Identity Theft

Q&A: Getting help with credit scores after identity theft

November 14, 2016 By Liz Weston

Dear Liz: Would you please help readers learn how to fix credit scores after identity theft? I have been a victim at least eight times in the past five years. I have filed three police reports regarding these matters and sent them along with other proof to the big three credit report agencies. Only one quickly answered and deleted the false entries.

Answer: You have a friend in the Consumer Financial Protection Bureau.

In the past, complaints about credit bureaus went into a black hole. The Federal Trade Commission collected them but warned consumers that it couldn’t expect any action on their individual cases. The Consumer Financial Protection Bureau, by contrast, forwards consumer complaints directly to the financial company and works to get problems solved. The bureau says 97% of complaints get a timely response.

Before you make your complaints, though, you should check your credit reports again. One bureau may have been faster in responding, but the other two may have since deleted the bogus accounts.

Q&A: The insecurity of bank security questions

October 10, 2016 By Liz Weston

Dear Liz: I recently opened an account at a bank that boasted “multi-factor authentication,” but I looked into the claim and it turns out the bank is using passwords plus answers to security questions, such as the name of your first pet, as the “multi-factor authentication.” I expect you know that the real multi-factors are something you know, like a username and password, something you have, like a code that has been sent to your phone or email, and something uniquely inherent to you, like a fingerprint. Clearly, this bank is misrepresenting its “multi-factor authentication.”

Answer: If there was any doubt about how insecure security questions are, it should have been settled with the hack of the IRS’ Get Transcript service. The criminals gained access to 700,000 taxpayer accounts by correctly answering multiple questions with answers supposedly known only to the affected taxpayers. In reality, the answers to many security questions can be purchased from black market databases or simply found by perusing people’s social media accounts.

If your financial institutions are still using security questions to identify you, you should demand to know why. If the institution doesn’t offer at least two-factor authentication (a password plus a code), you should consider putting your money somewhere else.

Q&A: Parental identity theft

September 14, 2015 By Liz Weston

Dear Liz: I have been dating my boyfriend for about eight months and he recently told me that his dad took out a credit card in his name when he was a baby. He has about $150,000 in debt because of this! This is a very serious, life-changing crime but my boyfriend is reluctant to take his dad to court. I’m worried about our future together and don’t know where to go from here.

Answer: Parental identity theft is unfortunately not uncommon — and the parents typically get away with it. Victims are reluctant to file the police reports necessary to clear their names because doing so could trigger criminal prosecutions of their family members.

If your boyfriend is not willing to file a police report, the debt is considered his and he probably will need to pay it, settle it or declare bankruptcy to move on with his financial life.

If he’s ready to hold his father responsible, the Identity Theft Resource Center at www.idtheftcenter.org has more information about filing police reports and starting the long process of cleaning up his credit.

Q&A: Using a separate credit card for online purchases and automatic payments

December 29, 2014 By Liz Weston

Dear Liz: I saw your recent column from the couple upset about the inconvenience of having to reset the automatic payments when their credit card was reissued due to fraud. We had the same problem (our credit card has been reissued six times now!) and got some great advice I’d like to share. We got a separate credit card that is used for nothing but automatic payments and online purchases. It has never been hacked like our other card that we use constantly in the community because we earn airline miles. The last two times our regular card had to be replaced was in the Target and Home Depot hacking, but the other card has been fine so far. We are keeping our fingers crossed. Our issuer has now given us a chip card to replace the constantly hacked one, so I hope we have better luck going forward with both credit cards.

Answer: Several other readers wrote to say they do something similar by using different cards for different purposes, including devoting one to making automatic charges.

It might be wise to have a separate card just for online purchases, however, since the incidence of “card not present” fraud (including online and phone transactions) is higher than that for transactions where the card is physically presented to the merchant.

Q&A: Credit card fraud and automatic payments

December 1, 2014 By Liz Weston

Dear Liz: We’ve had three cases of credit card fraud. Each time, the credit card company issued new cards with new numbers and canceled the old ones (along with the fraudulent charges). We had nine monthly auto-payment authorizations set up, and we seethed at the fact that the card company would not offer to authorize our auto-payments via the new numbers. We eventually received late-payment notices and charges, since the old numbers were still on the record with payees. Are there companies that offer updates to payees when cards are canceled, and new ones issued, in such fraud situations?

Answer: Given all the database breaches lately, automatic updates to auto-payments might come in handy.

But it seems you’re on your own. Your agreements with your billers typically state that you’re required to update them whenever a card expires or its number changes. Many billers will alert you when an expiration date is near or if a charge doesn’t go through, but ultimately it’s your responsibility to keep track.

It’s a good idea to keep a list of your auto-payments so you don’t forget to update them all when this happens again. If you don’t have a list, simply checking your past statements should remind you which accounts are on auto-pay.

Q&A: Fraud or forgetfulness?

October 27, 2014 By Liz Weston

Dear Liz: I think I’ve been scammed, but my credit union has decided I’m simply forgetful. I noticed a debit to my checking account that I did not recognize from a merchant I cannot identify. The merchant name appears on my statement as simply “Portland Portland OR.” My credit union can tell me only that it is a used-merchandise store or secondhand store. I questioned the charge by email and replaced my card. Then I got a letter from the credit union upholding the charge, saying that my card and PIN were present at the time of the transaction. I never did learn the merchant’s name. Can this merchant really not be identified? The $10.48 in dispute is unimportant compared with the complete opacity of the supposed purchase. No name, no address, only a day and time. Is this mystery the best the banking system can do?

Answer: Your credit union could identify the merchant by contacting the card network that processed the transaction, but has apparently decided it’s not worth the effort, said Odysseas Papadimitriou, chief executive of Evolution Finance, which operates the CardHub.com card comparison site. You can demand the credit union identify the merchant for you, but there’s reason to believe this transaction is legitimate, he said.

It’s not just because a personal identification number was used, however, since PINs certainly can be stolen. Hackers have compromised keypads at Michael’s stores and Barnes & Noble, among other retail chains, while Target said encrypted PIN data were stolen in its massive database breach.
But the use of a PIN combined with the small amount of the transaction indicates the culprit here likely is forgetfulness rather than an identity thief, Papadimitriou said. ID thieves are unlikely to make one small transaction and then wait, he said.

“They try to extract the max they can before they get shut down,” Papadimitriou said.
Still, your experience should make you think twice about using a debit card for a retail transaction. With debit card fraud, you may have to fight with your financial institution to get the money back, since the transaction comes directly out of your checking account. With credit cards, you don’t have to pay a disputed transaction until the card company investigates.