Unclaimed property records are easy targets for fraudsters.
As cybercriminals become more skilled, the privacy practices at many organizations have not kept apace. In the State Compendium of Unclaimed Property Practices that I’ve compiled, I found this to be the case at many state treasuries where the data exposed provides fraudsters with a crime exacta: claiming money that no one will ever miss and gathering various nuggets of personal data that can help facilitate other types of identity theft.
First, you have to understand what “unclaimed funds” are and how they work. Our states are responsible for ensuring unclaimed property makes it into the right hands. Twice a year, organizations like banks and insurance companies report uncollected payouts to their state’s Unclaimed Property Office. From there, the debt is published in a local newspaper, and if it remains unclaimed, the property (funds, stocks, commodities, etc.) has to be surrendered to the state for safekeeping until a claim is made.
Two years ago, there was a total of $58 billion in unclaimed property nationwide. In theory, it’s safe. You need to be able to identify yourself and go through a verification process to collect the money. However, because Social Security numbers and other personally identifiable information (PII) are increasingly easy to find on the dark web, consumers are faced with a potential fraud-frenzy not unlike the spike in stolen tax refunds of recent years. It takes a good deal of information for a fraudster to claim funds that rightfully belong to you, but the danger of PII on unclaimed funds sites cuts both ways – fraudsters can find out that you have unclaimed money and try to gather other information about you in order to claim it, or they can use the information from the unclaimed funds sites to build a dossier on you and target you for other scams.
This is not a hypothetical problem. Interestingly, the first explanations of the issue in a simple Google search (i.e., unclaimed funds identity theft) came not from a state treasury, but a site called Scambusters. One common scheme involves charging a fee to “locate” your unclaimed property. In the process, the swindler grabs personally identifiable information that can be used to commit identity theft. Stories about stolen unclaimed funds abound. In 2011, a Houston woman was convicted for stealing almost $500,000 in tax refunds and unclaimed funds. According to KHOU.com, “Officials said Thomas used public databases to locate the names of the people owed money, then used their personal information to claim the funds.” Texas scored a lone star in the compendium—the worst ranking here.
This has become an issue because of data breaches. News is still trickling out about the millions of federal employees whose personally identifiable information was exposed to hackers because of shoddy data security at the Office of Personnel Management. Between the breach at Anthem that leaked Social Security numbers and the Premera breach that leaked far more specific information (in addition to SSNs), almost 100 million records were stolen. The recent IRS revelation that fraudsters essentially walked through the digital front door and stole $50 million in tax refunds using information accessed in its “Get Transcript” application highlighted the need for more stringent processes at government agencies. That swindle, like so many others, was made possible by a seemingly never-ending string of breaches. The fraudsters had enough information to game the IRS verification process. The same approach could be used with unclaimed funds.
While I am focusing here on the state offices responsible for unclaimed funds, knock on any organization’s door these days and you will find data security and privacy issues.
According to some estimates, there are more (perhaps significantly more) than a billion records “out there.” Therefore, it is crucial that organizations entrusted with our personal information do everything possible to limit our exposure, especially when our money (as well as the integrity of our identities) is on the line.
The compendium found that more than half the country could be doing a better job. Thirty-six states had practices that exposed more personal information than was necessary—ranked “Not Good” (28) or “Bad” (8)—exposing various kinds of data that fraudsters can use to build the type of personal information dossier on an individual (or even a celebrity, we found) that facilitates the commission of identity theft.
What Can We Do About It?
For Consumers: Get your money now! Visit your state’s unclaimed property site as soon as possible to see if you have a claim, and if you do, go through the process before your evil twin does. And, as always, stay vigilant. Just because you don’t have unclaimed funds doesn’t mean a scammer can’t get to you other ways. Monitor your financial accounts regularly for unauthorized charges, and keep an eye on your credit reports and scores for signs of new-account fraud.
For States: Respect your fiduciary duty to protect us and expose less PII in the verification process.
How does your state measure up? Click here to read the full State Compendium of Unclaimed Property Practices.
