Friday, March 4, 2016

An Identity Theft Story (Part 1)




It was just another Saturday afternoon stroll to the mailbox. Or so I thought. As I shuffled through the usual junk mail, I noticed an envelope brandishing a rather serious font. It was addressed to a common misspelling of my name and when I opened it I found a collections letter from AT&T Wireless. According to the letter, I owed them over $5,100 and if I did not pay the balance I would be “referred to a third party collector” which could result in a “negative reference” on my credit report.

The correspondence was troubling on many levels, not the least of which was the fact that I don’t have AT&T wireless service and have become quite adept at spelling my own first name. I rushed inside, called the number on the letter, and was informed that just before Christmas I had walked into an AT&T store in an Atlanta suburb and taken possession of $5,000 worth of iPhone 6s Plus handsets on credit. After emphatically reassuring the representative that this scenario was rather unlikely, I was transferred to the Joshua in the fraud department.
Joshua informed me that he would put in a request to classify the account as fraudulent and would have a letter sent to the three credit reporting agencies to remove any negative credit references resulting from the activity. I spent the next several hours pulling my credit statements and filing a police report. It would appear that I had become the victim of what is known as “equipment gaming.” The entire idea is to open new wireless accounts under stolen identities in order to procure expensive wireless handsets under a deferred payment plan. There are variations on the logistics of these schemes, but a typical scenario might play out like this:

1.      Jimmy works at my current wireless carrier and has access to the credit files of customers. He peruses through them and makes note of ones with reasonably high beacon scores.

2.      Jimmy then distributes this customer information to Bobby who, either in-person or through a surrogate, walks into a wireless store and opens a new account under the assumed identity.

3.      Citing the transaction as a gift, they decline having the equipment opened and activated in the store so that it can be immediately resold. Because the credit score is sufficiently high, there are given the phones with no money down.

Eventually a bill gets to the mark and the ruse is up, but by this time the phones have already been unloaded and the identity dumped in favor of the next victim. Since they were never activated (at least within the United States) the carrier has no way to track them.

Skilled practitioners will utilize identities based in another state (to reduce the risk of immediate discovery and hinder a streamlined investigation) and patronize affiliate wireless stores as they tend to be slightly more lax than their carrier-owned counterparts when it comes to identity verification. The aforementioned scenario would also explain why the perpetrator never took the chance of attempting to open an account at my current wireless carrier or operated outside the confines of wireless service.

When the smoke cleared, my identity had been used to open three different accounts in Atlanta and the surrounding area over a two-week period. Over $11,000 worth of iPhones had been handed to someone claiming to be me by T-Mobile, Sprint, and AT&T. Under normal circumstances this would have been an unpleasant development, but my wife and I were in the middle of refinancing our home so I could not place a credit freeze on the account while I sorted it out. I then had to subject myself to a financial enema with the lender as we went line by line through my credit history so I could explain to them why I had an insatiable appetite for wireless service.

Over the next week I filled out forms, called credit reporting agencies, and received ridiculous answers to basic inquiries. I learned that the moment you claim fraud on an account, the representatives of the offending wireless carriers take a vow of silence (I imagine in an effort to limit further liability). After running into a wall with AT&T, I decided to call the actual store that had opened the fraudulent account to ascertain if they might remember someone traveling hundreds of miles to purchase five flagship iPhones and refusing to have them activated. I found myself conversing with manager Manny. The conversation went something like this:


Me - I have been the victim of identity theft and I was told that someone posing as me had come into your store on a specific date and opened this account.
Manny – Sir, it appears that our fraud department conducted an investigation and determined that the account you are referencing was not legitimate therefore I am unable to answer any of your questions.
Me I understand that but I am trying to determine if someone is running around with a forged government ID of me and if you remember anything about them it would be helpf……..
Manny – Sir, as I stated before, it appears that our fraud department conducted an investigation and determined that the account you are referencing was not legitimate therefore I am unable to answer any of your questions.
Me – First of all, their “investigation” consisted of me calling them and telling them that the account was fraudulent so let’s not pretend this is The Da Vinci Code. Secondly, I am simply asking if you happen to remember who took possession of these phones. Certainly someone taking possession of $5,000 of unopened phones issued with out of state numbers would have been unusual.
Manny – Sir, we are located in a very affluent part of Atlanta and this sort of thing happens all the time. We had a gentleman come in just the other day and take possession of two-dozen iPhones on credit to hand out to employees as a bonus.
(At this point in the conversation I was torn between reacting to the insinuation that my abject poverty would prevent me from understanding the bulk purchasing of electronics and the desire to find out where this generous customer worked so that I could fill out an application)
Me – Ok, well certainly it would be memorable if someone was able to recite their address, birthday, and social security number from memory but then be unable to correctly spell their first name. That had to stick out.
Manny – Not really, we have no way of knowing how someone spells their first name.
Me – Isn’t it on the credit file?
Manny – It just matches a last name and a social and we are given a green light or a red light.
Me – (somewhat incredulous) Well did his ID have it misspelled or was it correct!?
Manny – We don’t notate such information.
Me – Can you at least give me the driver’s license number he provided so I can see if it matches my own?
Manny – We don’t record any of that information to protect privacy.
Me – (teetering on the edge of sanity) Well, that is reassuring. It seems to have worked out well so far. Did you even check for ID?
Manny – That is our policy.
Me – That is not what I asked.
Manny – Sir, I understand that this is inconvenient for you…
It was at this point I contemplated driving down to the Georgia community that poverty forgot and leaving a flaming bag of feces on what I could only imagine was the cobblestone walkway in front of Manny’s store. We continued on in this vein and Manny refused to even tell me if they had cameras insisting that he “could not compromise the security infrastructure of his store.” I thought that this seemed a little disingenuous considering that he was located in an open-air strip-mall and he shared a wall with Pizza Hut, but I felt it was best that I end the conversation before things digressed further.


It turns out that this was only the beginning of a long journey of corporate obfuscation, one that I was allowed to take thanks to provision 609(e) of the Fair Credit Reporting Act. The provision allows identity theft victims (without a subpoena) to request (with proper paperwork and ID) any and all information regarding the fraudulent transactions including invoices, credit applications, and account statements. It sounded great in theory…….

No comments:

Post a Comment