Custom Search

June 30, 2009

Identity theft can even affect professional athletes

"A recent article from shows how identity theft can catch up to strong, fast, and talented athletes in all sports – even Tiger Woods.

Back in 1998, someone used the golfing great’s personal information to make more than $50,000 worth of bogus charges. Woods, and the sport of golf, is not alone in being a victim of what could be termed 'athlete identity theft.'

In baseball, Geoff Jenkins, a former outfielder with the 2008 World Series Champion Philadelphia Phillies, once had someone use his name to open several credit cards and rack up debt. It took Jenkins over a year to clear up his credit and deal with banks that had been defrauded in his name due to identity theft.

In football, an identity thief withdrew $10,000 from the bank account of cornerback Ty Law when he was a member of the New England Patriots, and quarterback Danny Wuerffel was victimized by identity theft when someone opened a credit card in his name while he played for the Green Bay Packers. The latest victim of athlete identity theft, Miami Dolphins rookie cornerback Vontae Davis, is also a football player.

In this case of identity theft, a man stopped for traffic infractions on June 9 in Champaign, Illinois showed police Davis' driver license (Davis' wallet was stolen several months ago while he was a student at the University of Illinois) and drove off a free man.

Soon after, national media reports identified Davis as the man cited in the incident, only Vontae was practicing with the Dolphins over 1,000 miles away in Davie, Florida on June 9. He even sent his brother Vernon – a tight end with the San Francisco 49ers – a text message that joked: 'Your brother got arrested in Illinois.'

However, identity theft is no laughing matter, for once someone has stolen another person’s identity, the identity theft victim must spend time and money clearing up the financial, criminal, and psychological problems left behind.

Athletes, in particular, are vulnerable to identity theft because details about them – dates of birth, names of family members, schools attended, and salaries – are available in press guides, on the Web, and even during national broadcasts. Also, athletes travel extensively throughout the U.S. and the world while using their financially attractive credit cards and bank accounts.

The crime of athlete identity theft has become so prevalent that major pro leagues are teaming up to produce a video that all players see during their pre-season training camps. Recently, the leagues have talked to their players about limiting the amount of information they share on social networking sites such as Facebook in an effort to curb identity theft.

Even those people who are not superstar pro athletes with millions of dollars at their disposal can become victims of identity theft. According to Javelin Research, identity theft affected nearly 10 million Americans in 2008 – most of them ordinary men and women – at a cost of more than $48 billion."

For the rest of the article, see

June 27, 2009

Clearfly customers worry about identity theft

The closing of the Clearfly company raises fears of identity theft from its customers. Below is a quote from an article about Clearfly's closure appearing on

"Clearfly's 'Clear Lanes' was supposed to be a convenience for busy travelers. Now that Clearfly has stopped operating, some people are wondering if its closure could lead to identity theft.

Buy a 'Clear Card' and cut lines at airport security checkpoints nationwide. It was supposed to be a great deal for frequent fliers.

The company that operated those so-called 'clear lanes' suddenly ceased operations and it left more than disappointed customers. It left a lot of questions. The most frequently asked question was what happens to all the personal information stored in the system?

Georgia Senator Johnny Isakson expressed his concern. 'Thousands of Georgians' private information is available on that clear system and we want to make sure it's preserved and protected,' he said.

The system used fingerprints and eye retina scans to identify customers. Officials with the company, Verified Identity Pass, said it's wiped all airport kiosks clean of personal information using a 'triple' wipe process, which automatically and completely overwrites the contents of the entire operating system.

A statement on the company's Web site reads, 'Clear stands by our commitment to protect our customers personally identifiable information - including fingerprints, iris images, photos, names, addresses, credit card numbers and other personal information provided to us - and to keep the privacy promises that we have made.'

Isakson said he's written letters to the Transportation and Security Administration and airport officials. 'We have the transportation security agency guaranteeing all that private information remains private and does not get distributed in any way,' he said."

Cybercrime on the rise

This is a quote from an article prepared by the law office of Howard Snader and appearing on

"Cybercrime is on the rise. The Internet Crime Complaint Center (IC3) reports that cybercrime increased in 2008. Moreover, IC3 reports that from February to March 2009 there was an additional 50 percent increase in reported Internet fraud complaints. With this increase, law enforcement agencies are stepping up enforcement efforts and offenders face steep penalties for conviction.

Federal officials from the Federal Bureau of Investigation (FBI) and Department of Justice (DOJ), which are responsible for investigating and prosecuting cybercrime, are increasing efforts to find and punish alleged perpetrators of Internet fraud and other computer crimes such as hacking and phishing. These agencies, along with the US Postal Inspection Service and US Secret Service are aggressively prosecuting data breaches in which hackers steal large amounts of personal information from financial institutions, government agencies, credit card companies and other businesses.

In fact, between 2004 and 2008, there was a 138 percent increase in identity theft convictions by United States Attorneys. In addition, fighting computer crime is a priority for the new administration. President Obama recently announced that he would appoint a cybersecurity czar who would be tasked with overseeing the fight against cybercrime.State and local law enforcement agencies are also ramping up efforts to prosecute cybercriminals.

The Arizona Attorney General has a computer crimes unit that is dedicated to fighting crimes involving technology. Further, many local police departments have developed and improved strategies for tracking computer crimes. For example, the Phoenix Police Department has a Document Crimes Detail that investigates identity theft, phishing and other Internet scams."

June 26, 2009

Deaths of Michael Jackson, Farrah Fawcett and Ed McMahon spur internet fraud

Joe Campana at the Identity Theft Examiner has the following article:

"While most of the country mourns the deaths of Michael Jackson and Farah Fawcett, fraudsters seek opportunity by tricking heartbroken followers. The United States Computer Emergency Readiness Team (US-CERT) issued an alert today warning of increased spam campaigns, phishing attacks and malicious code attacks surrounding the star’s deaths. Some scams may result in identity theft.

Social engineering occurs when a fraudster takes advantage of a circumstance or creates situations to trick another person into doing something they would not normally do.

The deaths of Michael Jackson and Farah Fawcett surprised many people. An astounding number of people are caught up in the social media blitz. Even I Twittered about Thriller last night. Some fans may be distraught or shocked. These emotions provide a “mass vulnerability” that some fraudsters are exploiting to collect information and infect computers with malicious code.

Fraudsters have taken advantage of other situations to swindle personal information and money following national and worldwide disasters such as Hurricane Katrina and the Asian Tsunami. In addition to phishing and malicious code attacks, there were many charity scams.

Expect to see charity and fan paraphernalia scams associated with Michael Jackson, Farah Fawcett and Ed McMahon. Some of these scams will claim to collect donations from unsuspecting consumers for charitable causes supported by the late stars. Some scams may collect credit card and bank account information as payment for charitable donations or for the purchase of celebrity memorabilia. There will be no donations or souvenirs—the financial account information handed over will be used by the fraudsters to commit existing account fraud, a form of identity theft. Remember, fraud can occur through the internet as well as by phone, mail or in person.

The current US-CERT Alert warns the consumers of malicious emails designed to:

Record their email address, which can be used later by shady online marketers to send spam.

Download malware to personal computer and PDAs when email recipients click on a link in the email. Malware include viruses, Trojan horses, spyware, adware, worms, etc.

Lure unsuspecting people into a phishing scam. [For the definition of "phishing", see my post at]

To avoid these and other internet email scams, be cautious of unsolicited emails. Do not click on links in emails unless you are absolutely certain that you know the person that sent the email to you. Even then, be cautious because that person may have been the subject of a virus, and it was the virus that sent you a contaminated email from the person’s computer. Does the email look “out of character” from your friend? I recently received an awkwardly worded email from a local politico suggesting that I make purchases from an Asian online store. The email was out of character, and when I emailed him, he confirmed his computer was infected by a virus that sent me the email.

Keep your antivirus, anti malware software updated. New threats arise daily, so keep your protective software and operating system current."

Excellent advice, especially for fans of McMahon, Fawcett or Michael Jackson.

June 25, 2009

Another article about ways to prevent identity theft

Here's a quote from another article about ways to protect your identity from being stolen.

"A healthy credit score makes a big difference to individuals' interest rates, monthly payments, debt profile and job prospects, and Ethan Ewing, president of free online consumer portal, has compiled five steps for consumers who need to dispute an erroneous record on their credit report.

'Not only does a person's credit score affect the interest rate he or she pays on a mortgage or auto loan, but credit reports also might be viewed by prospective landlords, employers and insurers,' explained Ewing. 'The credit report often is the first indicator that identity has been compromised by fraud or theft. It is important to monitor your credit report at least yearly to be certain it reports accurate information about your use of credit.'

To monitor credit, Ewing suggested every American take advantage of the right to receive a free copy of his or her credit report each year by visiting or calling 877-322-8228. Additionally, he suggested guarding against identity theft by shredding all documents that contain personal information.

