During the first part of March some joker got himself an ID with my name, social, and house address. And he got my BECU account number. And he got himself some store cards at Penny’s, Wal-Mart, Sears, Citi Mastercard, and Kohl’s. And he got himself 10 to 15 grand.
And, he got his picture taken.
Apparently, he stopped just about the time I was doing taxes, hit www.becu.org, and found an unexpected bank account history.
The bottom line isn’t too bad (for me, anyway) so far. The various places are all on the ball. BECU (“Amy” is the person there) has already straightened out the accounts. The other guys, it turns out, are only 3 places: Kohl’s (“Kevin” is the guy there), GEMB, and Citibank. It turns out that store cards are handled by places like Citi and GEMB.
So, how’s the “customer experience” so far? I mean, what’s the out-of-box?
I found out about BECU on a weekend. Their site makes it almost impossible to report problems. On Sunday night, I finally found a phone number for an ATM handling company. And, I got through to them. They suggested I call the credit union on Monday.
I did.
Got Amy. She moved things along nicely, closing the accounts and firing up new ones. Told me to file a report with the police and to put a “fraud alert” on my credit history through the 3 credit history outfits. That seemed a little excessive, but a trip to the post office indicated that maybe it was a good suggestion.
The post office had the usual stack of junk mail, credit card offers, etc. I’d even ripped open and tossed one “offer” that had a card in it, ostensibly ready to 800 authorize, when I got an uneasy feeling about it. The unease grew as I found JC Pennys (for which I had a card back in the ’80s) was billing me. And Sears. And Kohl’s. OK. So, that was interesting.
Cross the highway to the sheriff’s office. They gave me the non-911 number to call. (206) 296-3311. I called, later. Told the guy the info and got a case number, 07-092261. Could practically hear the quill pen scratching the paper. That was the first weird thing in all this. We get so used to living in a world where, if you go to Jiffy Lube in Utah, you are not surprised when they have your car’s Jiffy Lube history right there, on-screen, from Washington state visits past. But, apparently, ID theft case information is hand written at the King County sheriff’s. Maybe not. But it sure seemed that way. When I called ’em back after getting all the store-card stuff, the guy did not seem to have any information about the case. It sounded like he was jotting down stuff on a piece of paper which, we presume, will somehow get assembled in some kind of manilla folder or something somewhere. I can’t see and add to the info on line. They actually mailed me a thing to fill out for “any additional information”.
Second oddity: The bad guy is known. And, he’s on camera. The way I hear it, he’s done this sort of thing before. Long, long ago I read something that asserted that bank robbers were the dumbest of crooks. This case, perhaps, supports that contention. Unless you consider that this isn’t the first time for this guy. Hey, you gotta go with what works!
Where is he? Good question. Since he only stole 10 or 15 grand, who cares, eh? We live in this world where extremely law abiding citizens get pathologically paranoid that “the government” is watching them (unless they feel that their kindred political spirits seem to be in control of “the government”) and will soon be tossing them in concentration camps (or gulags, depending upon their political bent). Know all. See all. “They” are watching us. But, it looks like “they” can’t find a bottom feeeding crook. “They” must be too busy smashing through dangerous, Volvo driving, English Lit professors’ doors at 3AM.
Back to the phone. Kohl’s was first in line. They shut down the card, which was maxed out. They mailed out a thing for me to sign.
I hit the ftc.gov site. They had a long form to fill out. If you should feel the urge, don’t bother. After you’ve waded through it, you’ll find that it gives you the option to print it out. That’s it. Gosh, you’ve just entered all of your personal information to their server, a gold mine for any id theft crook, and you get a print-out, if your printer has ink.
Which brings up an interesting point. All of these security guys want, for good reason, your information: birth date, legal name, real mailing address, cell phone number, social security number, etc. etc. Heck, I found myself leary about telling ’em the PO box number. They had the house number, which the bad guy had. But, where did the bad guy get his info. At this point, I still thought that he must have either social-engineered a teller or the teller was too good a friend. (Later, Amy said that the teller could not have found the account numbers. Not a BECU branch.) Anyway, it was odd that I felt uneasy about telling these guys all this information. Sure they work in security, every one. And I have some picture of the kinds of people they are (Imani worked in banks in that area for a number of years.). But. Remember that I’m a guy who has fought many times since the ’70s to not give out his social.
Somewhere in all this, I hit the web to try to do the “fraud alert” with the credit places. Equifax and Experian had unworkable web sites. Transunion was good. I reported at Transunion. The three share information so you only need to hit one of ’em to get the job done.
Off to one of the others, which got me to Citi. I got the feeling I was talking to a person in a large workgroup. With experience. “Judy” told me about GEMB and the credit places. She pinged GEMB. We went 3-party with Transunion to get the fraud alert extended.
The bit about extending the credit alert was interesting. You can get a “credit alert” put on your credit history. That means that during the next 90 days if one of the card places looks at your credit to open a new card, they’ll know to get in touch with you by means other than how you’re asking them for a card. “Extending” the alert changes that 90 days to 7 years. It’s pretty easy to visualize everyones credit history having extended alerts before too long. Hassle for you. Yet another cost of crime.
So, “Judy” accessed credit history and found the Wal-Mart card. Wal-Mart’s stuff hadn’t hit the mail yet.
That seemed to cover things.
I drove off to Death Valley.
Came back to find a gob of mail from the various places. Affidavits. Etc. Spent a day filling ’em out. For a normal person, it would have been a few minutes, but, well, someday, some medical research will find yet another crippling disablity: unable-to-fill-out-forms-osis.
The oddest of the mailings was, I kid you not, a large packet from Citi. It looked like one of these things that HR departments put out. Lots of glossy, heavy stock. Sure signs that the company is fat and has lost focus. But, I guess that sort of thing comes with “professionalism”. Must make those who put it out feel good about themselves. If you ever feel the need to put such stuff out yourself, just remember that Criagslist is more successful than you are.
The 3 credit history places had sent stuff, of course. All boiler plate about how I can get a free credit report. After a little thought, I said, “Why not?”. Hit the Equifax web site. After some wading through, they wanted 10 or 15 bucks. Hmmm. Was gonna hit Experian when I found that Transunion had already sent the info.
Out-of-box score:
Plus:
- Amy at BECU
- Judy at Citi
- Transunion
Minus:
- Bad guy
- System that let him walk
- BECU webmaster
- King County sheriff
- Equifax
- FTC
Techie thought: Years ago, I considered writing a system that would make it easy for, say, a bank, to send an IM or SMS when something happens on an account (e.g. web login, withdrawal, etc.). Turns out, someone built what appears to be such a system. Another story, that. But, gosh the bank web sites are bad. Making such a web site is, in fact, not easy. So, they have an excuse. But if these guys don’t have a long, long TODO list, something is very, very wrong in El Banko del IT.
Anyway, if you’re an account person reading this, I was not born on January 1st, 1970. That’s the other guy. The guy who, we can only hope, just swung his third strike.