Businesses Facilitating 'Identity Theft'

[godwulf]

Hey, folks! I haven't been here in awhile, but thought this would be a good place to get something off my chest and maybe get some feedback.

Three or four years ago, I got a call from Sprint, asking when I was going to be paying the nearly $300 I owed them. As I didn't even own a cellphone at the time, this was news to me. Turns out someone else opened an account in my name, etc. At first they seemed sympathetic, but a couple of weeks later I got a call from their "Investigations" (read "Collections") Department, advising me that I had a number of options to pursue, but that they all began with "Pay the bill..."

When I objected that it wasn't my bill or my account, they attempted to make me feel in some way culpable or guilty because I "failed to safeguard" my social security number and birthdate. I told the guy that I could follow him around for a day and have his SS# and birthdate by the end of it. This information is literally everywhere.

After I finally contacted the Regional Customer Service Director, I thought I'd gotten them to back off permanently - but a couple of weeks ago, I got a letter from a collection agency about the money, so it looks like the problem is ongoing.

Here is my thinking about this: businesses and companies like Sprint are forever attempting to make it easier and more convenient for people to open accounts with them and start giving them money - but in their attempts to gain a bigger and bigger share of the market dollar, they've forsaken security and common sense. They permit anybody who knows somebody else's SS# and birthdate to open an account - with zero verification of any kind. And then - when they, inevitably, get ripped off - they expect someone who had no hand in establishing the account to pay the bill. They want to make us believe that we are the victims...when in fact, they are the victims. They want us to file police reports, take the criminals to civil court, etc., when that should be their responsibility.

Our "identities" are not being stolen, in most cases - they're being given away.

The companies who do this also hire "Identity Theft Experts" to go around trying to get consumers to confuse situations where someone has directly accessed your bank account or established credit, with cases where a third party has impersonated you, and the negligence and greed of the business owners have facilitated their doing so.

[xoxoxoBruce]

Sprint opened an account in your name then gave the phone(account) to someone else. Therefore Sprint stole your identity. Sue Sprint, press charges, don't let them get away with it. File a police report and file suit in small claims court for $1,000.

[tw]

Quote:

Originally Posted by xoxoxoBruce

Sprint opened an account in your name then gave the phone(account) to someone else. Therefore Sprint stole your identity. Sue Sprint, ...

I started this thread in 2000. Identified are two necessary functions. However, even in The Cellar, the overall concenus was that this is really not a serious problem.

One, we use driver's licenses for a function they were not intended. To identify yourself. Therefore even the 11 September attackers were using counterfeit NJ licenses to get onto planes.

Two, we use Social Security numbers, again, for a function they were not intended - identity. Again, we have no system so that you can even prove who your are. A system that empowers the little guy at the expense of a big system now intended only to protect the big system.

Third, even the lady who was then in charge of Passports got on Nightline (maybe 1999) crying out the absolute need for protection from this crime. She was talking to an American who would not hear facts because too many will only respond emotionally - after they have personally suffered from the crime.

A US Passport being a most desireable target for counterfeiting. A task so easily accomplished that the Clinton administration was part of the raid on a gigantic al Qaeda document counterfeiting operation in Albania. The counterfeit passports were said to be so good as to be undetectable.

Four, we return to two functions identified in that earlier discussion. You must have a means so that you can prove who you are AND the same system must also make it possible for you to discover that others have stolen your identity. Both functions are under your control. Screw those who decry it cannot be done; therefore it will not be done. That is the neanderthal thinking that always creates failure.

I expect a majority here to still be opposed to such needs using various reasons such as, "It cannot be done", or "Government will use it to screw us." How many people need we screw before even the neanderthals admit a solution is required.

An unavoidable problem with this solution is that it requires a central database. This function cannot be accomplished with many independent, private databases. If done using separate databases, then a potential victim cannot verify his identity is secure. It is essential that every America be provided with (not required) to have a system so that he can prove who he is AND can verify his identity has not been compromised.

How many godwulfs need occur before we, the people, stop being our own worst enemy - and admit we must innovate. An 'identification and verfication' system has become necessary and inevitable. Simply a question of how many neanderthal victims happen before logic overrides our misplaced emotional fears. Every American should have the right to both identify himself AND to protect his own identity. No such system exists or is even being proposed. That would require innovative thinking in a government who is too busy planning unilateral attacks on Iran and North Korea.