'Shred all bank and other account statements, and never give personal information to those who solicit it by phone or e-mail,' he said. 'Consider closing unused credit card accounts to avoid any fraud. Note, however, that closing a long-standing credit card account could negatively impact your credit score. Instead, consider putting the card in a safe place if you are not using it.'

Individuals can follow these five steps to dispute an error on a credit report:

1. The federal Fair Credit Reporting Act requires that credit bureaus provide a procedure for consumers to dispute inaccurate listings on their credit reports. Follow the guidelines provided by each of the three credit reporting agencies on their Web sites. The easiest way to file an effective dispute letter is online. If a consumer disputes an item with one of the three major agencies (Equifax, Experian or TransUnion), the bureau will notify the creditor that the item has been disputed. The creditor then has 30 days in which to respond to that dispute. The Federal Trade Commission also offers a free guide to disputing credit report errors.

2. If the creditor provides substantial evidence that the item is valid, then the listing will remain on the report. If the creditor cannot substantiate the item, then the credit bureau is required to remove it. [This is, of course, only what the law says the credit bureaus and creditors must do. In reality, they fail to comply withe FCRA's requirement to reasonably investigate consumers disputes all the time, hence why I have represented so many consumers over the years.]

3. If the creditor does not respond to the credit bureau within 30 days, then the credit bureau is required to remove that listing from the consumer’s credit file (though this period can be extended by 15 days under certain circumstances). However, even after an item has been removed, if the credit bureau receives information from the creditor substantiating the listing, the credit bureau can replace the item on the consumer’s credit report.

4. If a credit reporting agency refuses to remove a listing that is truly invalid, even after the consumer has provided substantial evidence, the consumer can file a complaint with the Federal Trade Commission and with his or her state’s Attorney General’s office. Legal action also is an option; consumers would need to discuss this course of action with an attorney.

5. Occasionally, a debt will reappear even after a consumer has successfully disputed it and had it removed. This may happen if a debt is sent to a collection agency that begins reporting the item to the bureaus again. In that case, the consumer must dispute the item all over again. [And the consumer should contact me or someone like me to file an FCRA lawsuit.]

'The bottom line is that consumer credit reports include whatever information creditors or collectors report to the credit agencies. Unfortunately, that sometimes includes incorrect information. Therefore, monitoring your credit is your responsibility,' Ewing said. 'Take that responsibility seriously, and you also take charge of protecting a valuable, intangible asset -- your credit rating.'"

The portions in brackets are my comments and were not in the original article. The original article can be viewed here -

Identity theft can cause you problems with the IRS

Below is a story about help for consumers who have the IRS after them because someone worked (and received pay) under their name and SSN but, of course, failed to pay taxes on the income. I have a client who has a similar story about identity theft causing him problems with the IRS.

" a leading provider of tax relief and referral service for tax attorneys has partnered with The Tax Defense Network in an effort to bring its clients even better solutions. Every year hundreds of thousands of Americans are contacted by the IRS regarding a tax debt. With identity theft one of the fastest growing crimes in the US the possibility of someone stealing your social security number simply to be able to work and then not pay taxes on that earned income is becoming a strong reality.

Brenton King, a 25-year-old father and student from Utah had his identity stolen when he was 17 and on vacation. Over the last four years at least five individuals have used his social security number to earn income and not pay taxes. The end result has had King unable to collect on past tax refunds and stimulus checks.

'In a situation like this we first have to establish that Mr. King was in fact a victim of identity theft and that he isn't responsible for these back taxes that are due. Then once Mr. King establishes a new social security number we can then move onto reclaiming any refunds or monies that are owned to him by the IRS.' - David Dugan, Spokesperson for

It's certainly a frustrating situation to be in. That's why so many Americans are turning to IRS Debt or tax relief specialists. It can be difficult to know where to begin and having a tax professional there to help certainly makes it easier. is partnering with The Tax Defense Network in an effort to make an even greater team of tax specialists available to their clients. 'We're not just seeing an increase in the number of clients due to an increase in audits, but unfortunately because of situations like this where someone has had their identity stolen and the IRS is holding them responsible for any tax penalties.'"

The whole article can be found here -

June 23, 2009

Settlement reached between 41 states and TJX Companies regarding data breach

Thomas Allen of NBC13 writes the following regarding the settlement between 41 states and TJX regarding the data breach in 2007 that allowed the personal information of millions to be stolen.

Alabama "Attorney General Troy King, together with 40 other State Attorneys General, announced a settlement with the TJX Companies, Inc. The Assurance of Voluntary Compliance between the parties resolves an investigation concerning TJX’s data security practices and whether they adequately protected customers’ financial information and sufficiently guarded against a massive data breach affecting customer and transaction information for TJ Maxx, HomeGoods, and Marshalls stores that placed thousands of consumers’ personal data at risk, nationwide. Under the terms of the settlement, Alabama will receive $58,968.30 to aid consumer protection enforcement and efforts to protect consumers’ personally-identifiable information. TJX cooperated fully in the States’ investigation. ...

'Because of today’s settlement, Alabamians can now shop at these businesses more confident that new protections are in place to ensure their personal information is encrypted and more difficult for criminals to access.' In 2007, after TJX announced that certain persons had obtained unauthorized access to its computer systems enabling them to seize cardholder data and other personally identifiable information, the coalition of Attorneys General conducted an extensive investigation into TJX’s data security policies and procedures in place when the breach occurred. That investigation uncovered a number of vulnerabilities and flaws in TJX’s data security systems that facilitated the unlawful intrusion and allowed it to last undetected for an unacceptable duration. Today’s settlement reflects the lessons learned from that data breach and requires TJX to implement an information security program designed to guard against future intrusions or unauthorized disclosures. The Assurance’s relief, in that regard, is the most comprehensive relief achieved to date following a data breach investigation.

The settlement ensures that TJX will employ a comprehensive 'Information Security Program' that assesses internal and external risks to consumers’ personal information, implements the safeguards that will best protect that consumer information, and regularly monitors and tests the efficacy of those safeguards. TJX also will report regularly to the Attorneys General on the efficacy of its program, after obtaining a third-party assessment of its systems. TJX has agreed to pay $9.75 million to the states and to implement and maintain a comprehensive information security program to address weaknesses in TJX’s computer security systems in place at the time of the breach. Of the $9.75 million settlement, $5.5 million is to be dedicated to data protection and consumer protection efforts by the states, and $1.75 million is to reimburse the costs and fees of the investigation. The remaining $2.5 million of the settlement will fund a Data Security Trust Fund to be used by the State Attorneys General to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information."

The rest of the article is found here -

New article about Red Flag Rules going into effect

Here's a quote from an article written by Susan M. Wissink and Mark R. Bolton about the new Red Flag Rules going into effect soon.

"The Federal Trade Commission ('FTC') recently enacted rules that will require many businesses and other organization to implement a written identity theft prevention program designed to identify and detect warning signs of identity theft. All businesses and organizations subject to the 'Red Flag Rules' must have their identity theft prevention program drafted and in place by August 1, 2009. The FTC can obtain penalties of $3,500 per knowing violation of the Red Flag Rules.

All businesses and organizations that meet the rules' definition of 'creditors' or 'financial institutions' and maintain 'covered accounts' are required to implement an identity theft prevention program. The term 'creditor' is defined broadly and includes businesses or organizations that defer payment for goods or services or provide goods or services and bill customers later. This definition could apply to everyone from healthcare providers to non-profit groups, government agencies, telecommunications companies, and homebuilders. The term 'creditor' is further defined to include organizations that regularly grant loans, arrange for loans or the extension of credit, or make credit decisions, including automobile dealers, mortgage brokers, mortgage bankers, real estate agents, finance companies, and retailers that offer financing or help consumers obtain financing from another organization.

Additionally, all 'financial institutions' may be subject to the Red Flag Rules. The rules define 'financial institution' as any bank, savings and loan association, mutual savings bank, credit union, or institution that maintain deposits or accounts from which the account holder is permitted to make withdrawals by negotiable or transferable instrument. The extremely broad application of the Red Flag Rules will catch many businesses and organizations off guard. Simply deferring payment for goods or services provided may require a business to implement a written Identity Theft Prevention Program."

The full article can be read here -

Social Media Identity Theft - a new form of identity theft?

Below is an excellent article written by Robert Siciliano at The Huffington Post about a possible new form of identity theft, where someone uses your name and photo on a social website such as Twitter, Facebook or MySpace. Since it is such an informative article, I have reprinted the entire article below:

"Unfortunately, we live in a world that forces us to be cautious about when and how we give out our personal information. Citibank's funny but true commercials say it all: the scourge of identity theft knows no boundaries. It can happen to anyone by anyone: rich, poor, good credit, bad credit. Victims include children, the elderly, celebrities and politicians, even the dead. Identity theft may include new account fraud, account takeover, criminal identity theft, business identity theft and medical identity theft. Most of these result in financial loss.