More From Credit.com:
Some students worry about whether they’ll get the financial aid they need to pay for the next semester of college. Others wonder why there is a record of them taking out student loans when they didn’t apply — and now they can’t get the loans they need. Consider these scary scenarios readers have told us about recently:
- Trey: I just checked my credit score and [someone] has taking a student loan out in my name what can I do?
- Felecia: My tax refund was taken away because they said I [attended] school and I have never been enrolled in school. I don’t even have a GED or high school diploma so how can I get them to refund me my tax refund back?
- Theresa: I’m just tired of all the craziness. Someone [has] been able to hack my identity some kind of way and follow my mother’s address and another address that I had and they got student loans in my name, I called the company and they just gave me the runaround, so now I have to figure out what else is there for me to do…
Most victims of student financial aid fraud find out when they apply for a federal loan that they are denied because they already have a loan — only they don’t have it. Instead, someone using their name and birthdate has the loan money, and it’s then the victim’s battle to restore their own credit.
How does somebody who isn’t you apply for a loan that you would be entitled to? We asked Brett Montgomery, fraud operations manager for identity theft and data risk services provider IDT911, and this is how he explains it: “Applicants and enrollees are not required to have their identities confirmed, and because institutions do not always otherwise verify students’ identities. With a valid date of birth, name and Social Security number, anyone can get a loan — especially online — since the system is designed to encourage electronic access to student loan assistance.”
Worse, you may not know that someone has taken a loan out in your name until something bad happens, like the Internal Revenue Service seizing your tax refund to pay the defaulted student loan you knew nothing about, or finding a student loan on your credit report. And sadly, it was probably a lot easier for the identity thief to access the money than it is going to be for you to be able to get a student loan or the tax refund that was rightfully yours. “The amount of documentation needed to prove your innocence is more than what was used or verified to establish the fraudulent loan,” Montgomery said in an email.
But you can’t even begin to try to untangle the mess unless you know it exists. For that, he recommends checking your credit often — though he cautions that not all government loans report to the credit bureaus. “Typically people are made aware through collection notices through the mail or by phone. Another way is when they have to apply for the same type of government student loan and they are informed they already have a loan out.”
The other question is why someone would take a student loan out in someone else’s name. Presumably it’s not to get an education. After all, a degree in someone else’s name isn’t likely to be valuable long-term. But cash is. While the proceeds of these loans are supposed to only be used for qualified educational expenses, the reality is people use them for just about anything.
How Long Can It Take to Unravel?
If, like Felecia, your tax refund is taken, it can take at least eight months, and possibly much longer, to get your money back, Montgomery said. And if you are refused a student loan because you supposedly already have one? “The government tends to not loan money out when there may already be the same type of loan in the person’s name,” Montgomery said. “All you can do is supply the requested documentation and hope they remove the fraudulent loan from your name and credit.” So if the loan refusal happens shortly before you need the money, you are going to need a Plan B.
If you’re a parent helping a student apply for aid, explain what personally identifiable information (PII) is and how to protect it, Montgomery said. Educate your student to ask why someone is requesting their Social Security number and how it will be protected if they give it to them. (And don’t give your child’s number out yourself unless you are satisfied the person requesting it actually needs it and will protect it.) If you hire a professional to help you fill out the FAFSA and apply for aid, make sure the personal identification number (PIN) is known only to you. While there is not yet a way to be absolutely certain you won’t be a victim, you can reduce the opportunities for a thief to access the data that make it easier to take federal student loans out in your name.
If, despite your best efforts, you become a victim, your best bet is to report it as soon as you discover it. The U.S. Department of Education recommends contacting these offices, as well as the three major credit reporting agencies, depending on your situation:
- U.S. Department of Education Office of Inspector General Hotline
- Federal Trade Commission
- Social Security Administration
Also understand that a fraudulent student loan may not be the end of the story. It clearly indicates that someone was able to access enough of your personal information to get a loan. That information could be re-used at some point to get a credit card, etc. It’s important to regularly monitor your credit and to investigate major changes in credit score that you can’t account for as well as credit inquiries or new accounts you don’t recognize. You may want to place a fraud alert or security freeze on your credit reports as well.