[Cyber Wolf]

Part of the problem is, it's hard to unfalliably identify someone on paper alone. Much of the identification is removed from the actual person. Even a photograph isn't entirely conclusive, what with hair dye, colored contacts, make up and dental adjustments, all generally affordable to whomever wants, and clothes can easily hide just how fat or skinny someone really is. Just about all business that deals with the possibility of identity theft is done on paper and removed from the actual physical person.

To come up with a (nearly) infalliable identification network, there needs to be something from the physical body of the person with This SSN, since SSNs are still unique to each person, that can not be replicated by people who would want to do it. DNA comes to mind. It's pretty well established that the likelihood of two unrelated people having the exact same DNA comes up to odds that equal less than one for every person on the planet. As far as America and her SSN system is concerned, DNA samples would need to be taken and stored along with the issuance of an SSN number to a person, upon birth, upon naturalization (or whatever the step is called when immigrants offically become US citizens and get their own SSN card)...

Leaving all privacy issues aside, the biggest kink in this would be ease of proving who you are to someone or trying to get proof. Let's use Sprint as the example: Sprint would need an offical validation of someone being who they say they are before opening an account. That would require either Sprint, a third party or the customer to go somewhere to submit a strand of hair to be tested and compared with what's recorded with his SSN. That's a lot of extra time and extra steps just to get a cell phone. It's just easier, faster and less of a headache for everyone involved to just rely on offical documents, detatched as they are. And as we all know, with speed comes the increased chances of mistakes being made.

The idea is that to get an official document you need to convince the government you are who you are and how easily convinced the government is sometimes relies on how good/bad a day the civil servant processing your paperwork has had. They're human, things get overlooked, stuff slips through. It's a matter of getting the most work done in the least amount of time. Paperwork allows for that. For a driver's license, for example, it's almost all done via paperwork (and renewals can be done online because the DMV assumes all your information still pertains to the same physical person) and the only point that could really blow your cover is showing up for the photo, but how would they know you're really you? All they know is what's on the paper and paper has a bad habit of lying and telling stories.

[xoxoxoBruce]

We're not talking a National Security Clearance here, folks. These companys do this shit over the phone. They don't even try to verify identity, because they might lose a customer by making it the least bit inconvenient. THEY DON'T CARE.

[tw]

Quote:

Originally Posted by xoxoxoBruce

We're not talking a National Security Clearance here, folks.

We should be discussing a simple system where they (Sprint) are provided a unique code to confirm against a standard data base. Code that changes with each use AND a data base that flags a warning when someone unauthorized accesses the data base. Your key to this system would be something equivalent to a smart card. Nothing complex since even smart cards have been ubiquitous for over ten years most everywhere in the western world except the US.

Now burden of proof lies entirely with Sprint. Without you proving who you say you are, then Sprint has no alternative but to swallow all expenses. Your credit rating cannot be touched because the person who said it was you did not prove it.

Again, this requires a central database that confirms you are who you say you are AND that lets you know if someone is counterfeiting your identity.

Paper for identificaton? Kidding -right? Paper is so easily counterfeit that even al Qaeda was doing it in Albania, of all places. Paper without advanced (electronic) coding is all but useless as proof of identity in a world where every college kid now routinely gets counterfeit driver's licenses.

[jane_says]

After my recent driver's license fiasco, I was shocked at how easily it would have been for anyone to get a license in my name in Virginia. I had my dad pick up a copy of my birth certificate at the county courthouse, which required only a signature, no I.D. My husband picked up a copy of our marriage certificate from the other courthouse, no I.D. required. I took both documents to the DMV and they snapped a new photo (I even gave them a different address than I had last time, and they didn't bat an eye). I figured I'd have to show up 50 times with different documentation, but nope. It was easy.

[godwulf]

Quote:

Originally Posted by Cyber Wolf

Let's use Sprint as the example: Sprint would need an offical validation of someone being who they say they are before opening an account. That would require either Sprint, a third party or the customer to go somewhere to submit a strand of hair to be tested and compared with what's recorded with his SSN. That's a lot of extra time and extra steps just to get a cell phone. It's just easier, faster and less of a headache for everyone involved to just rely on offical documents, detatched as they are.