As an industry leader we have to be on the frontlines of emerging consumer trends and challenges so we can develop solutions. One of the latest forms of identity theft that is particularly damaging to the victim's reputation and becoming more prevalent is social media identity theft. Social media identity thieves have various motivations. The most damaging type of social media ID theft occurs when someone poses as you in order to disrupt your life. This disruption can take on many forms. They may harass and stalk you or your contacts, or they may steal your online identity for financial gain.

The New York Times reports on Facebook's recent offering of customized Web addresses like On the first day of Facebook's offering, 9.5 million people rushed to grab their name. And as predicted, there are a lot of people upset that their own name is gone, in some cases it is simply due to people sharing the same name, but increasingly we're seeing cases where social media identity theft occurred.

In the case of St. Louis Cardinals manager Tony La Russa, someone created a Twitter account in his name. La Russa is suing Twitter, claiming the impostor Twitter page damaged his reputation and caused emotional distress. The lawsuit includes a screen shot of three tweets. One, posted on April 19, read, "Lost 2 out of 3, but we made it out of Chicago without one drunk driving incident or dead pitcher." Apparently, La Russa has had a drunk driving arrest and two Cardinals pitchers have died since 2002. One pitcher died of a heart attack, the other in a drunk driving accident.

There is no limit to the damage someone can do by using your name and picture in order to impersonate you online. In Milwaukee, Wisconsin, an 18-year-old student was accused of posing as a girl on Facebook, tricking at least 31 male classmates into sending him naked photos of themselves, and then blackmailing some of these young men for sex acts.

Social media websites were created with the intention of bringing people together in a positive way, but we are beginning to see these sites being used in very sinister ways. The root of the problem is the fact that social media sites are all based on the honor system, with the assumption that people are honestly setting up accounts in their own names. There are few checks and balances in the world of social media, which means that you need to adopt a strategy to protect yourself.

There are hundreds or even thousands of social media sites, including Facebook, MySpace, Twitter and YouTube. Even your local newspaper's website has a place for user comments, and most people would prefer to register their own names before someone else has done so on their behalf.

As we spend more time online, meeting people, posting photos and offering glimpses into our personal lives, here are some action steps to keep Social Media Identity Theft at bay:

1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It's up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday.

2. Set up a free Google Alerts for your name and get an email every time your name pops up online. Go to by Intelius and search your name and any variations of your name in what would be a screen name.

3. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google Alerts does of fetching your name on the web.

4. Consider dropping a few bucks on and other sites like them. These online portals go out and register your name at what they consider the top social media sites. Their top is a great start. The user experience is relatively painless. There is still labor involved in setting things up with some of them. And no matter what you do, you will still find it difficult to complete the registration with all the sites. Some of the social media sites just aren't agreeable. This can save you lots of time, but is only one part of solving the social media identity theft problem.

5. Start doing things online to boost your online reputation. Blogging is best. You want Google to bring your given name to the top of search in its best light, so when anyone is searching for you they see good things. This is a combination of online reputation management and search engine optimization for your brand: YOU.

6. If you ever stumble upon someone using your likeness in the social media, be very persistent in contacting the site's administrators. They too have reputations to manage and if they see someone using your photo or likeness they would be smart to delete the stolen profile.

7. Despite all the work you may do to protect yourself, you still need the Intelius Identity Protect service I'm working with and recommend coupled with Internet security software."

Like I said, a very informative article. Thank you, Robert Siciliano, for this advice.

45,000 Cornell current and former students at risk for identity theft due to data breach

This is directly from the Cornell Daily Sun:

"This afternoon, Cornell alerted over 45,000 current and former members of the University community that their confidential personal information — including name and social security number — had been leaked when a University-owned computer was stolen. To ensure protection in response to the incident, which has exposed many to possible identity theft, the University will be providing free credit reporting, credit monitoring and identity theft restoration services to those affected by the breech.

Cornell announced that an employee had access to this data to correct transmission errors for troubleshooting purposes. The files storing the sensitive information were being stored on a computer that was not physically secure, violating University policy and subjecting the computer to theft.

When the computer was stolen earlier this month, the incident was reported to law enforcement officials and an investigation to find the perpetrator and locate the computer is currently underway.

According to the University, there has been no indication that the exposed data has been abused, but the incident shines light on the broader issue of security and the vulnerability of private information in the digital age."

The rest of the article can be found here -

June 22, 2009 urges Congress to adopt comprehensive strategy to curb identity theft Executive Director Marc Rotenberg recently urged a Congressional Committee to address the root causes of the ever increasing problem of identity theft. In testimony before the House Oversight Committee, Mr. Rotenberg testified that the government typically acts only after the theft of identity has occurred and warned that the problem will get worse if current trends continue. EPIC recommended a comprehensive strategy for ID Theft that would include: "(1) Establishing privacy safeguards for web 2.0 services; (2) Ensuring privacy protections for outsourcing; (3) Enacting comprehensive privacy legislation; (4) Making privacy protection a focal point of cybersecurity policy; and (5) Developing better techniques for Identity Management."

June 21, 2009

Fake ID supplier charged with identity theft

Not sure if this is truly "identity theft" but a fake ID provider was charged with identity theft that resulted in a death of a California teen. Here's what CBS 5 reported on this alleged crime:

"Orinda police arrested a 22-year-old Rohnert Park man Thursday morning for allegedly furnishing fake driver's licenses, the third person arrested as part of an investigation into the death of a 16-year-old boy in May, Orinda police Chief Bill French said Friday.

Robert Martin Scott was arrested at about 8:30 a.m. Thursday at his apartment in the 300 block of Enterprise Drive in Rohnert Park, according to French. The arrest came as part of the Orinda Police Department's investigation into the death of Joseph Loudon, who was found intoxicated and unresponsive at a party in Orinda on May 26.

French said that during the investigation, it was discovered that several students at Miramonte High School, which Loudon attended, were in possession of fake ID cards. Investigators were led to Scott as the person who provided the teenagers with the forged driver's licenses, and about 100 fake licenses were discovered at Scott's home when he was arrested, French said.

Scott was booked into the Martinez Detention Facility for forgery and identity theft, both felonies, according to French."

The rest of the article is found here -

Another identity thief suspect arrested

Jaime L. Brockway of reports on a new arrest of a suspected identity thief:

"A Louisiana preacher faces numerous charges after being accused of falsely obtaining a state insurance license and receiving commission on a policy for a person that never existed.

John Stephen Vaughn, 35, was arrested on May 29 in Abita Springs, La., after Louisiana State Police investigated a complaint from Allianz Life and the state’s department of insurance, police said.

Vaughn is accused of acquiring a fake Wyoming driver’s license and the Social Security number of a 2-year-old child living in Bogalusa, La. He used them to obtain an insurance producer’s license and defrauded Allianz Life by selling a $212,000 annuity to a person who did not exist, according to police. By the time Allianz Life realized the account was fraudulent, Vaughn had withdrawn $20,000 from a bank account under the same false identity, which cost the bank $500 in overdraft charges."

The rest of the article can be found here -

15 U.S.C. 1681c-1 - part 2

This is part 2 of my explanation of 15 U.S.C. 1681c-1 of the Fair Credit Reporting Act.

"(c) Active duty alerts. Upon the direct request of an active duty military consumer, or an individual acting on behalf of or as a personal representative of an active duty military consumer, a consumer reporting agency described in section 603(p) [15 U.S.C. 1681a(p)] that maintains a file on the active duty military consumer and has received appropriate proof of the identity of the requester shall --

(1) include an active duty alert in the file of that active duty military consumer, and also provide that alert along with any credit score generated in using that file, during a period of not less than 12 months, or such longer period as the Commission shall determine, by regulation, beginning on the date of the request, unless the active duty military consumer or such representative requests that such fraud alert be removed before the end of such period, and the agency has received appropriate proof of the identity of the requester for such purpose;

(2) during the 2-year period beginning on the date of such request, exclude the active duty military consumer from any list of consumers prepared by the consumer reporting agency and provided to any third party to offer credit or insurance to the consumer as part of a transaction that was not initiated by the consumer, unless the consumer requests that such exclusion be rescinded before the end of such period; and

(3) refer the information regarding the active duty alert to each of the other consumer reporting agencies described in section 603(p), in accordance with procedures developed under section 621(f)."

[This subsection requires a consumer reporting agency that is made aware of the active military duty status of a consumer (and confirms the consumer's identity) to include an active military duty alert on the consumer's credit reports at least for a year, longer if the Federal Trade Commission decides it should be longer. Also, for the first two years of any active duty alert, the credit bureaus must exclude the military consumer from the lists of consumers they provide to third parties for offers of credit or insurance. I do not think subsection (1) is supposed to refer to this alert as a "fraud alert", since it is actually an active duty alert which does not mean any fraud has occurred or is suspected of occurring.]

"(d) Procedures. Each consumer reporting agency described in section 603(p) shall establish policies and procedures to comply with this section, including procedures that inform consumers of the availability of initial, extended, and active duty alerts and procedures that allow consumers and active duty military consumers to request initial, extended, or active duty alerts (as applicable) in a simple and easy manner, including by telephone."