More From Credit.com:
Children are particularly vulnerable to identity theft because they have little reason to access their credit histories.
An 18-year-old looking to purchase his first car.
A young woman applying for the student loan that will put her through college.
A foster youth aging out of the system and eager to get a place of his own.
These are exciting milestones in the lives of young people, turning points that mark new beginnings and the start of independence. Now imagine you’ve reached this crossroads only to discover that your identity had been stolen. Instead of the pristine, untapped credit record you’re expecting, you find years of charges, debt and defaults racked up by a criminal using your name and Social Security number.
It’s a scary thought, and not as rare as you may think. Identity theft has been the top consumer complaint received by the Federal Trade Commission for more than a decade, and those complaints increasingly involve minors or young adults tapping into their credit for the first time. The ensuing chaos and barrage of paperwork is a difficult maze to navigate for most adults, never mind young people who have not yet even opened their first credit card.
Children are particularly vulnerable because they have little reason to access their credit histories. By the time the discrepancies are discovered, the damage has been done. We must make it easier for parents to protect their children’s financial futures.
All children are vulnerable to identity theft, but foster youth are especially susceptible. Their personal information, including Social Security number, is passed through many hands, increasing the chances of abuse. Moreover, when they age out of the system, they often lack a parent advocate to fight on their behalf. As a co-chair of the Congressional Caucus on Foster Youth and someone who grew up with foster siblings, this is an issue about which I care deeply.
In 2011, I successfully incorporated a provision into the Child and Family Services Improvement Act mandating free credit checks for foster youth over 16 years old, giving them time – and assistance – to clear inaccuracies from their records before they aged out of the system.
I believe similar protections are necessary for all children, and I continue to call on my colleagues in Congress to enact a solution.
The Protect Children from Theft Act, which I introduced in April, aims to safeguard children from becoming victims of identity theft. The bill directs the Consumer Financial Protection Bureau to write a rule that gives parents and guardians the ability to create a protected, frozen credit file for their children. Placing a freeze on a credit report would prevent lenders and others from accessing a credit report entirely, which in most instances would stop an extension of credit. I hope that this legislation, if passed, would create a simple, easy-to-understand process for families to protect their child’s financial interests. New parents are consumed with many questions and concerns; diapers and teething likely take precedence over their child’s future credit score. We need a process by which parents and guardians have an easy, streamlined way to freeze a child’s credit.
As co-founder and co-chair of the Congressional Cybersecurity Caucus, I am well aware that cybersecurity is not a problem that can be solved, only managed. An often overlooked component to that management is resilience, being able to recover from an incident. We are all increasingly reliant on technology and the data that drive it; today, we trust a multitude of networks with personal financial data and private information, including health care records and, yes, even our Social Security numbers. If we want to benefit from the economic efficiencies of technology but still avoid identity theft, we need personal cyber resiliency so that we can recover when our data are compromised. We need to keep tabs on who has our personal information and what is at risk in the case of a breach. We need to check our credit scores, put alerts on our credit cards and work with our banks to ensure our financial information is as safe as possible. And we need to exercise the same vigilance for our children and their data.
I will continue to fight to protect children from identity theft to give them a fair shot when their time comes. Let’s share our good cyber habits with the next generation and make sure that when they are ready to buy that car, take out that student loan or sign a lease on that new apartment, identity theft doesn’t derail the milestone.
More From Credit.com:
They're the best way to stop fraudsters.
If you haven’t already signed up to get alerts on your mobile phone from your credit card issuer, what are you waiting for?
Mobile alerts can tell you within minutes if your card is used in another country or if your payment is overdue. They can save you the embarrassment of being blocked at the cash register if a transaction seems suspicious by asking you via two-way text if the purchase is legitimate. And as I recently learned firsthand, they can help you catch fraud almost instantly.
I had just started receiving mobile notifications of every transaction on my American Express card when a transaction I didn’t recognize for $748 popped up. I immediately got on the phone. Sure enough, it was fraud. And even though AmEx hadn’t flagged it as a suspicious transaction, I was able to shut it down right away because I saw it.