Funny how when Sprint needed to contact me to collect "my" bill, they were apparently able to do so without a great deal of trouble. I doubt very much that the person masquerading as me provided Sprint with my home telephone number - yet that's where they called me. Granted, not everyone applying for a cellphone account is going to have a home phone number to call for verification before the account is established, but at least in my case, why didn't Sprint call and check it out? As someone else wrote in this thread, they don't care. They're thinking about all the legitimate, paying business they gain by making it all so easy and convenient for the new customer, and if they get ripped off...well, they can always intimidate a certain percentage of people into paying a bill they didn't run up, and simply raise their rates and charges to make up for the rest.

Honestly, I'm not sure that there's more than the most tenuous connection between this "identity giveaway" problem and the whole national security issue brought up by another poster. The latter is a complex can of worms that I'm not prepared to address. All that I'm saying is that the companies who pull this kind of crap need to be reigned in - either voluntarily, or at the direction of some governmental authority - so if they choose to give away people's identity and grant somebody credit on the basis of information that a kindergardner could track down, they would be prohibited from harassing people or reporting bad credit when they get ripped off.

[dar512]

Hmm. That's interesting. I had a very similar experience with Ameritech. Someone had used my social security number to get a cell phone. Ameritech wanted me to pay.

In my case, I told them I was not going to pay and could prove that I was living elsewhere at the time the account was created. I also told them I was going to bring in a lawyer. At which point they started speaking in a much more conciliatory fashion. I went to the police department in the area the phony address was given to file a complaint.

However, it still required a lot more phone calls to get every department of the phone company to agree that I was not liable.

I also called all the big three credit reporting agencies to require that I be personally present to open new accounts. I haven't had any problems since then.

[lookout123]

Quote:

Originally Posted by godwulf

Funny how when Sprint needed to contact me to collect "my" bill, they were apparently able to do so without a great deal of trouble. I doubt very much that the person masquerading as me provided Sprint with my home telephone number - yet that's where they called me.

give me your first and last name, (i already know what metropolitan area you live in) and i can give you your home phone number, you address, how much you paid for your house, if married, your spouse's name and some other fun little trivia in less than 10 minutes. and i'm not even a computer type - this is all in public record. if i have your social i can pull a courtesy copy of your CBR and know everyone you have had an account with in the last 10 years and then start opening dept store cards using your own accts as verification of ID.

isn't the technology age a bitch?

my advice though is to pull your tri-bureau from MYFICO.com and check your credit history. sprint generally only reports to one of the 3 agencies, but they rotate. if they went through the trouble of hitting your credit history with this, you can dispute it right online and generally it will go away. if it doesn't sprint has offices with a lot of muckety-mucks at just north of Central and Thomas.

[tw]

Quote:

Originally Posted by lookout123

isn't the technology age a bitch?

my advice though is to pull your tri-bureau from MYFICO.com and check your credit history.

So what do you think would solve this problem? Or is it really a problem?

[xoxoxoBruce]

Quote:

So what do you think would solve this problem? Or is it really a problem?

It's a huge problem, so are traffic accidents. We treat both the same way, take minimal precautions and keep rooted in the belief it won't happen to me.

[Cyber Wolf]

Catch 22: On one hand, all of that information is available to anyone who has the right info, which is more or less easy to get a hold of. On the other, if you take extraordinary steps to keep your life secret or hidden, people think you're up to something.

[lookout123]

Quote:

Originally Posted by tw

So what do you think would solve this problem? Or is it really a problem?

sure its a problem, but what are you going to do. laws merely keep honest people on the straight and narrow and give a blueprint for disobedience to the criminal minded.

[godwulf]

I checked out myfico.com, and it's one of those companies that will provide you with your credit reports at a price; actually, my wife got hers the other day from freecreditreport.com, and I don't think it cost her anything - you just have to cancel the service you sign up with to get the free report within a month, or something like that.

Anyway, I did a google search on "credit reports" and "federal law" and came across a site called bankrate.com that looks very interesting and informative. They list the mailing address and fraud reporting phone number of each of the big three credit reporting agencies - Equifax, Experian (formerly TRW) and TransUnion. I know that it's a federal law that they have to give you a free copy of your report if you report a case of credit fraud to them, so I'm going to call each one of them today and find out what they need in order to do just that.