[This subsection requires the credit bureaus to come up with procedures to make consumers aware of the two types of fraud alerts (i.e. the 90 day initial alert and the 7 year extended alert) as well as the active duty alert.]

"(e) Referrals of alerts. Each consumer reporting agency described in section 603(p) that receives a referral of a fraud alert or active duty alert from another consumer reporting agency pursuant to this section shall, as though the agency received the request from the consumer directly, follow the procedures required under --

(1) paragraphs (1)(A) and (2) of subsection (a), in the case of a referral under subsection (a)(1)(B);

(2) paragraphs (1)(A), (1)(B), and (2) of subsection (b), in the case of a referral under subsection (b)(1)(C); and

(3) paragraphs (1) and (2) of subsection (c), in the case of a referral under subsection (c)(3)."

[This subsection applies where a consumer reporting agency that did not receive the original notification of a fraud alert or active duty alert receives notification of such alert from the credit bureau that did receive the initial request for an alert. In that instance, the credit bureau must comply with the subsections listed just like it had received the original request for an alert.]

"(f) Duty of reseller to reconvey alert. A reseller shall include in its report any fraud alert or active duty alert placed in the file of a consumer pursuant to this section by another consumer reporting agency."

[This section just requires a reseller of credit information to include the fraud alert or active duty alert on the credit report it compiles and resells.]

I should be able to finish with my explanation of 15 U.S.C. 1681c-1 in part 3.

15 U.S.C. 1681c-1

Today, I begin my explanation of 15 U.S.C. 1681c-1 of the Fair Credit Reporting Act.

"15 U.S.C. 1681c-1. Identity theft prevention; fraud alerts and active duty alerts.

(a) One-call Fraud Alerts

(1) Initial alerts. Upon the direct request of a consumer, or an individual acting on behalf of or as a personal representative of a consumer, who asserts in good faith a suspicion that the consumer has been or is about to become a victim of fraud or related crime, including identity theft, a consumer reporting agency described in section 603(p) [15 U.S.C. 1681a(p)] that maintains a file on the consumer and has received appropriate proof of the identity of the requester shall --

(A) include a fraud alert in the file of that consumer, and also provide that alert along with any credit score generated in using that file, for a period of not less than 90 days, beginning on the date of such request, unless the consumer or such representative requests that such fraud alert be removed before the end of such period, and the agency has received appropriate proof of the identity of the requester for such purpose; and

(B) refer the information regarding the fraud alert under this paragraph to each of the other consumer reporting agencies described in section 603(p), in accordance with procedures developed under section 621(f)."

[This section requires the consumer reporting agency to report a fraud alert as part of a consumer's credit report for 90 days after the request for the fraud alert is made, assuming the consumer reporting agency receives sufficient proof of the identity of the person requesting the fraud alert. The person requesting the fraud alert must have a good faith suspicion that he or she is either a fraud victim or is about to become a fraud victim. This is the problem with the way LifeLock used to do business since it requested fraud alerts for all its customers, regardless of whether they were either fraud victims or thought they were about to be fraud victims.

The consumer reporting agency that receives the request for a fraud alert must also relay the fraud alert to the other consumer reporting agencies.]

"(2) Access to free reports. In any case in which a consumer reporting agency includes a fraud alert in the file of a consumer pursuant ot this subsection, the consumer reporting agency shall --

(A) disclose to the consumer that the consumer may request a free copy of the file of the consumer pursuant to section 612(d); and

(B) provide to the consumer all disclosures required to be made under section 609, without charge to the consumer, not later than 3 business days after any request described in subparagraph (A)."

[This subsection requires the consumer reporting agency to tell the consumer that requests a fraud alert that he or she is entitled to a free copy of his or her credit file (i.e. his or her credit report) and provide all disclosures required by section 609 (which we will get to eventually). Oddly enough, I don't think I have ever seen a credit bureau tell a consumer who requested a fraud alert that he can have a free credit report.]

"(b) Extended Alerts

(1) In general. Upon the direct request of a consumer, or an individual acting on behalf of or as a personal representative of a consumer, who submits an identity theft report to a consumer reporting agency described in section 603(p) that maintains a file on the consumer, if the agency has received appropriate proof of the identity of the requester, the agency shall --

(A) include a fraud alert in the file of that consumer, and also provide that alert along with any credit score generated in using that file, during the 7-year period beginning on the date of such request, unless the consumer or such representative requests that such fraud alert be removed before the end of such period and the agency has received appropriate proof of the identity of the requester for such purpose;

(B) during the 5-year period beginning on the date of such request, exclude the consumer from any list of consumers prepared by the consumer reporting agency and provided to any third party to offer credit or insurance to the consumer as part of a transaction that was not initiated by the consumer, unless the consumer or such representative requests that such exclusion be rescinded before the end of such period; and

(C) refer the information regarding the extended fraud alert under this paragraph to each of the other consumer reporting agencies described in section 603(p), in accordance with procedures developed under section 621(f)."

[This section requires the consumer reporting agency to add a fraud alert to a consumer's credit report for 7 years if the consumer requests it and provides an identity theft report. The credit bureau must also remove the consumer's name for five years from any list of consumers prepared by the credit bureau and provided to a third party regarding an offer of credit or insurance.]

"(2) Access to free reports. In any case in which a consumer reporting agency includes a fraud alert in the file of a consumer pursuant to this subsection, the consumer reporting agency shall --

(A) disclose to the consumer that the consumer may request 2 free copies of the file of the consumer pursuant to section 612(d) during the 12-month period beginning on the date on which the fraud alert was included in the file; and

(B) provide to the consumer all disclosures required to be made under section 609, without charge to the consumer, not later than 3 business days after any request described in subparagraph (A)."

[Subsection (2) requires the credit bureau who added a fraud alert regarding the consumer to tell the consumer that he or she is entitled to two free credit reports during the first 12 months of the fraud alert. Again, I have never seen a credit bureau comply with this section.]

I will continue my explanation of 15 U.S.C. 1681c-1 with subsection (c) in part 2.

Willie Smith v. Busch Entertainment Corporation

The new FCRA case styled Willie Smith v. Busch Entertainment Corporation was released on June 3, 2009 (i.e. Ode to Billy Joe day, but that's another story entirely) from the United States District Court for the Eastern District of Virginia, Richmond Division, District Judge Henry E. Hudson penning the decision.

This case arises from an employment application submitted by Willie Smith to Water Country USA, which was owned and operated by the Defendants Busch Entertainment Corporation and Anheuser-Busch Companies, Inc. The employment application asked whether Smith had any felony convictions and to list any such felony convictions within the last seven years. Smith indicated on the application that he had been convicted of a felony and listed an "assault charge" as the only such conviction within the last seven years. Despite his felonious background, Smith was conditionally hired subject to a background check, which the Defendants obtained from Central Criminal Records Exchange ("CCRE"). Based upon the background check, the Defendants withdrew their employment offer.

The Defendants moved to dismiss the claims against the CCRE for providing the background check, claiming that the CCRE is not a consumer reporting agency and thus not subject to the FCRA. Amazingly (and wrongly I might add), the Court agreed that CCRE is not a consumer reporting agency even though it clearly is.

The Court stated that the "Virginia General Assembly created the CCRE, a division of the Virginia State Police, to be the 'sole criminal record-keeping agency of the Commonwealth.'
Va.Code Ann. § 19.2-387. It is required to 'receive, classify, and file criminal history
record information' primarily for use by state agencies and other entities for law enforcement purposes. ... Along with the numerous agencies and entities to which it is authorized to
disseminate criminal history information, the CCRE may, upon written request, provide the conviction data of a person to an employer or prospective employer at the employer's cost, provided that the person on whom the data is being obtained consents to the request in writing."

A company is a consumer reporting agency if it assembles or evaluates information on consumers for the purpose of furnishing consumer reports to third parties. The Court decided that CCRE was not a consumer reporting agency since its primary function was not to furnish consumer reports to third parties. Apparently, the Court does not consider numerous state agencies and law enforcement entities to be third parties but that is exactly what they are. The sole purpose of the CCRE is to compile information about consumers (i.e. their criminal histories) and then provide that history to pretty much anyone (state agencies, law enforcement and even prospective employers) that asks for it. I must respectfully say that the Court sure got it wrong on this one. But, despite the clear language of the FCRA and the Court's own description of what the CCRE does, it decided it was not a consumer reporting agency and dismissed (wrongly) the Plaintiff's claims against the CCRE.

The Court did correctly deny the motions to dismiss filed by Anheuser-Busch Company and InBev Corporation, who claimed they were merely parent companies of Busch Entertainment and thus had nothing to do with the decision to hire or not to hire Smith. The Court correctly held that the Plaintiff's allegations that Anheuser-Busch and InBev did have a role in the decision not to hire Smith was enough to survive a motion to dismiss.

June 20, 2009

Another victim's story about identity theft

Claire Johnson with the Billings Gazette reports on another story about an identity theft victim's ordeal. Same story, same frustration, just a different name. Will this crime ever be stopped?

