
• Privacy Foundation (private org)
• Social Security Administration
• Article: "What to Do in Case of Identity Theft"
• Article: "When Someone Misuses Your Number"
• Article: "Your Number and Card"
• US Department of Justice
• Identity Theft and Fraud Information
• US Postal Inspection Service
• Mail Theft Information
• Wanted Posters
• US Secret Service

^ top

Footnotes:

1. Staff Writer. US Department of Justice http://www.usdoj.gov/criminal/fraud/idtheft.html
2. Staff Writer. "Identity Theft." CA Office of Privacy Protection. http://www.privacyprotection.ca.gov/identitytheft.htm
3. Staff Writer. CA Attorney General's Office http://caag.state.ca.us/idtheft/
4. Staff Writer. "Your Name and Card (Giving Your Number to Others)." Social Security Administration. May 2001. http://www.ssa.gov/pubs/10002.html
5. Staff Writer. "Current Laws and Pending Legislation." Identity Theft Resource Center. http://www.idtheftcenter.org/html/legislation.htm
6. Staff Writer. Federal Trade Commission. http://www.consumer.gov/idtheft/statelaw.htm
7. Staff Writer. "Protecting Yourself Against Identity Theft." TheStreet.com February 27, 2002. http://story.news.yahoo.com/news?tmpl=story&u=/street/20020227/bs_street/protecting_yourself_against_identity_theft
8. Gillin, Eric. "Fund Watch 1: Protecting Yourself Against Identity Theft." TheStreet.Com. February 27, 2002. http://biz.yahoo.com/ts/020227/fund1_020127.html
9. Staff Writer. "Frequently Asked Questions from Consumers (How Can You Restrict the Rental or Exchange of Your Name)." Direct Marketing Association. http://www.the-dma.org/consumers/consumerfaqs.html#rent
10. Hu, Jim. "RealNames' Customer Database Hacker." CNET News.com February 11, 2000. http://news.com.com/2100-1023-236815.html
11. Lemos, Robert. "ID Theft a Worry for CIOs." CNET News.com. January 31, 2001. http://news.com.com/2110-1001-251854.html
12. Musil, Steven. "Western Union Web Site Hacked." CNET News.com. September 10, 2000. http://news.com.com/2100-1023-245525.html?legacy=cnet
13. Staff Writer. "Employees Responsible for Tax Snafu Resign." WDIV ClickOnDetroit.com February 6, 2002. http://dailynews.yahoo.com/h/wdiv/20020206/lo/1070120_1.html
14. Olsen, Stefanie. "Calif. halts birth-record sales to Web sites." CNET News.com. December 6, 2001. http://news.com.com/2100-1023-276703.html?legacy=cnet
15. Olsen, Stefanie. "Privacy Group Seeks Review of Net Access to Court Files." CNET News.com January 26, 2001. http://news.com.com/2100-1023-251615.html
16. Staff Writer. "Public Access to Court Electronic Records Frequently Asked Questions: What Are the Changes as a Result of the New Policy?" PACER Service Center. http://pacer.psc.uscourts.gov/faq.html#PR65
17. Rusch, Jonathan J. "Making a Federal Case of Identity Theft: The Department of Justice's Role in Identity Theft Enforcement and Prevention." US Department of Justice. Fall 2001. http://www.usdoj.gov/criminal/fraud/fedcase_idtheft.html
18. Evidence of misuse of your Social Security number may help you obtain a new SSN. Specific restrictions and warnings apply. It is not recommended in most cases.
19. Evidence of misuse of your driver's license number may help you obtain a new DL number. Contact your local DMV for more information.
20. Staff Writer. "Identity Theft: What to Do If It Happens to You." Pasadena Police Department.

^ top