Thanks, Laurachrissy!

My friend sent all 3 letters to the CRAs Certified Mail, Return Receipt Requested.

Based on what I read so far (especially on this forum), Equifax in particular is initially trying to avoid the law by their tactics and only gives in as a last resort. I'm just amazed that they are willing to put their violation of the law in writing because their 'conclusion' on how to proceed has absolutely nothing to do with the law.

I guess the next step will be indeed the involvement of the CFPB and if that doesn't come to fruition, perhaps an ITS-letter by an attorney.

The legal issue is whether your communication with the CRA was submitted as a dispute under FCRA 611 or as a request to block information from your credit report under the provisions of FCRA 605B.  They are totally separate procedures, each with different requirements imposed on the CRA.

The CRAs must forward disputes to the party who reported the information to the CRA (i.e., the "furnisher").

To the contrary, identity theft requests sent to the CRA do not involve the furnisher, and the FCRA 605B process was enacted by congress to remove any such involvement.  If the section 605B request to block includes all of the items set forth in that section, the CRA must block the information from any credit report they issue.  The substantive requirments are a copy of a police report, a statement from the consumer identifying that the information did not result from any account or transaction authorized by the consumer (such as an FTC affidavit), and proof of the identity of the consumer.

When you submitted the communication to the CRA, was it in the form of a dispute under FCRA 611, or was it a request to block under FCRA 605B?

The credit bureaus require that the ID Theft dispute be completed to the letter of their own rules.

1. The police report must name the fraudulent accounts by name, and be less than 12 months old.

2. The victim must also verify their identity, with a picture ID, (DL or Passport) and a copy of their most recent utility bill.

3. The letter must assert the ID Theft statute, and include a consumer statement to that effect.

If something is amiss, Equifax will not accept it. 

However, if you have sent in these things, and they are in order... and yet, Equifax inexplicably doesn't accept them; proceed with the CFPB complaint. That should resolve things. If not, proceed with a demand letter.

But note, that once you go down the road of legal action - even though Equifax will more than likely end up fixing the stuff - they will forever place you on a list, to have to deal with their Office of Consumer Affairs, from heretofore. It's Basically, their executive office, for escalations and legal action. But note, they will be reticient of any future disputes, outside of the ID theft claim. In other words, they will eventually "catch on" to any frivolous claims.

Anyhow, I hope it all works out.

I know for a fact that he used the sample letter on the FTC-website. Unfortunately, due to the shutdown, the website is down so I can't provide you with a link.

The letter to the CRAs is clearly referring to FCRA 605B and he even sent a copy of this section to the CRAs - just as advised by the FTC. I double-checked for him and all necessary information (i.e. proof of identity, copy of theft report, identification of such by consumer and statement that information is not relating to consumer) was provided.

I don't think though that a police report was filed and attached because the FTC listed such a report as optional and mentioned that the FTC-report would be sufficient.

https://www.consumer.ftc.gov/blog/2017/04/most-id-theft-victims-dont-need-police-report

Of course, if a police report would be requested, he wouldn't have an issue filing one. However, Equifax did not mention in their response (see above) that a block wouldn't happen due to the lack of documentation. They didn't request any additional information. They confirmed the receipt of the report and their decision to simply not comply. None of the three reasons to deny blocking under 605B were mentioned. They are basically treating this as a regular dispute (30 day, verifying with creditors) AND as an ID-theft (theft alert on report, mentioning of no blocking in their response). as I said, they are mixing their own law-cocktail.

---

@ScoreBooster wrote:

I know for a fact that he used the sample letter on the FTC-website. Unfortunately, due to the shutdown, the website is down so I can't provide you with a link.

 

The letter to the CRAs is clearly referring to FCRA 605B and he even sent a copy of this section to the CRAs - just as advised by the FTC. I double-checked for him and all necessary information (i.e. proof of identity, copy of theft report, identification of such by consumer and statement that information is not relating to consumer) was provided.

 

I don't think though that a police report was filed and attached because the FTC listed such a report as optional and mentioned that the FTC-report would be sufficient.

 

https://www.consumer.ftc.gov/blog/2017/04/most-id-theft-victims-dont-need-police-report

 

Of course, if a police report would be requested, he wouldn't have an issue filing one. However, Equifax did not mention in their response (see above) that a block wouldn't happen due to the lack of documentation. They didn't request any additional information. They confirmed the receipt of the report and their decision to simply not comply. None of the three reasons to deny blocking under 605B were mentioned. They are basically treating this as a regular dispute (30 day, verifying with creditors) AND as an ID-theft (theft alert on report, mentioning of no blocking in their response). as I said, they are mixing their own law-cocktail.

---

Nowadays, the credit bureaus are very skeptical about fraud disputes, because a lot of consumers are submitting frivolous disputes.

So, even a legit claim may have to be sent in a few times, until it reaches someone that will act on it.

Believe it or not, you may just try uploading the documents into their online dispute, and checking the fraud box on the fraudulent items in question. Just be sure to include a current copy of your most recent utility bill, that lists the same address as your primary listed on your Equifax file. You can then keep a copy of your dispute, for if and when you need to contact the CFPB.

But, lately... the online method, with the upload documents feature, is more reliable with Equifax, in particular. It's easier to track; and you'll know that someone has actually received it. The credit bureaus seem to be ignoring a lot of snail mail form letters, nowadays. But, they will definitely look into something that drops into their own online upload system.

@trusty:

It would be nice if the FTC would be aware of these requirements. You would at least expect Equifax to tell you that they require certain documentation in order to comply. As I mentioned, the reply my friend received did not claim the lack of a utility bill or a police-report. The way it is written, they don't even care IF a police-report was filed ("Please be advised that Equifax, at this time, will not block the information subject to the submitted identity theft and/or police report you provided as part of your dispute").

I don't think my friend would really care if the CRAs would put him on a 'Black List'. In all my years dealing with them, I have never experienced any 'courtesy' that they changed or deleted derogatory information when not required by law.

@trusty:

Thanks for the online-advice. I'll certainly let him know.

I would never have expected that an online-dispute would even have achance. After all, everybody is advising these days to build a paper-trail with certified letters etc. to build a case.

---

@ScoreBooster wrote:

@trusty:

 

It would be nice if the FTC would be aware of these requirements. You would at least expect Equifax to tell you that they require certain documentation in order to comply. As I mentioned, the reply my friend received did not claim the lack of a utility bill or a police-report. The way it is written, they don't even care IF a police-report was filed ("Please be advised that Equifax, at this time, will not block the information subject to the submitted identity theft and/or police report you provided as part of your dispute").

 

I don't think my friend would really care if the CRAs would put him on a 'Black List'. In all my years dealing with them, I have never experienced any 'courtesy' that they changed or deleted derogatory information when not required by law.

---

Well, the credit bureaus don't exactly follow the law to the letter. They have their own quasi way of applying the law, which gets mixed up with the misgivings of their own internal processes and faulty systems. We just learn what their own internal rules are through trial and error... dealing with various reps, some more helpful than others; and, sometimes the rules change. It used to be the police report could be from whenever. Now, it's within 12 months.

Also, yes, an FTC report will suffice... so long as it lists the fraudulent items in question; is accompanied by a consumer statement affirming the ID Theft statute; and a utility bill with primary address that matches the credit file. Two utility bills is better than one, also. They will also ask for a picture identification, although, it's really just the address that they are verifying.