Here's the article:

"Carl Peterson thought he was over being angry at Vicki Lynn Heater for using his personal information to open credit cards and steal his money. He wasn't.

'I used to have hair. Then I got bald in this crap,' Peterson, a Bearcreek carpenter, told a federal judge Thursday. He testified during Heater's sentencing for credit card fraud and aggravated identity theft.

'It was scary. It was terrifying. It was sleepless nights. It was expensive. It almost ruined my relationship with my girlfriend. We had to borrow money,' Peterson said. 'It has just been an ordeal, just an ordeal. It's not going to end for a long damn time.'

Peterson met Heater through volunteering at the Beartooth Nature Center in Red Lodge. A friend told him she was a bookkeeper and could use more work. Peterson thought she was 'a nice lady' and offered her part-time work to manage the books for his construction business.

... Heater, 54, of Red Lodge, pleaded guilty in February to two counts. A bank fraud count was dismissed. Heater admitted that she wrote checks to herself from Peterson's personal and business accounts and used his credit card to make personal purchases paid for by his accounts.

Heater also applied for credit cards in Peterson's name and used them for personal expenses, said Assistant U.S. Attorney Ryan Archer. The fraud ran from March 2006 until October 2007.

Heater bought prescription drugs from an online drug supplier with a server in Malaysia, items from Victoria's Secret, cigarettes online and paid her power bill with Peterson's money. The intended loss was about $59,000.

Cebull sentenced Heater to 32 months in prison, which included eight months for the fraud and a mandatory consecutive two years for the identity theft. She faced up to a year on the fraud count under the guidelines. Cebull said he will determine restitution after getting more information."

To read the whole article, see

America's Most Wanted show about identity theft

Fox's America's Most Wanted tonight was in part about an identity thief on the loose. Here's the story of this identity thief's victim, as reported on by America's Most Wanted:

"A Decade Of Agony For Victim Of Identity Theft

Since she was a little girl, Joanna Sanez has been visiting her family in Mexico, but on the trip her family took in 2000, when she was 17, her life would change forever.

Joanna's vacation turned into a nightmare when someone broke into the place where she was staying. The unknown burglar stole Joanna's original birth certificate and her social security card, leaving her with no way to get back to the United States.

At that time, U.S. citizens were able to cross the border carrying just a birth certificate and a social security card; since then, the rules have changed, and a passport is required.

Joanna was told to report the crime to the Mexican authorities, and to alert the FBI stateside. Filing a police report was one thing, but trying to get back into the United States was another obstacle.

Left without the proper ID to cross back over the border, she thought she was going to be stuck in Mexico.

Joanna's father was with her, and after many phone calls and meetings with the local authorities, Joanna was able to cross back into the country -- without her original documents -- to finish high school.

The next year, Joanna turned 18, graduated from high school, and got her first job.

When she filed her original complaint, the FBI had advised her to be vigilant in monitoring her credit report. That's when the first red flag went up: Joanna's credit report claimed that she owned a home in Freemont, Neb., and several cars.

Something wasn't right. Joanna had never been to Freemont, and as a teenager, she definitely didn't have the money to buy a home.

Joanna got on the phone immediately, and contacted the Dodge County, Neb. Sheriff's office, and filed a report. She realized at that point she had become a victim of identity theft, but law enforcement had other priorities, and didn't have the resources to investigate an identity theft case.

The police couldn't help, the Federal Trade Commission couldn't help, and no one knew how to guide her.

At the same time, there was another person going by the name Joanna Sanez -- a fraudster -- living in Nebraska, and the real Joanna couldn't stop the imposter from co-opting her identity. The only thing the real Joanna could do was to keep monitoring her credit and contact the FTC when she spotted new activity.

Joanna tried to put the ordeal out of her mind to focus on her studies, and went off to college in New York, eventually graduating from the New York School of Interior Design. She moved to Colorado, continued to keep track of her credit, and continued to write letters to all three credit reporting agencies -- Equifax, Experian and TransUnion -- about activity in her name.
But Joanna didn't realize the severity of the credit attack until 2005.

She was living in Colorado with her boyfriend when she got a letter in the mail saying she owed $30,000 in back taxes. Joanna was scared because she always did her own taxes, and thought she had made a serious mistake.

The letter said that she had 15 days to pay, or the IRS would come to get her. Joanna panicked and raced to the IRS offices in Denver. There, they told her that she had been working in Freemont, Neb., was making a lot of money, but wasn't paying taxes.

She was told she needed to cough up the money... or else.

Joanna says she felt the room spinning out of control, and a feeling of panic came over her. She contacted an investigator in Nebraska and told him the whole story, but was told that her case was not a priority."

Keeping Your Own Identity Safe

America's Most Wanted sat down with Hemanshu Nigam, Chief of Security for News Corporation, the parent corporation of the company which produces AMW, to talk about identity theft.

'When I looked at what happened with Joanna, one of the biggest challenges she faced was getting a police agency to care, and a lot of agencies deal with all sorts of crime,' Nigam said.

'Identity theft, when it's just a passport and driver's license, may not be at the top of the list.'

'There's less money in the department to spend on investigations, and ... law enforcement is trying to decide [whether] to put your money in a case involving a murder or [an] identity theft case,' he said.

Nigam recommends checking your credit periodically, and you can do that for free.

If you are worried about theft, experts recommend putting a fraud alert on your credit report.
If you've been the victim of identity theft, file a police report. If the police station in your town doesn't want you to file a regular report, you can ask them to file a miscellaneous report.

'Police departments are learning, just like victims are, that once your identity is stolen, all sorts of other things can follow,' News Corp.'s Nigam says. 'That's why the credit reporting agencies have to put up alerts if you ask for it. They have to do a credit freeze if you ask for it. A credit freeze, by the way, is if I place a credit freeze on my account, anybody who wants to run my credit can't do it unless they have a special code that I have given them.'

You can also help the police department you are working with by creating a notebook, and taking all of your information with you.

'A lot of police agencies have a specifically-designated police officer or detective for fraud issues or identity theft issues,' Nigam says. 'Ask to speak to that officer, and show them what you've done to make their life easier.'

Once you have filed a report with your local police, you can then file a report with the FTC; the FTC's website compiles the information and matches up similar cases across the United States. But identity theft isn't just an online problem.

'In the offline world, every month your bills come, and they usually come in the middle or end of the month,' Nigam says. 'What do we always do? We fill it out, give up the money, pay the money, write the checks, put it in the envelope and put it in the mailbox down the street. We all have a little red flag, we push that flag up. What are we doing? If I'm an identity thief, and looking at that red flag, I'm saying, 'there must be some confidential information in there. Why don't I just open it and take it?' You're telling the neighborhood and the world there is stuff for you to take.'

Also, when making purchases online, Nigam says you shouldn't use your debit card: a debit transaction is an immediate transfer of your money directly out of your bank account, and it's hard to get that money back if you lose it to a scammer. If you use a credit card and are conned out of your money, your credit card provider is required by law to cancel the transaction and refund your account.

Will The Real Joanna Please Stand Up?

Joanna says she was scared of being arrested, because she didn't know who the woman in Nebraska using her name was, or if that woman was committing crimes under the name Joanna Saenz. Since the imposter had had her social security number, her date of birth, a legal address, and everything else she would have needed to commit crime in her name, Joanna's packet contained copies of the police reports she’d filed, papers from the social security office, recent credit reports and documentation of all fraudulent activity, a list of all the accounts opened under her name, and anything else she could dig up on the 'other' Joanna.

She kept copies of her detailed report in her car, on her person when she went on job interviews, hidden throughout her home, and always at the ready in case she needed to defend herself.
On July 18, 2007, Joanna gave birth to a little boy, and she was scared for his life. At that point, she says she thought, 'I'm not going to do this anymore. I have to get this person!'

Tracking the imposter became Joanna's full-time passion, in addition to working for the Englewood, Colo. Chamber of Commerce.

'I really went full throttle with this,' Joanna said. She finally found an advocate, at the Identity Theft Action Council of Nebraska, where a woman by the name of Jamie Napp was happy to help guide her.

Joanna would stay up late at night, combing over her credit reports and other paperwork with a fine-tooth comb.

Then, she noticed something that would help lead to her doppelganger's downfall. The imposter, it seemed, was working at a place called Staff Pro.

Joanna called the business and confronted them with the truth. They told her that the fake Joanna had worked with Staff Pro for a long time, before taking a job as an Irrigation Technician with Valmont Industries, a local manufacturing company.

As a matter of fact, the Freemont (Neb.) Tribune did a story about the fake Joanna Sanez, and her picture appeared in the local newspaper!

As time went on, no matter how much she stayed on top of things, the real Joanna was finding it harder and harder to get information. Creditors would begin contacting the real Joanna at her home in Denver, and instead of giving up more of her personal information, she would start asking questions.

