Beware Address Fraud

Identity thieves can take over your accounts, just by swapping their address for yours with your financial institutions. Banknet360 elucidates how this works:

There are two types of fraud tied to an address. One involves a fraudster obtaining all your personal information, then calling your lender to inform them that you moved and asking for a new card to be sent to the new address. This is known as account takeover, which is virtually undetected in financial institutions. The other form involves a fraudster using your information to open a whole new account or credit line, using an address that’s not yours.

Starting in 2008, the Fair Credit Reporting Act (FACTA) will require lenders to check against address discrepancies before issuing a new line of credit. Until then, and even after, monitor your credit report for any strange addresses cropping up. It could be the first sign of potential identity theft. — BEN POPKEN

FACT Act Revision Will Require Banks to Watch for Address Fraud [Banknet360 via Alabama Consumer Law Blog]

Comments

Edit Your Comment

  1. Sathallrin says:

    Some credit card companies allow you to supply an email address that will receive an email whenever any change to your account takes place. Settings this up would be a quick way to detect if this is happening to you.

  2. Juliekins says:

    @Sathallrin: That very feature completely saved my ass when my Chase credit card got compromised. There are things that annoy me about Chase, but if I hadn’t had that set up I would have been in a world of hurt.

    Some credit card companies even do text messaging and/or phone calls for alerts like that. It’s the least they can do, really.

  3. Kos says:

    @Sathallrin:

    Not only that, but most financial institutions send any change of address to both the new and old address. Might not be helpful if your mailbox is already compromised.

  4. tcp100 says:

    This is exactly what happened to me. Be warned, and take this as a cautionary tale!

    In April of 2003 I moved from one county to the next over, and likewise changed my mailing address. Three days later, I noticed some strange charges on my credit card.

    Apparently, the very day after I changed my address, someone else changed my address AGAIN from Fairfax County, VA to an abandoned tenement (verified by the police) in Harlem, NYC. Within those 48 hours, someone managed to order 5 IBM laptops and $1500 worth of cigars (???!) and have them sent overnight to NYC.

    I immediately got aggressive with Citibank, because I have trouble seeing how this could not be an inside job. Citibank was the only address change I had made at the time, and that was too coincidental. I figured the ID thief was betting on the business of my move and my legitimate address change to mask his actions for a good month or so. Luckily, I’m extremely anal-retentive and check my activity several times a week.

    Citibank never admitted fault, but did say they passed the issue on to their “internal investigations”. Regardless, you’d think that changing a customer’s address twice within 48 hours to completely different states would be a red flag? I guess not.

    Of course everything got resolved through the normal close account / dispute charges / sign affadavit BS, but the most difficult part was getting the fraudulent address off of my credit report.

    I also did get a police report – to protect me from further incidents (since Citibank insisted that in order to do what happened, someone needed to know my mother’s maiden name, my SSN, and my DOB.. If someone had that info, not good.) .. getting a police report from the local police was VERY difficult. Unless you’re talking $100,000, they really don’t want to bother in major metro areas.

  5. Dabo says:

    Very true. Having email notifications of any account changes are a great safety feature. But that adds another “vector” that ID Thieves can use, namely your email login. So for example, if you have keylogger spyware on your computer or your username/password is compromised, you could potentially lose access to your email and all the accounts that are tied to it!