The following is the background introduction from a complaint I recently filed with the Federal Trade Commission on behalf of two of my clients. The complaint is against a number of credit card companies and investment firms for failure to provide legally required information about Internet-enabled identity theft fraud and scams they have been party to.
The Federal Trade Commission is the lead agency that deals with identity theft crimes. Identity theft victims are allowed to demand information from financial institutions about how the crimes were committed, and those institutions are legally obligated under Section 609(e) of the Fair Credit Reporting Act to provide that information within 30 days.
The names in this account have been changed to protect the innocent, and to avoid crazy lawsuits against myself and this newspaper by the guilty.
In mid-2019, Alice and Bob Smith of Norman, Oklahoma, were victims of a cell phone hijacking scam. Without their consent, their cell phone service was changed from AT&T to MetroPCS. This caused them to lose control of their cell phone numbers for a number of weeks.
With control of a victim’s phone account, thieves can run all sorts of scams to masquerade as the legitimate owners, enabling them to drain bank accounts, take out phony loans and home mortgages, buy cars, wipe out retirement investment accounts, and go on expensive shopping sprees using bogus credit cards (see my previous column, Scams and Identity Theft, Part Two: phone hijacking, March 1, 2020).
I believe it was the cell phone hijacking scam mentioned above that laid the groundwork for the full-on, ruthless identity theft campaign the Smiths experienced, and are still reeling from the effects of. By the time the Smiths regained control of their cell phone account, it was too late; the damage had been done.
The Smiths have struggled to deal with massive fraudulent purchases, account takeovers, bogus credit cards, and account withdrawals involving numerous banks, checking accounts, savings accounts, credit card companies, retailers and retirement accounts.
After months of trying to deal with a merry-go-round of confusing, incompetent and unhelpful support personnel at the numerous companies involved, and the identity theft attacks snowballing out of control, the Smiths reached out for help and contacted me in early February, 2020. I am David Moore, Founder and CEO of The Internet Safety Group Ltd, a 501(c)(3) non-profit charity that specializes in Internet safety community training. The Smiths and I have been working closely together to overcome the mountain of identity theft problems before them, a challenging endeavor that continues to this day.
An important component of my work helping the Smiths has been utilizing the identity theft advice found at the Federal Trade Commission’s Identity Theft website, www.identitytheft.gov.
Accordingly, formal requests have been made of the many companies granting fraudulent credit cards, account access and allowing bogus purchases, to supply the Smiths with in-depth information pursuant to Section 609(e) of the Fair Credit Reporting Act. Information requested includes (a) application records or screen prints of internet/phone applications, (b) statements/invoices, (c) payment/charge slips, (d) investigator’s summaries, (e) delivery addresses, and (f) all records of phone numbers used to activate or access accounts. In other words, who, what, where, when and why? Who committed the fraudulent acts? What information was given that caused the companies to allow the fraud to occur? What policies and procedures were followed that gave the crooks entrée to the accounts involved?
Of the seven primary banks, credit card and investment account companies of whom FCRA 609(e) requests were made, only two answered and complied with the requests. BigBank, where the Smiths saw thousands of dollars fraudulently removed from checking and savings accounts using a money-transfer app called Zelle, finally, after much delay, hem-hawing and beating around the bush, produced the requested information. American Express was much more forthcoming, immediately complying with the request.
The other five companies, who have refused to comply with requests made over 120 days ago, are:
(1) BiggerBank BigBox Electronics Store: Approximately $10,000 in fraudulent charges over 7 different credit cards issued by BiggerBank. (2) ComeUpon Personal Loans: Fraudulent attempt to get a ComeUpon Personal Loan. (3) Obediance/Public Utility: Fraudulent attempt to remove money from Obediance/Public Utility retirement account. (4) Simultaneity BigBox Hardware Store: Over $10,000 in fraudulent charges across 3 different credit cards issued by Simultaneity. (5) Simultaneity – BigBox Retailer: Over $10,000 in fraudulent charges across 4 different credit cards issued by Simultaneity.
I’ll let you know how things work out. Just a few weeks ago the FTC fined Kohl’s Department Stores $220,00, saying, “the retailer violated the Fair Credit Reporting Act by refusing to provide victims of identity theft with complete records of questionable transactions — a right the FCRA guarantees to victimized consumers.” We shall see.
Dave Moore has been fixing computers in Oklahoma since 1984. Founder of the nonprofit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 919-9901 or internetsafetygroup.com.