When a representative from Cellular One called and told Joanna that she owed $600, Joanna would start firing off questions to get information on the fake Joanna. 'Where did I buy the phone?' she asked. 'What's my phone number? Whats my address? How did I pay for the down payment?'

They would usually get nasty with her, Joanna says, and demanded a payment.

Joanna continued to spend her time writing cease and desist letters to creditors, every single day for years. If she wasn't writing a letter, she was calling to check on the status of one she had already sent, or was working to contact someone else to get something straight with her credit.
A frightening turning point came in 2008, when she received a store credit card in the mail at her home in Colorado. Joanna believed it was a sign that her credit was shaping up, until her husband pointed out that Joanna never applied for a card.

Joanna called the number on the back of the card, and the operator told her that she had applied for the card in Freemont -- a place she had still never been. She was certain the fake Joanna knew where she lived, and the real Joanna feared for her safety.

Finally, in April 2008, Joanna notified the Nebraska Department of Motor Vehicles of her plight, and she made contact with an investigator there. At the same time, she contacted Immigration and Customs Enforcement, and spoke with Special Agent Charles Bautch's secretary.

Joanna told the secretary her story, and begged her to get the case information to S.A. Bautch. The secretary admitted on the phone that she was a little skeptical of the case, but moved the folder to the top of the pile.

Within three days, S.A. Bautch and the local investigator located the woman who they believe to be the fake Joanna and arrested her. When they went to her home, knocked on the door, and asked her if she was Joanna Sanez, she said yes.

They asked her for her birth date, and she told them that she was born in 1983 -- on the day Joanna was born. They asked for her social security number and her mother’s maiden name, and she gave them all of Joanna's information.

Investigators told the real Joanna that there was a little girl inside the home, apparently a daughter born to the fake Joanna in the United States. This woman, police have said, had purchased a house and two vehicles, gave birth to a child, started a promising career, and acquired several credit cards, all under Joanna's name.

Investigators asked her for her birth certificate and social security card, and that's when the alleged fake Joanna gave them Joanna's original stolen documents, which had been taken from Mexico so many years before.

Investigators learned that the woman's real name is Patricia Garcia-Pardo, who was actually born in 1985. They hauled Pardo to jail, but by the time she got there, she acted like she didn't speak English.

'I feel like a rape victim,' Joanna says. 'She took my life, she violated my privacy. I was scared.'
Grateful and thankful for years of hard work, Joanna sat down to write out thank you letters and send gifts to every single person who helped her along the way -- and even those who wouldn't help her.

State charges were brought against Pardo, and the investigator asked if Joanna wanted to take the charges federal. She did.

Pardo was transferred to federal court, but the judge didn't feel that she was a threat, and because she's not accused of a violent crime, he let her go.

Pardo was released on just $500 bail, and did show up for her first hearing, but by the time of the second hearing in October 2008, Pardo was nowhere to be found.

One of Pardo's former bosses, Walt Borne at Valmont Industries, says he knew Patricia Garcia-Pardo, but not as Joanna, and not even as Patti, but by the pseudonym 'Marie.'

'It almost makes you feel like you were tricked, that she could basically, you know, fool you into believing that she was who she wanted you to believe,' Walt says.

We also learned from Walt some traits that could help you track Pardo down. He says she is a big snacker, and likes eating lots of foods from the vending machines. Her job required her to do a lot of lifting 30- to 40-pound boxes, which she did without a struggle, and Pardo was always on time for her overnight shift.

Walt says Pardo got along well with her co-workers, and she was a very bubbly, chatty, friendly person.

Patricia Pardo is now a wanted fugitive on the run, and Joanna isn't stopping her fight to locate her.

Joanna hopes that by telling her story, she can inspire others who are victims or who may become victims in the future.

Joanna says that even once Pardo is behind bars, and after all she's been through over the last decade, she would still forgive her alleged scammer.

'If I don't forgive her, God wouldn't forgive me for my errors in my life, so I feel I need to forgive others as they have forgiven us,' Joanna said."

The info about and a picture of Joanna's identity thief is found here - Please take a look at the identity thief and help bring this identity thief to justice!

Tips on improving your credit score

While I don't agree with hiring a credit repair company to fix your credit, since most are scams, I do agree with the rest of the advice in this article by someone (the article doesn't identify who) that works for or owns a credit repair company. Here's the advice I do agree with:

"Beware of Store Cards

Department stores love to push their credit cards by offering a discount on your purchase if you sign up on the spot. This can be a good deal. But it is handy to know that store cards create triple trouble on your credit report. First, your score will be reduced because of the inquiry. Second, your score will be reduced because of the new account that will soon appear on your report. And third, store cards tend to give a low credit line, often just above your purchase amount. This can be terribly damaging as the FICO credit scoring model puts a lot of weight on the relationship between your balance and your high credit limit.

Watch That High Limit

I run a national credit repair company and speak to people all day long about their credit reports. One of the bits of advice that we like to offer our customers is to pretend they only have half the limit on their credit card that they really have. It takes some discipline to do this but it can make a big difference on your credit score. As soon as your balance exceeds fifty percent of your available limit your credit score will start to suffer. If your credit balances are currently close to your credit limits you might consider calling the credit card companies and asking them to increase your limit. You will be amazed at how fast this can make your score go up!

The Auto Shopping Credit Trap

I can’t tell you the number of times that we have looked at a credit report and seen multiple auto credit inquiries. When we ask our customer they inform us that they only went to two different dealers. Auto dealers will often shop for the best interest rate for you. If they shop with three auto finance companies you will have three credit inquiries. These multiple inquiries can have a significant impact on your score. This is not the auto dealers fault. After all, they are acting your best interest, but it is best to be aware of the possibilities. If you are shopping for a car I would suggest not providing your Social Security number until you are settled on the car you want.

[Ok, I don't agree with this one because I have been told numerous times by representatives of the credit bureaus and those (like me) that sue the credit bureaus often that multiple inquiries arising from a possible auto purchase are treated as one inquiry and thus do not overly affect your credit score.]

No More Mr. (or Mrs.) Nice Guy

Just about every day in the credit repair business we come across someone that was nice enough to co-sign for someone on a car loan. I’m sorry to say this, but chances are that if they need you to co-sign they will not make their payments on time. And this will kill your credit scores. I know that this is a tough call. It is hard to say 'no'. If this situation arises in your life I suggest an alternative approach. Go ahead and co-sign. But when the payment book arrives ask them to give it to you. Have them pay you instead of the auto finance company. You will make the payments on time. And maybe they will feel some extra obligation to make their payments to you on time as opposed to some anonymous auto finance company.

Don’t get complacent

Check your credit from time to time. In December of 2003 Congress passed the Fair and Accurate Credit Transactions Act (FACT Act) which, among other things gives you the right to get a free credit report from each bureau one time per year. This law was passed to protect you from the credit reporting errors that occur far too frequently. Don’t imagine that because you are doing everything right that the credit bureaus are reporting everything correctly. Get your reports and proof read them carefully. It’s your right."

To exercise that right, be sure to go to as I explained here - For the rest of the article about improving your credit score (even the parts I don't agree with), click here -

15 U.S.C. 1681c - part 3

Part 3 will complete my explanation of 15 U.S.C. 1681c of the Fair Credit Reporting Act.

"(g) Truncation of Credit Card and Debit Card Numbers

(1) In general. Except as otherwise provided in this subsection, no person that accepts credit cards or debit cards for the transaction of business shall print more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction.

(2) Limitation. This subsection shall apply only to receipts that are electronically printed, and shall not apply to transactions in which the sole means of recording a credit card or debit card account number is by handwriting or by an imprint or copy of the card."

[I find it odd that Congress decided to make this a part of the Fair Credit Reporting Act, since it has nothing to do with credit reporting. This governs what information is printed on a receipt a consumer is given when the consumer purchases something with either a credit or debit card. If the seller is providing an electronically printed receipt (as opposed to a handwritten one or the old timey imprint kind - you know where the employee takes your card and makes an imprint of the front of it on a piece of paper), the seller can only put no more than the last five digits of the credit or debit card number on the receipt and can not put the expiration date on it. This is a measure to prevent identity theft by thieves who somehow get your receipt (i.e. out of the trash or off the table at a restaurant). Other than that tenuous link to preventing identity theft, this provision really has no reason to be in the FCRA but I am glad that it is, since it is a good law and is now subject to enforcement via 1681n or 1681o.]

"(3) Effective date. This subsection shall become effective --

(A) 3 years after the date of enactment of this subsection, with respect to any cash register or other machine or device that electronically prints receipts for credit card or debit card transactions that is in use before January 1, 2005; and

(B) 1 year after the date of enactment of this subsection, with respect to any cash register or other machine or device that electronically prints receipts for credit card or debit card transactions that is first put into use on or after January 1, 2005."

[Both of these dates have now passed so, business owners that provide electronically printed receipts, make sure you comply!]