That’s the beauty of mobile alerts and notifications, said Mark Schwanhausser, director of omnichannel financial services at Javelin Strategy & Research: “It’s a way to involve the customer and deputize them, because they often know better than the banks if something is legitimate or not.”
The alerts can also help you manage your personal finances by alerting you before a payment is due, if your balance goes over a specific amount or if you’re close to your credit limit. About four in every 10 consumers today have received some kind of alert from a financial institution, according to a Javelin report published in April. The company predicts that number will rise to more than half of U.S. consumers by 2019.
However, the report said most banks aren’t doing enough to promote their alerts, that it’s confusing and difficult for customers to enroll, and the alerts are “remarkably difficult” to turn on. “Finding alerts settings is akin to a Where’s Waldo’ search,” the authors wrote.
Since the issuers may not make it easy, here’s what you need to know to sign up:
How do you want to get your alerts?
You can get alerts through email, text message or “push notifications” that pop up in the status bar or notification tray of your cellphone. Email alerts are still the most common, according to Javelin, with 36 percent of consumers receiving them, compared to 22 percent for texts and 14 percent for notifications. Here are the pros and cons of the different types:
- Email: Every bank surveyed by Javelin offers email alerts, and this type has been around the longest. The problem, of course, is that some folks don’t have email on their phones. Even if you do, you may not check it regularly. “Fraudulent transactions happen fast,” said Julie Conroy, research director at Aite Group. “A thief will do a little testing and then go to town, so it’s important to catch fraud as quickly as possible.”
- Text message: About 95 percent of banks allow their customers to receive at least some financial alerts via text. Because we’re conditioned to give texts our immediate attention, this type of alert is a good choice for news you consider urgent. “Since you use texts to communicate with people, it might be annoying to get a text for every transaction,” Conroy said. “Also make sure you consider whether you’re going to incur charges for texts.” Some banks offer two-way texts that pop up instantly on your phone if you try to make a transaction that looks suspicious. If you respond that the purchase is legitimate, your card will go through instead of being blocked at the point of sale.
- Push notification: This is the type of notification that I received from American Express. They pop up on your phone’s lock screen, in the banner at the top of your phone or in your “notification tray” even when you’re not using your card’s mobile app. They are more likely to get your attention than an email, but they’re less obtrusive than a text. Fewer than half of banks offer these, but Javelin predicts they will surpass text notifications as the No. 2 form of alert by 2019. Fueling that prediction: 45 percent of consumers surveyed said they think push notifications from their bank would be valuable, even though only 14 percent receive them.
When do you want to get an alert?
Signing up for at least some mobile alerts should be “a no-brainer choice for the customer,” said Brian Riley, principal executive adviser at CEB TowerGroup. “You don’t necessarily need an alert for every transaction. But everyone should want some type of notification,” he said.
Most issuers allow you to customize the type of notifications you receive and how you get them, so you can make sure you don’t get too many. “Typically there’s a control panel that says, ‘Text me or email me based on these specific conditions,'” Riley said. You can also turn them on or off anytime.
Some alerts are designed to enhance security; others help you stay on top of your personal finances. Here are some options you may see:
- Suspicious transaction: When issuers suspect fraud, they automatically try to contact you. But federal law requires them to get permission before they can notify you via text instead of calling you or sending an email.
- Card-not-present transaction: This notifies you anytime a purchase is made without a swipe, so it’s mostly Internet transactions. “These transactions are much more vulnerable to fraud because all they need is your account number, not your actual card,” Riley said, “so this option should be first on your list.”
- Gasoline transaction: Gas stations are another hot spot for thieves; you’ll be notified anytime a purchase is made at one.
- International transaction: Because a lot of fraud originates overseas, this can be a good way to catch fraud if you rarely travel abroad; you can turn it off when you leave the country.
- Transactions over a preset amount: You can choose to be notified of every transaction over a specific dollar amount. If you choose $0, you’ll be alerted to every transaction; set a higher dollar amount to minimize the number of alerts.
Personal finance alerts:
- Available credit: Sent when your credit falls below a specified amount you set.
