Tag: CIFAS

Adventures with Identity Theft – Prevention, and what to do if the worst happens

Click here for the last part of the story that prompted this post.

So, if you’re wondering why I’m posting details about Identity Theft, I’d suggest reading my prior posts on my own experience with having my identity stolen.

So, in terms of prevention – what can you do? please bear in mind that this information is intended for a UK audience – I have no idea how these things work in different countries.

Surprisingly, not as much as you’d think. The person who stole my identity had key pieces of information – my full name, date of birth, place of birth, full address and my bank account number and sort code. As to how they got these? Either some hackery went on somewhere, or someone who knows me very well attempted to rip me off. The level of information they had in terms of security questions points towards someone who knows me, or has access to someone who knows me. But, I guess I will never know the truth!

Still, you can be somewhat proactive.

  • Check your credit report regularly. You can get a statuary credit report for free. This will show you any searches done against your credit. There are even mobile apps these days that will let you know when your credit report has changed! Here are the relevant links:
  • Experian will allow you to add a password to your credit file, adding an extra layer of security to jump through if you ever apply for any type of credit. You will have to sign up for your free credit report through them directly.
  • Shred all documents that contain personal information before disposing of them.
  • Don’t share personal information online. Keep your accounts (facebook, etc) private where possible.
  • Be careful with any online account – set up two factor authentication, use different passwords, etc. Be aware that someone getting access to these can get all kinds of personal information just by looking at what details you filled your accounts with.
  • Treat the answers to security questions as passwords – never set up an easy to find answer!
  • Don’t keep all your eggs in one basket – I know this may not be feasible for everyone, but if you can have a ‘parachute’ account or credit card with another financial entity than your main bank, you will still have access to some funds if they opt to freeze your account for an investigation. In this case, having my credit card really helped me to continue with my every day life.

With that said, bear in mind that I did/do all the above (bar the password on my credit file), and I was still done (although the security question bullet did prevent the fraudster actually accessing their ill-gotten gains). Sometimes, even doing all you can is not enough.

If you have been done:

  • Sign up with CIFAS for protective registration.
  • Check with Royal Mail that your mail has not been redirected.
  • Get in touch with the above mentioned credit agencies, and flag anything that you don’t recognise.
  • Get in touch with Action Fraud UK, if only to get a crime reference number for something they claim is not actually a crime.
  • Change all your passwords to all the things.
  • Change any information that was compromised, if you can.
  • Check all the above mentioned sites for victim resources, should anything new pop up in the future.

And well, I guess that’s all you can really do. Bear in mind that the process is not as smooth for the victim as it really should be. You will be looked at as if you compromised the information yourself by some agencies. Until you prove your identity, you will sometimes feel like you’re being treated like a criminal. Faceless entities like an Account Review team will hold god like power over your finances, and there will be nothing you can do about it.

So, do what you can to protect your information. Check everything regularly – and stay safe out there!

Adventures with Identity Theft – At the Bank!

Click here for part 1.

So, in the first part of this cautionary tale, I had found out that someone had applied for a loan in my name and had it deposited in my bank account. I was on holiday, right at the beginning of a bank holiday weekend.

I’d been in touch with HSBC, who told me that they could tell me nothing – I had to go to a branch in person with some identification as soon as possible.

We start off the day with me having very little sleep, and waiting for it to be time for the local bank to open. Since it was the ‘go home’ day of the holiday, I was able to keep busy with packing up things. When the time arrived, the Bloke kindly drive me to the local town so I could sort out things at the bank.

Since we got there at the opening time, I was able to be immediately seen. I had to go through all my security questions (as expected), show my ID (my driving license is always with me), and then discuss what had happened.

The day before (the day I had noticed the £10,000), someone had phoned the bank, and attempted to move the £10,000 away somewhere. The bank wouldn’t tell me where though.

Now at this point, the main thing going through my head is – either this person did their homework to feel confident enough to get into my telephone banking, or, more worryingly – it was someone close to me. When I consider that the only people who have ever been given my actual bank details are close family, companies with whom I am setting up a direct debit, or employers, I still feel incredibly uneasy about this.

It’s also important to note that I am a rather paranoid person – I don’t think security questions in their ‘honest’ form are secure at all. Some information is easily found about a person, after all. And if it’s someone who knows you … well. As a result, all of my life, I have always used fake answers to my security questions. Think in answer to ‘What is your favourite colour’, and instead of ‘Yellow’, the answer is ‘Banana’.

It was this paranoia that stopped the impersonator getting that £10,000. They failed on the security questions part. They had all the other information correct. The HSBC security protocols did their job, and they shut down phone access to my account – hence why I had to turn up in person. In my head, I was singing HSBC’s praises!

While I was in the branch, I got the security on my account updated – things like updating all the answers to my security questions just in case, setting up my voice as my password, and correcting all out of date information for their records. I was also reassured that HSBC would get the £10,000 sent back to Hitachi using their internal processes. Fabulous!