"(h) Notice of Discrepancy in Address

(1) In general. If a person has requested a consumer report relating to a consumer from a consumer reporting agency described in section 603(p) [i.e. 1681a(p)], the request includes an address for the consumer that substantially differs from the addresses in the file of the consumer, and the agency provides a consumer report in response to the request, the consumer reporting agency shall notify the requester of the existence of the discrepancy."

[This applies to the situation where a third party requests a consumer's credit report for a permissible purpose but the address provided by the third party for the consumer does not match any of the addresses appearing on the consumer's credit report. In that situation, the consumer reporting agency is required to notify the company requesting the credit report of the discrepancy in the addresses as that could mean its a potential fraud situation (i.e. where the identity thief uses an address other than the consumer's so he or she can get the fraudulent credit card when it arrives.) Lots of times identity thieves use addresses that they have access to but no other connection to, so the address used won't lead directly back to them.]

"(2) Regulations

(A) Regulations required. The Federal banking agencies, the National Credit Union Administration, and the Commission shall jointly, with respect to the entities that are subject to their respective enforcement authority under section 621, prescribe regulations providing guidance regarding reasonable policies and procedures that a user of a consumer report should employ when such user has received a notice of discrepancy under paragraph (1)."

[This section just requires the appropriate agency to provide some type of guidance to the companies that receive credit reports with a discrepancy in addresses so they will know why the discrepancy is potentially important and will know what to do in response.]

"(B) Policies and procedures to be included. The regulations prescribed under subparagraph (A) shall describe reasonable policies and procedures for use by a user of a consumer report --

(i) to form a reasonable belief that the user knows the identity of the person to whom the consumer report pertains; and

(ii) if the user establishes a continuing relationship with the consumer, and the user regularly and in the ordinary course of business furnishes information to the consumer reporting agency from which the notice of discrepancy pertaining to the consumer was obtained, to reconcile the address of the consumer with the consumer reporting agency by furnishing such address to such consumer reporting agency as part of information regularly furnished by the user for the period in which the relationship is established."

[In other words, the suggested procedures provided to the recipient of the credit report containing the address discrepancy should instruct the company to verify the identity of the consumer is what they think it is (i.e. not an identity thief) and, if it is so verified, report the new address to the consumer reporting agency if they make regular reports to the consumer reporting agency at issue.]

This concludes my explanation of 15 U.S.C. 1681c. I will start the explanation of 15 U.S.C. 1681c-1 in the near future.

Identity theft ring broken up

Jason Barry, a reporter with, reports on an identity theft ring in Arizona that was recently broken up.

"PHOENIX -- Arizona is the number one state in the country when it comes to identity theft, according to the victim's assistance group Identity Theft 911. It's a statistic Maricopa County Attorney Andrew Thomas is hoping to change.

Thomas held a news conference Friday to announce local law enforcement agencies broke up a major identity theft operation that put 17 ID theft suspects behind bars. 'These indictments and arrests are the result of a united effort by law enforcement to tackle gangs and identity theft,' Thomas said. 'The goal is to break this criminal syndicate, which stole thousands of dollars from victims in order to fund the Mexican Mafia.'

The suspects were arrested this week at various homes around the Valley and now face an assortment of charges including forgery, money laundering and trafficking stolen property."

The rest of the article can be found here -

June 19, 2009

New article about identity theft

Valerie Myers of the Erie-Times News wrote the following article about an identity theft that occurred apparently due to a security breach at Penn State Behrend.

"The first indication that Mark Klingman's identity had been stolen was a call from a collection agency last week. The agency asked for payment of $655 owed to AT&T Wireless on an account opened in Klingman's name, with his Social Security number, for a billing address in upstate New York.

Klingman, 23, of Cranberry Township, near Butler, didn't open the account. He has since discovered a second unauthorized account opened in his name, for a Capital One credit card. The 2007 Penn State Behrend graduate believes that both accounts were opened by someone who stole his name and Social Security number from a Behrend computer.

College officials announced in April that a computer storing the Social Security numbers of almost 11,000 graduates and other former students had been breached.The breach occurred in January. Fraudulent accounts were opened in Klingman's name in March. 'I can't be sure that it happened at Behrend,' Klingman, a human resources consultant, said. 'Behrend can't be sure that it didn't. The time frame makes me believe that it did happen there.'

Klingman acknowledges that the timing may be coincidental. The Federal Trade Commission estimates that 9 million Americans, or 3 percent of the population, are victims of identity theft each year. Klingman is the only person potentially affected by the breach to report identity theft to the college, said Bill Gonda, Behrend director of marketing communications. 'We've heard from surprisingly few alumni, about 30, and the rest of those had questions about the nature of the incident,' Gonda said.

Each person whose Social Security number was stored in the Behrend computer was sent information about the breach in April and was encouraged to keep an eye out for potential fraud, Gonda said. Behrend used Social Security numbers as student identification numbers before 2005. School technology experts do not believe that those numbers or any other information was downloaded from the breached computer.

'All of the forensics done on it suggested that data did not leave it. But we couldn't prove that it didn't,' Gonda said. The computer was infected with malicious software, probably when a user clicked on an e-mail, Gonda said earlier this spring. The infection was detected by university software and shut down.

Klingman has reported the fraudulent accounts opened in his name to the companies involved, to credit reporting bureaus, to the FTC and to Cranberry Township police. AT&T has closed the account in his name and taken it off his credit report. Klingman is negotiating for similar resolution of the Capital One account opened in his name and maxed out at $700.

'I refuse to pay for something I don't owe,' he said. Klingman has posted his travails on a Behrend alumni site on Facebook and encourages others whose Social Security numbers could have been stolen to continue to check their credit reports. 'There's a good chance that more people than me are having problems,' he said."

I think he's right, there are more people having the same problems. Thanks, Ms. Myers, for helping to shed light on the problem of identity theft.

15 U.S.C. 1681c - part 2

Here's part 2 of my explanation of 15 U.S.C. 1681c of the Fair Credit Reporting Act.

"(b) Exempted cases. The provisions of paragraphs (1) through (5) of subsection (a) of this section are not applicable in the case of any consumer credit report to be used in connection with

(1) a credit transaction involving, or which may reasonably be expected to involve, a principal amount of $150,000 or more;

(2) the underwriting of life insurance involving, or which may reasonably be expected to involve, a face amount of $150,000 or more; or

(3) the employment of any individual at an annual salary which equals, or which may reasonably be expected to equal $75,000, or more."

[This means that, if the credit report is generated either for a transaction whose principal amount (i.e. not including interest or other fees) exceeds $150,000, or life insurance worth more than $150,000 or for a job whose salary is $75,000 or more, then the items on the credit report do not have to be less than seven years old (or 10 years in the case of a bankruptcy).]

"(c) Running of Reporting Period

(1) In general. The 7-year period referred to in paragraphs (4) and (6) of subsection (a) shall begin, with respect to any delinquent account that is placed for collection (internally or by referral to a third party, whichever is earlier), charged to profit and loss, or subjected to any similar action, upon the expiration of the 180-day period beginning on the date of the commencement of the delinquency which immediately preceded the collection activity, charge to profit and loss, or similar action."

[Subsection (4) deals with collections and charge offs while subsection (6) relates to medical accounts published to the credit bureaus. Subsection (c)(1) starts the 7 year obsolescence period 180 days after the delinquency immediately before the account was assigned to collection or charged off. Thus, if the debt was most recently late 30 days before it is sent to collection, it must be removed from the credit report 6 years and 11 months after collection.]

"(2) Effective date. Paragraph (1) shall apply only to items of information added to the file of a consumer on or after the date that is 455 days after the date of enactment of the Consumer Credit Reporting Reform Act of 1996."

[I think the Consumer Credit Reporting Reform Act of 1996 was when the FCRA was amended prior to the 2003 amendments (i.e. the FACTA amendments). The 1996 amendments included the furnisher's duties under 15 U.S.C. 1681s-2(b). Obviously 455 days has already come and gone, so this section has little meaning.]

"(d) Information Required to be Disclosed

(1) Title 11 information. Any consumer reporting agency that furnishes a consumer report that contains information regarding any case involving the consumer that arises under title 11, United States Code, shall include in the report an identification of the chapter of such title 11 under which such case arises if provided by the source of the information. If any case arising or filed under title 11, United States Code, is withdrawn by the consumer before a final judgment, the consumer reporting agency shall include in the report that such case or filing was withdrawn upon receipt of documentation certifying such withdrawal."

[This subsection requires the credit bureau to report the type of bankruptcy (i.e. Chapter 7, Chapter 11, Chapter 13) if the type of information is reported by the source of the information. This subsection also requires the credit bureau to report any withdrawal of a bankruptcy filing if it is provided with documentation certifying the withdrawal.]

"(2) Key factor in credit score information. Any consumer reporting agency that furnishes a consumer report that contains any credit score or any other risk score or predictor on any consumer shall include in the report a clear and conspicuous statement that a key factor (as defined in section 609(f)(2)(B)) that adversely affected such score or predictor was the number of inquiries, if such a predictor was in fact a key factor that adversely affected such score. This paragraph shall not apply to a check services company, acting as such, which issues authorizations for the purpose of approving or processing negotiable instruments, electronic fund transfers, or similar methods of payments, but only to the extent that such company is engaged in such activities."