- Balance: Sent anytime your credit card balance exceeds an amount you set. This can be particularly useful if you have multiple people using your card or if you’re trying to stay within a budget.
- Low balance: An alert if the balance in an account linked to your debit card falls below a specified amount.
- Payment due: Notifies you a specified number of days before a payment is due.
- Missed payment: Sent if no payment was received by the due date.
How to sign up
Banks are cautious about automatic enrollment, Schwanhausser said, because “they don’t want their customers to feel like they’re being spammed or overwhelmed.” Most send automatic security alerts via email (or through a call to your home phone) anytime your personal information or settings are changed or if they notice suspicious activity.
To start getting text messages or push notifications to your cellphone, you have to proactively sign up. Though it can be difficult to enroll, it’s worth doing simply so your bank can reach you quickly on your cell if it detects suspicious activity. “It’s also a lot more convenient for you to hit reply to a text and say, ‘Yes, this was my transaction,’ or ‘No, it wasn’t,’ than to get an email about something and have to take the time to call in,” Conroy noted.
Every card has a slightly different process, but here are the basic steps to start getting text message alerts:
- Log in to your card’s website.
- Look for something in the menu that says “manage alerts” or “go to alerts.” If you don’t see the word ‘alerts,’ you may have to click on “Profile” or “Settings.”
- Look for an option that will allow you to put in your mobile number, change your contact information or add text messages.
- Because federal law requires you to opt in to receive text, you’ll have to activate the service by entering a code that the bank will send as a text.
- Most issuers then list the types of alerts you can receive and how you want to receive them (email or text). Make your choices and then hit save.
To start getting push notifications, follow these steps:
- First, find out if your card issuer offers the service. Javelin’s report in April said the following financial institutions were using push notifications, but more banks are adding them every day: American Express, Bank of America, M&T, BBVA compass, Regions, Chase, USAA, Citibank, Wells Fargo and Fifth Third.
- Download the institution’s mobile app.
- In most cases, you can add push notifications through an app menu option that says something like “Manage alerts.” If you don’t see it as an option in the mobile app, you may have to add push notifications through the card’s website. Call the phone number on the back of your card if you’re having trouble.
- Once enrolled, you may still have to change the settings on your phone to “allow notifications” from your bank’s mobile app. On most phones, you can go to settings and look for “notifications.” Some, including iPhones, let you decide whether to turn on sounds and badges with the notifications.
After my own experience with fraud, I took the time to turn on mobile alerts for all of my active credit cards and bank accounts (it did take some time and a few phone calls). To keep my messages box from filling up, I elected to receive texts only for news I considered urgent: suspicious activity, a low balance or a payment missed. But I’m receiving push notifications on my phone for most other transactions, and so far, I haven’t minded the extra communication. In fact, I take comfort in knowing that if fraud happens, I’ll catch it quickly.
More From CreditCards.com:
But I'm not dead yet.
There are countless ways your credit report can get messed up, all of which can seem pretty annoying to fix. Perhaps one of the most unsettling problems you might find with your credit report is if it says you’re dead, when you’re most certainly alive. It’s not unheard of for consumers to apply for credit and be rejected because their reports incorrectly list them as deceased. But just like all credit reporting errors, it can be disputed and fixed. Unfortunately, it’s not always a simple process.
Why Your Credit Report Says You’re Dead When You’re Not
There are generally three reasons your credit report might incorrectly say you’re dead, said Robert Brennan, a consumer protection lawyer in Southern California. You’re probably dealing with a mixed file, identity theft or a simple mistake, and your course of action will vary slightly depending on the cause of the problem. Either way, you’re going to need to dispute the error with the credit bureaus.
How to Confirm You’re Not Dead
Obviously, having a credit report that incorrectly marks its subject as deceased can be really problematic for the consumer. Not only is a credit report one of the main documents consulted during lending decisions, it’s also something that may be reviewed by employers, insurance companies, landlords and other service providers, as they decide whether or not to work with you. As a result, you want to fix any credit report errors as soon as you find them. That’s why it’s a good idea to check your credit reports and credit scores as frequently as possible.
