Monday's blog post discussed the findings of the Annual Survey by the ITRC of identity fraud victims' perspectives. The report included a section about victims who were unable to clear their records of the damage done by identity thieves and fraud:
"Many [victims] reported that the factors complicating their ability to clear negative records involved issues beyond their control, such as: inability to get a police report, credit accounts being reposted on credit reports, fraud alerts are being ignored, and the inability to prove innocence even with a police report. These factors may indicate system failures by various entities involved in resolving the victim’s case. Other situations appeared to be more consumer/victim related such as: I gave up (too many hours), don’t know how to clear my report, and family related issues."
In the survey, about 23% of respondents, who were unable to clear their records, reported that "My imposter is still active - fraud alerts are being ignored." On page 20 of the report, the ITRC's Julie Ferguson concluded:
"The failure of fraud alerts is a three-pronged problem. We have seen that when a consumer sets a fraud alert with one bureau, it does not always propagate to the other two bureaus 40% of the time. The second problem is that not all creditors place phone calls to consumers but use challenge questions at the point of sale. Unfortunately, the thief might know that information and when consumers do not receive a phone call they may perceive the alert is ignored. I also believe a fundamental problem is not being addressed, the fact that businesses write off the losses instead of prosecuting the suspect, which allows the criminals to continue to use the stolen information even after the consumer has cleaned it up. There ramifications for an identity thief are minimal and the odds of getting caught, arrested and prosecuted, I liken to winning the lottery or being struck by lightening.”
I agree with Ferguson. There definitely are several problems at work here.
First, the Fraud Alert tool always seemed weak to me, because potential lenders could easily ignore it. One could argue that this is an ethical problem among potential lenders. I often wondered if the Fraud Alert tool was simply a method for credit reporting agencies to claim that they offer consumers some protection, while still being able to sell as many credit reports as possible.
Second, as a victim of IBM's data breach, I have always wanted the strongest protection available for my sensitive personal and financial information. I first tried the Fraud Alert tool after IBM notified me its data breach, and later renewed my Fraud Alert on my own. When I compared the Fraud Alert tool to the Security Freeze tool, the Fraud Alert tool seemed weak. Ultimately, I added a Security Freeze to my credit reports since IBM never recovered its lost/stolen data tapes and my sensitive personal data is still out there exposed to criminals.
Third, I have written repeatedly about how the Security Freeze tool is not available nationwide for C.L.U.E. insurance reports. And, most consumers I have talked with are unaware of the regional and second-tier credit reporting agencies like Innovis. To me, these are gaps in the financial system that allow criminals to operate more easily than otherwise.