[In other words, if the number of inquiries (i.e. the number of times the credit report was accessed by third parties) negatively affected the credit score, the credit bureau has to tell the consumer in a "clear and conspicuous statement" that the number of inquires affected his or her credit score.]

"(e) Indication of closure of account by consumer. If a consumer reporting agency is notified pursuant to section 623(a)(4) [Section 1681s-2] that a credit account of a consumer was voluntarily closed by the consumer, the agency shall indicate that fact in any consumer report that includes information related to the account."

[This subsection requires the credit bureau to list any account as closed by the consumer if the credit bureau is notified pursuant to 1681s-2(a)(4) that the account was closed by the consumer.]

"(f) Indication of dispute by consumer. If a consumer reporting agency is notified pursuant to section 623(a)(3) [Section 1681s-2] that information regarding a consumer who was furnished to the agency is disputed by the consumer, the agency shall indicate that fact in each consumer report that includes the disputed information."

[In other words, if the consumer disputes to the company that provided information about the consumer to the credit bureau the way the information is published on his or her credit report (i.e. if the consumer tells the furnisher that the information it is furnishing is wrong or incomplete), then the credit bureau must list the account on the credit report as "disputed".]

That's it for part 2 of the explanation of 15 U.S.C. 1681c. I will finish my explanation of 1681c in the next installment.

New FCRA cases

No new FCRA decisions anywhere in the nation, at least according to Westlaw. None yesterday either. There was a case that came down the other day that I have not had a chance to post about yet, so I will try to do that tonight or tomorrow. And maybe there will be some new cases to report on Monday.

Questions, comments, criticism?

As I posted early on in the life of this blog, I am completely open to any questions any of you may have about the Fair Credit Reporting Act or any other consumer issue. So please post any questions you may have or, if you don't want anyone else to see your questions, feel free to e-mail me at

Also, if you disagree with something I have said on here, I'd like to hear that too. But please do that in a public comment so maybe others will voice their opinions as well. I would love for this blog to become more interactive with others sharing and adding their thoughts and opinions to my own.

I hope you enjoy this blog!

June 18, 2009

Another pro se case under the FCRA

Why is it that so many people think they can adequately represent themselves in Fair Credit Reportin Act litigation? This is by far the most complicated area of law that I have encountered in my ten years of practicing law. And this is the LAST area of law that I would recommend any non-lawyer trying to represent himself or herself.

Here's another case where a consumer represented himself - Pulliam v. American Express Travel Related Services Co., Inc., which was handed down by District Judge Matthew F. Kennelly of the United States District Court for the Northern District of Illinois, Eastern Division.

Representing himself, Pulliam alleged violations of the Fair Credit Reporting Act and the Fair Debt Collection Practices Act, as well as common law fraud, breach of contract, and intentional interference with prospective economic advantage. American Express moved to dismiss all the Plaintiff's claims.

Pulliam had an account with American Express. American Express offered to settle the amount owed on the account for less than the full value owed. Plaintiff took American Express on its offer and allegedly paid the settlement amount agreed upon.

The Plaintiff subsequently learned that American Express had a judgment against him. American Express had also reported three charged off accounts to the credit bureaus for inclusion on the Plaintiff's credit reports. The Plaintiff then disputed the American Express judgment and charged off accounts to the credit bureaus, among others. When American Express refused to correct the Plaintiff's credit report, the Plaintiff sued American Express alleging the claims listed above.

The Court correctly held that the facts do support a claim against American Express pursuant to 15 U.S.C. 1681s-2(a) and 15 U.S.C. 1681s-2(b) but also correctly held that there is no private cause of action for a violation of 15 U.S.C. 1681s-2(a). There is a private cause of action for American Express failing to perform a reasonable investigation pursuant to 1681s-2(b). The Court dismissed the Plaintiff's claims brought pursuant to 1681s-2(a) but allowed the Plaintiff's 1681s-2(b) claim to survive. The Plaintiff's 15 U.S.C. 1681b claim for American Express obtaining a copy of his credit report without a permissible purpose also survived because the Court correctly did not buy American Express' argument that the fact that the Plaintiff at one time had an open account with American Express gave American Express the right to pull the Plaintiff's credit report.

Suprisingly, American Express did not argue that the Plaintiff's state law claims were preempted by 15 U.S.C. 1681t(b)(1)(F). However, the Plaintiff's state law claims were dismissed for other grounds.

Overall, a good decision regarding the differences between a claim pursuant to 1681s-2(a) and one brought pursuant to 1681s-2(b).

June 17, 2009

New FCRA case regarding inaccurate credit reporting

A new opinion was released on June 15, 2009 by the United States District Court for the Middle District of Florida. The case is styled Welch v. Target National Bank. District Judge John E. Steele penned the decision. Dianne M. Welch, the Plaintiff in this case, had a Target credit card that was included in her Chapter 7 bankruptcy. The debt to Target was discharged in the Plaintiff's bankruptcy.

Despite the discharge, Target continued to report the discharged debt to the credit bureaus as having a current past due balance of over $6000. Target should have reported the account as "included in bankruptcy" with a $0 balance and no late payment history. Despite numerous disputes, Target refused to correct the way the account was being reported on the Plaintiff's credit reports.

The Plaintiff brought three claims, one under the Fair Credit Reporting Act, one under the Florida Consumer Collection Practices Act and one for violation of the discharge injunction. Target moved to dismiss all three claims.

The Court correctly held that the Plaintiff's FCRA claim should not be dismissed because there is no restriction that only a consumer reporting agency may provide notice of a dispute. It is unclear from the facts what exactly happened as far as the disputes so I am not sure what the Court meant by this statement. Regardless, the Plaintiff's FCRA claim survived.

The Court also correctly held that the Plaintiff's claim under the Florida Consumer Collection Practices Act should survive. Target claimed that the FCRA preempts the Florida Consumer Collection Practices Act. The Court correctly disagreed. While the FCRA does preempt state credit reporting acts (except for the two that are excluded from preemption), the Florida state law at issue governed collection of debts, not credit reporting. Thus, Judge Steele correctly held that the FCRA does not preempt the Florida Consumer Collection Practices Act.

Finally, the Court held that the Plaintiff's claim that Target violated the bankruptcy's discharge injunction against collecting a discharged debt could only be heard in a bankruptcy court, so the Court dismissed this claim.

June 16, 2009

New case involving an investigative consumer report for employment purposes

The United States District Court for the District of Connecticut released an interesting new opinion on May 28, 2009. The case is Deborah Adams v. National Engineering Service Corporation and involves claims arising from a background check that contained errors and cost the plaintiff a new job.

Basically (and I do mean basically) what happened is that National Engineering Service Corporation ("NESC") was contracted by a potential employer of Adams to run a background check on Adams. NESC got a company called "Verifications" (who was also a defendant in the lawsuit) to run the background check. Verifications prepared the investigative consumer report which contained errors, namely several convictions that showed up under someone with the same name and date of birth as the plaintiff but was not the plaintiff. Verifications was provided the report by yet another company that was not a defendant but probably should have been. Due to the erroneous criminal record, Adams was not hired.

NESC first claimed that it was not subject to the FCRA because it claimed it was not a consumer reporting agency since it didn't prepare the report since Verifications did. The Court found that NESC is a consumer reporting agency because it "evaluated" the consumer report when its employee commented in an e-mail to the employer that the background check was "not good at all."

The Court then found that the Plaintiff presented sufficient evidence for her 15 U.S.C. 1681e(b) claim to survive. 1681e(b) requires consumer reporting agencies must follow reasonable procedures to assure maximum possible accuracy of the credit reports they create. Most courts (like this one) have held that whether reasonable procedures were used is almost always a question for the jury and thus not appropriate for summary judgment where there is evidence of an error on the credit report. In Adams, the defendants did not contest that the background check contained errors, so the Court found that the plaintiff's 1681e(b) claims survived.

The only claims of the plaintiff that were dismissed were some state law claims, primarily because the court found no evidence of malice on the part of the defendants (just evidence of stupidity, apparently). Since 15 U.S.C. 1681h(e) provides CRAs with qualified immunity from state law claims unless there is malice, the Court dimissed the state law claims for defamation and negligence. It dismissed the other state law claims on other grounds.

The only beef I have with the Court's ruling is that it did not consider all of 1681h(e). 15 U.S.C. 1681h(e) grants qualified immunity for certain state law claims if there is no malice but only for certain disclosures of consumer reports, i.e. disclosures made pursuant to 1681g, 1681h or 1681m. Disclosures pursuant to these sections only go to the consumer himself. Thus, disclosures made to third parties (i.e. Adams' potential employer) do not get the benefit of qualified immunity. In defense of the Court in this case, there are many other Courts that have also missed this point.

Overall, though, a great and informative decision.