Once you realize your credit report says you’re deceased, talk to the credit reporting agencies. The dispute process for each of the three major credit bureaus (Equifax, Experian and TransUnion) is outlined on their websites. Keep in mind that the bureaus do not share information, so you need to check each report for accuracy and dispute issues separately. Brennan said to dispute the error in writing and send it through Certified Mail.
“Provide them with current identification (driver’s license, recent tax return, recent utility bill) and tell them to correct the status to ‘living,’” Brennan said, via email. “If the bureau fails or refuses, then the consumer has rights under the Fair Credit Reporting Act which would include his/her damages plus his or her attorney’s fees.”
What to Do If the Problem Persists
If the error is a result of identity theft, you’ll have more to do than file a dispute with the credit reporting agencies. Victims of identity theft should file police reports, check if fraudulent accounts were opened in their names (and terminate them), put fraud alerts on their credit reports, report the incident to the Federal Trade Commission and contact the IRS for an identity theft PIN to avoid problems during tax season.
It’s important to keep meticulous records throughout the process, because even if you resolve the issue, it could come up again, and you’ll want to be able to prove it’s an error — that will be a lot easier if you don’t have to start from scratch.
More From Credit.com:
"It's irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation"+ READ ARTICLE
(BEIJING) — China said Friday that any allegations that it was involved in breaking into U.S. government computers are irresponsible.
Chinese Foreign Ministry spokesman Hong Lei said at a regular news briefing that Beijing hopes the U.S. would be “less suspicious and stop making any unverified allegations, but show more trust and participate more in cooperation.”
U.S. officials say China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million federal workers.
Beijing routinely dismisses any allegation of its official involvement in cyberattacks on foreign targets, while invariably noting that China is itself the target of hacking attacks and calling for greater international cooperation in combating hacking.
“We know that hacker attacks are conducted anonymously, across nations, and that it is hard to track the source,” Hong said. “It’s irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation.”
China’s military is believed to have made cyber warfare capabilities a priority more than a decade ago. One of the few public announcements of the capabilities came in a May 25, 2011, news conference by Defense Ministry spokesman Geng Yansheng, in which he spoke of developing China’s “online” army.
It's possible in these exceptional circumstances.
Let’s say your identity was stolen and the identity thief opened up dozens of fraudulent accounts, causing you tons of grief and taking months (or years) to untangle the mess. Can you get a new Social Security number and just be done with the records associated with that horrible episode? Or if your number was exposed in a breach and you feel nervous that it could be misused at some point in the future (and yes, it could), can you change your number as a precaution?
The answer is probably no. But there are circumstances (five, to be exact) in which you can qualify for a new number. They are:
- a continuing threat of abuse of your number;
- more than one person was assigned the same number (that is rare, but it has happened);
- there is a situation of harassment, abuse or a life in danger (as in some domestic violence situations);
- sequential numbers assigned to members of the same family are causing problems;
- religious or cultural objections to certain numbers or digits in the original number.
Even if you qualify, you might want to consider seriously the impact of taking this step. In many cases, employment information and medical records will be associated with your former Social Security number. So a new number can create some problems you may not have anticipated.
And if you are changing your number because you were a victim of domestic violence, you may also be changing your name. If that is the case, the Social Security Administration suggests changing your name first. Domestic abuse victims can also elect to have access to Social Security information blocked electronically.
No matter why you want to change your number, you’ll have to go in person to a Social Security office and document your reasons. If, for example, the number or digit sequence is the problem because of a religious objection, you’d need both documentation of the objection and evidence that you have an established relationship with the group that finds it offensive.
In the case of identity theft, just the fact that you have been a victim will not be enough; you would need evidence suggesting that despite your best efforts to put an end to it, the abuse of your number continues.
In any case, you will need documents to show proof of citizenship and immigration status. (Original documents are typically required.) You can get a head start on filling out the forms you’ll need and knowing which documents to bring here.
While it can be difficult to track all potential signs of misuse of your information, checking your credit reports regularly from each of the three major credit reporting agencies can help you catch some instances of fraud that can be committed in your name. Keep an eye out for unauthorized new accounts or collection items, and make sure all information on your reports is accurate and up to date. You can get your free annual credit reports mandated by federal law at AnnualCreditReport.com, and you can get your free credit report summary from Credit.com, which is updated monthly, to watch for changes.