I was in the branch for over an hour. With this all accomplished, I was ready to go home (hopefully before 5pm, in the hope that some places would still be manning their phones on a Saturday). I was very eager to shut down as much of the fraud as possible, and get everything resolved.

As luck would have it though, I only got home in time to make a phone call to Experian after checking through my updated credit report from there.

There were a number of ‘soft’ credit searches (which don’t impact credit score), and a hard one for Hitachi Capital Finance. The nice gentleman at Experian was surprised I had already been in touch with Hitachi, and also recommended I sign up for CIFAS – https://www.cifas.org.uk/. He let me know that he would start the leg work to get the bad stuff removed from my credit file. In addition, he let me know that I can set up a password on my credit file itself. Awesome!

All that was left to do at this point was to get in touch with the Police to report the problem. I was advised that I should do this online through https://www.actionfraud.police.uk/. So, I reported the whole thing, and then sat back to wait. By this point, it was after 5pm on a Saturday, and all the other things I had left to do wouldn’t be possible until Tuesday, as everywhere would be closed for the next 2 days for the bank holiday weekend.

I was feeling slightly better at this point, as I felt that things were beginning to get tidied up. I let work know that I wouldn’t be able to come in on the Tuesday, as I knew I’d be spending a lot of time on the phone trying to resolve things.

Of course, the story doesn’t end there. The next part of this story was particularly rage inducing for me. In fact, it still is. But we’ll get to that in the next post.

Adventures with Identity Theft – I was done!

Last year, I had my identity stolen. I figured I would share the story about it here, with the aim of possibly helping out anyone else who finds themselves in a similar situation. It’s somewhat lengthy, so I’ll break it out into a few posts.

I was on holiday with the bloke and his family when it happened. Me being me, I was checking my online banking in the lull between doing holiday things, and found something somewhat worrying – I had an additional £10,000 in my bank account. It had been deposited the day before. To add to this fun, this was on a Friday before a bank holiday weekend. I wouldn’t be home until Saturday evening.

Now, normally, an additional surprise £10,000 would be something to celebrate, right? Not in this case. I knew that I wasn’t expecting such a windfall, no one in my immediate circle would be sending me that kind of cash, and I certainly hadn’t applied for anything that would give me that kind of cash.

I dug a bit deeper into my online banking, and found that a direct debit was set up to Hitachi Capital Finance for a loan. I was pretty concerned at this point. I attempted to talk to the online folks at HSBC to ask more questions, and they couldn’t tell me anything – in fact, I was to go to a bank as soon as possible with my identification. Being on holiday meant I wouldn’t be able to go to my local branch – and the closest branch to me wouldn’t take appointments and was currently closed. I would have to go to a bank the next day – before heading home – to try and resolve things.

I phoned Hitachi, and had a conversation with a rather nice chap there. All I was armed with was a reference number (from the transfer), and the loan amount. I did manage to get through to their fraud department, and uncovered a few things.

The man on the phone was surprised at how quickly the loan amount had been deposited into my account. The loan had been approved immediately, as my credit score is excellent. This also meant that minimum identity checks had happened, because my credit score was that good. If anything, the whole loan had been fast tracked!

The nice man also let me know what information had been provided, and I found it really unsettling. The impersonator had my full name, date of birth, my place of birth, my full address and my full bank account number and sort code. The only things that were incorrect were my job title, email address and phone number.

We then got into how I was going to give Hitachi their money back. I was reluctant to do a bank transfer at this point, as I knew something had gone down – I decided to go direct through HSBC, but also that I had to go to a bank in person to prove that I was me at this point. As far as plans go, I figured it was a pretty sound one!

The final thing I could do, given that everyone else had likely gone home for the day, was to register with CIFAS for protective registration. This isn’t free, by the way – it’s £25 for two years.

I made a list of all the things I needed to do as soon as possible:

  • First off, find out what had happened with the bank. That would be first thing the next day.
  • Go through all my credit reports with a fine tooth comb, to see if anything else had been done in my name. This would be done when I was back home.
  • With all information in hand, report the matter to the police.
  • Contact all the credit agencies to get anything fraudulent removed from my files.
  • Check that that the impersonator had not put a redirect on my mail.

Seems like a fairly small list. Bear in mind that I had a few things against me – it was a bank holiday weekend, and this was all going down on a Friday evening, after 5pm. I had time in to morning to go to the bank and try to sort things out, but they didn’t open until 10am. And then I had a really long drive back home (about 5ish hours). Bank holiday meant that everywhere would be closed on the Sunday as well as the Monday.

I was fuming, and powerless to do anything because everyone working had gone home for their long weekend. I had been done, and at that moment in time, there was nothing else I could do about it. The joy was sucked from my holiday, and as you can imagine, I got little sleep that night.

I’ll go over what went down at the bank in the next post. This is getting long.