“I would receive several phone calls every week from collection agencies trying to get me to pay charges on the various (bogus) cards. In some cases it bordered on flat-out harassment.” This nightmare was lived by Michael Collins, an identity theft victim whose information was stolen during the Target data breach in late 2013. He had used a bank-issued Visa card to make purchases at a store near his home.
Collins wasn’t careless with his information — quite the opposite. He has worked in law enforcement in the San Francisco Bay Area for more than 25 years. He’s even investigated cases like his own so he took numerous precautions. Unfortunately, he ended up a victim anyway.
Collins had fallen prey to identity theft in the past and believes that contributed to his latest troubles. “Once someone has fallen victim for the first time, the likelihood of them being victimized again increases exponentially over someone who's never experienced it before. I'm told this is because prior victims' info is now out there in cyberspace and freely available.”
One of the precautions Collins took was signing up for the Credit Protection service from Wells Fargo, which is administered through Trilegiant. Wells Fargo sent him an email stating that several attempts had been made to access his account. When Collins called a number provided in the email, “I learned that on December 19th and 20th over two dozen credit accounts had been applied for — many successfully — at a variety of large-scale retailers.”
Collins took immediate steps to halt the fraud, but the damage was already done. It took him dozens of hours of his own time over the course of about two months to unravel the mess.
The first thing the credit protection specialist had him do was contact one of the big three credit reporting agencies to activate a fraud alert. Check. Next he was told to contact each of the agencies— TransUnion, Experian and Equifax — and place a freeze on his credit. Check. That was the easy part.
“I then needed to notify each and every creditor and, in some cases, get a case number for their investigation. The good news is that most retailers don’t usually carry their own credit but, rather, contract out with other companies, such as GMC Credit or similar, to do the marketing, administration work and collection on accounts… in these cases I was lucky a few times and found one company that handled two or even three of the retailers with whom fraudulent accounts had been opened in my name, so occasionally I got a ‘three-fer.’
“For every incident of ID theft the retailers needed a copy of my original police report (which listed ALL the retailers affected), along with an affidavit attesting to the fact I had not opened or attempted to open an account with them.”
It took Collins until mid- to late-January to get all of the paperwork settled. New credit cards with run-up balances kept arriving in the mail, starting the whole process over again. By the time he got everything moving in the direction of a resolution, the harassing phone calls from collection agencies had started. He “offered these callers my frustration and pointed thoughts on the matter.”
Once the card issuers received his paperwork it took anywhere from three to six weeks for them to absolve him of responsibility.
Following the breach Target offered free credit/ID theft protection monitoring. Collins declined to take advantage of the offer because he was happy with Wells Fargo — it had alerted him to the fraud in the first place. He considers himself lucky to be out only $100 for copying and mailing costs.
Nearly a year after the breach, Collins continues to be wary. He now uses only cash at Target. He has closed all retailer credit cards, using only Visa cards in stores. He has one major credit card with a low limit that is used exclusively online. And the fraud alerts and credit freezes are still in place.
Reflecting on his experience in law enforcement, Collins adds, “I've investigated and reviewed numerous cases much like my own, but unfortunately the probability of successfully solving these crimes is pretty much slim to none.
“I've been a victim of ID theft a half dozen separate times now, but had been fraud-free for about seven years until this last one in December. Interesting is that the seven year fraud alert I had placed after my previous fraud had unbeknownst to me expired in late November... the three credit agencies (Experian et al) don't notify people of this, so it's up to each person to set up a reminder for seven years later!”
So if you’ve placed a fraud alert on your file, make a note to renew it after seven years. As Collins observed, your information is in cyberspace so you’re more likely to be victimized again in the future.