More From Credit.com:
Coping with financial betrayal.
When a loved one uses your personal information to apply for credit, he or she has committed identity theft. After the initial shock of discovering this betrayal, you face difficult decisions. One is that if you report the person to law enforcement, you run the risk of damaging your relationship. But if you don’t, you may not be able to get out from under any debt created and it could take years for your credit to recover from any damage done.
To help with the decision process if this happens to you, the Nerds reached out to Bruce McClary, vice president of public relations and external affairs at the National Foundation for Credit Counseling.
Gather the facts
The first item of business, regardless of which direction you take, is to collect all the information that confirms what happened and points to a possible perpetrator. Start by ordering a free copy of your credit report from AnnualCreditReport.com to find the fraudulent account and see whether there are others.
Next, call the credit card issuer to tell it that you did not open the account. Ask the issuer to close the account and flag it as fraud. Request a copy of the signed cardholder agreements and any records of interactions the company has had with the person in question. If you choose to report the fraudulent activity to the authorities, McClary says it’s important to “confirm what took place and leave no room for doubt in the eyes of the law.”
Freeze your credit
Contact all three credit reporting bureaus and add a fraud alert to your credit report.
A fraud alert typically lasts 90 days initially, but you can renew it indefinitely. If you file a police report later, you can choose to request an extended fraud alert, which stays on your credit report for seven years. Once you have a fraud alert in place, creditors must call a phone number you provide to confirm your identity before extending any credit.
Nerd note: Because your loved one may know enough about you to pass a credit grantor’s identity quiz, the Nerds recommend using your cellphone or work number to ensure that the creditor reaches you.
Deal with your emotions
Deciding to confront your loved one about the identity theft may be the most difficult step in the process. You’ve been deceived by someone you trusted, so it’s a good idea to take some time to work through the shock. It’s also understandable that you might have second thoughts about filing a police report against the person. You’ll likely want to consider how outing him or her could affect your relationship as well as the individual’s relationship with others close to you.
When working through this dilemma, McClary urges you to “consider the fact that they acted without any regard for your rights or feelings when they committed the crime.” Although this doesn’t make it easier, it’s a reminder you are the victim and any consequences will remain on your credit report for up to seven years and might cost you when you apply for credit.
Seek a resolution
If you caught the fraudulent activity early enough and not much damage has been done to your credit, you may be able to resolve it personally with the loved one. Andy B., a 28-year-old insurance adjuster from Lincoln, Nebraska, was fortunate enough to deal with his case of familial identity theft this way.
While applying for a personal loan, Andy’s loan officer told him he had a high balance on a card that he knew nothing about. After some digging, he found out that his mother had opened up a credit card in his name 10 years previously. “I called her after I got off of the phone with the credit card company,” Andy says. “It was confusing, to say the least. I have a very positive relationship with my mother. … I knew she didn’t act maliciously and I definitely didn’t want to get her into any sort of legal trouble.”
After working things out with his mother and the credit card company, Andy is no longer liable for the debt and doesn’t think his mother will be prosecuted. He adds, “Do I think it was irresponsible? Yes. Do I forgive her? Absolutely.”
Andy acknowledges that he and his mother are fortunate to have worked this out, but he “can think of countless ways a family member can destroy a family member’s credit, not to mention their trust.”
Another alternative is to file a police report. Although this may not sound appealing because of how it could affect your relationship with the perpetrator as well as those around you, McClary believes that it’s necessary if you want to save your credit: “Notifying the police creates a record of enforcement that can be used to clear your name from the debt when that information is shared with the creditors.”
Put it in perspective
Regardless of which avenue you choose after your identity is stolen by someone close to you, your relationship may still suffer. The question you need to ask yourself is if you want to suffer the consequences of damaged credit, which could potentially make it difficult for you to obtain credit at favorable rates — if at all — for years to come. The decision is a personal one, but it’s important that you do what’s best for you and your financial future.
More From NerdWallet:
Thieves stole 100,000 past tax returns from the IRS, says the agency.
Criminals using stolen personal data accessed old tax returns of 100,000 people through the Internal Revenue Service’s website, the agency announced Tuesday.
Using Social Security numbers, birth dates, addresses and other information acquired outside the IRS website, probably from data breaches at other insitutions, the criminals were able to clear a multi-step authentication process and request tax returns and other filings through the IRS’s “Get Transcript” application. The criminals then used the information obtained from those forms to file fraudulent tax returns, the IRS said.
Though the agency has now shut down the “Get Transcript” application, it sent nearly $50 million in refunds to the scammers before detecting the breach.
Later this week, the IRS will begin sending out notification letters to each of the 200,000 taxpayers whose accounts the scammers attempted to access. About 50% of those attempts—some 100,000—were successful, and the IRS will offer free credit monitoring to those taxpayers. Either way, if you are notified by the IRS, there is more you can do to protect yourself.
1. Check In with the IRS
The IRS said it will be “marking taxpayer accounts on our core processing system to flag for potential identity theft to protect taxpayers going forward.” But anyone notified by the IRS—whether your data was successfully stolen or not—should call the IRS Identity Protection Specialized Unit at 800-908-4490 to check that the agency has indeed placed an alert on your account and that the system reflects that your information (and return) has been compromised. You may also want to contact your state revenue agency to be certain a state tax return wasn’t fraudulently filed for you as well. (For your state’s hotline, check out this list.)
Also report the theft to local police and have it documented. While local law enforcement is unlikely to investigate, many government agencies and credit bureaus require an official theft report to help you solve the fall-out.
2. Add Another Layer of Security
If you are a victim of id theft, the IRS should issue you a personal identification number that will provide you with another level of security. You’ll need to submit this PIN along with your Social Security number when you file any tax form going forward so that the IRS knows to carefully check over your account. As an identity theft victim, you’ll get a new PIN every year. If you don’t receive it, request one because this extra step could save you from dealing with fraudulent returns year after year.
3. Alert the Credit Bureaus
“If a thief had enough information about you to file a false tax return, he could have also opened new credit card accounts or taken out a loan in your name,” says CPA Troy Lewis, chairman of the American Institute of CPAs’ tax executive committee.
Set up free fraud alerts with the three major credit reporting bureaus, Equifax, Experian, and TransUnion. These alerts, which last 90 days but can be renewed, warn potential creditors or lenders that you are an identity theft victim and that they must verify your identity before issuing credit.
You can go a step further by placing a credit freeze on your files, which instructs the credit agencies to prevent new creditors from viewing your credit score and report. With a police report, it’s free; without one, it can cost as much $10, depending on your state.
A freeze will keep you from accessing instant credit, too. So if you need to apply for a loan, for example, you’ll need to give the agency permission to thaw your data, and in some cases you’ll pay a fee to lift the freeze, which can take a few days.
MONEY advises against paying for credit monitoring services, since you can do the same work yourself for free and the steps above are a better preventative measure. But if the IRS offers it to for free, you may want to sign up for the service.
4. Check Your Credit Report
You are entitled to a free copy of your credit report from each of the three agencies. Check them carefully for unauthorized activity. Look at your history as well as recent activity. Just because you were first alerted to the problem through a false tax return does not mean that’s where the ID theft started.
If you see errors in your report, such as wrong personal information, accounts you didn’t open, or debts you didn’t incur, dispute those errors with each credit agency and the fraud department of the businesses reporting that inaccurate information.
5. Be Patient
The IRS says a typical case of ID theft can take 180 days to resolve. And even after you’ve cleared up this year’s tax mess, tax and credit fraud can be a recurring problem.
When a thief files a false return and beats you to filing, the IRS flags your legit return and processes it manually, meaning your refund could be delayed for months. The IRS will always pay you your refund, regardless of whether it already paid it out to a fraudster. If your tax fraud case hasn’t been resolved and you’re experiencing financial difficulties because of the holdup with your refund, contact the taxpayer advocate service at 877-777-4778.