cancel
Showing results for 
Search instead for 
Did you mean: 

CRAs and Identity Theft

ScoreBooster
Frequent Contributor

CRAs and Identity Theft

Hi,

 

A friend of mine is dealing with Identity Theft on a couple of accounts listed in his CR.

 

He went on the website of the FTC, filled out an Identity Theft Report and submitted all the information mentioned in the sample letter of the FTC to the three CRAs. The FTC mentions FCRA section 605B which at least to me seems pretty straight forward. Interestingly enough, the CRAs seem to have their OWN laws.

 

The first (and so far only) CRA that responded to him was Equifax. 5 days after they received his certified letter, they resonded in writing:

 

"Please be advised that Equifax, at this time, will not block the information subject to the submitted identity theft and/or police report you provided as part of your dispute. We are contacting each creditor directly to verify the account/s on your behalf. We will also forward a copy of documents you have provided to each creditor for their review."

 

Today, myfico notified him by credit-alert that one of the creditors has already 'verified' the information. To be honest, this sounds like a regular, automated validation. I highly doubt they could do a full investigation within that short timeframe.

 

Can somebody enlighten me what the purpose of 605B is if this is handled like a standard dispute? If it's the CRA's job to notify the creditors OF the ID-theft under this law, what makes them believe that the creditors can verify IF an ID-theft occured in the first place by automatic validation?

 

TransUnion and Experian didn't contact him yet but according to various credit-reports and alerts, have already placed alerts on his file (so did Equifax).

 

I advised him to wait a few more days and file complaints with the CFPB because this looks like a clean violation to me. Equifax notified him that they wouldn't block but failed to provide a reason which is required under the law. TU and EX obviously didn't block as well and didn't even notify him yet.

 

Any other advice I could give him?

 

Thanks!Smiley Wink

Message 1 of 23
22 REPLIES 22
GApeachy
Super Contributor

Re: CRAs and Identity Theft

I saw on a couple of Utube sites that you have to avoid the automated way of disputing and avoid the call in, but submit via letter "certified/return receipt" to get the ball "really" rolling. I understand that cb's have an automated way (unfavorable) and the "Human touch".
"My Take Home Pay Don't Take Me Home"
Message 2 of 23
ScoreBooster
Frequent Contributor

Re: CRAs and Identity Theft

Thanks, Laurachrissy!

 

My friend sent all 3 letters to the CRAs Certified Mail, Return Receipt Requested.

Based on what I read so far (especially on this forum), Equifax in particular is initially trying to avoid the law by their tactics and only gives in as a last resort. I'm just amazed that they are willing to put their violation of the law in writing because their 'conclusion' on how to proceed has absolutely nothing to do with the law.

 

I guess the next step will be indeed the involvement of the CFPB and if that doesn't come to fruition, perhaps an ITS-letter by an attorney.

Message 3 of 23
RobertEG
Legendary Contributor

Re: CRAs and Identity Theft

The legal issue is whether your communication with the CRA was submitted as a dispute under FCRA 611 or as a request to block information from your credit report under the provisions of FCRA 605B.  They are totally separate procedures, each with different requirements imposed on the CRA.

 

The CRAs must forward disputes to the party who reported the information to the CRA (i.e., the "furnisher").

To the contrary, identity theft requests sent to the CRA do not involve the furnisher, and the FCRA 605B process was enacted by congress to remove any such involvement.  If the section 605B request to block includes all of the items set forth in that section, the CRA must block the information from any credit report they issue.  The substantive requirments are a copy of a police report, a statement from the consumer identifying that the information did not result from any account or transaction authorized by the consumer (such as an FTC affidavit), and proof of the identity of the consumer.

 

When you submitted the communication to the CRA, was it in the form of a dispute under FCRA 611, or was it a request to block under FCRA 605B?

 

 

Message 4 of 23
trusty
Frequent Contributor

Re: CRAs and Identity Theft

The credit bureaus require that the ID Theft dispute be completed to the letter of their own rules.

 

1. The police report must name the fraudulent accounts by name, and be less than 12 months old.

2. The victim must also verify their identity, with a picture ID, (DL or Passport) and a copy of their most recent utility bill.

3. The letter must assert the ID Theft statute, and include a consumer statement to that effect.

 

If something is amiss, Equifax will not accept it. 

 

However, if you have sent in these things, and they are in order... and yet, Equifax inexplicably doesn't accept them; proceed with the CFPB complaint. That should resolve things. If not, proceed with a demand letter.

 

But note, that once you go down the road of legal action - even though Equifax will more than likely end up fixing the stuff - they will forever place you on a list, to have to deal with their Office of Consumer Affairs, from heretofore. It's Basically, their executive office, for escalations and legal action. But note, they will be reticient of any future disputes, outside of the ID theft claim. In other words, they will eventually "catch on" to any frivolous claims.

 

Anyhow, I hope it all works out.

Message 5 of 23
ScoreBooster
Frequent Contributor

Re: CRAs and Identity Theft

I know for a fact that he used the sample letter on the FTC-website. Unfortunately, due to the shutdown, the website is down so I can't provide you with a link.

 

The letter to the CRAs is clearly referring to FCRA 605B and he even sent a copy of this section to the CRAs - just as advised by the FTC. I double-checked for him and all necessary information (i.e. proof of identity, copy of theft report, identification of such by consumer and statement that information is not relating to consumer) was provided.

 

I don't think though that a police report was filed and attached because the FTC listed such a report as optional and mentioned that the FTC-report would be sufficient.

 

https://www.consumer.ftc.gov/blog/2017/04/most-id-theft-victims-dont-need-police-report

 

Of course, if a police report would be requested, he wouldn't have an issue filing one. However, Equifax did not mention in their response (see above) that a block wouldn't happen due to the lack of documentation. They didn't request any additional information. They confirmed the receipt of the report and their decision to simply not comply. None of the three reasons to deny blocking under 605B were mentioned. They are basically treating this as a regular dispute (30 day, verifying with creditors) AND as an ID-theft (theft alert on report, mentioning of no blocking in their response). as I said, they are mixing their own law-cocktail.

Message 6 of 23
trusty
Frequent Contributor

Re: CRAs and Identity Theft


@ScoreBooster wrote:

I know for a fact that he used the sample letter on the FTC-website. Unfortunately, due to the shutdown, the website is down so I can't provide you with a link.

 

The letter to the CRAs is clearly referring to FCRA 605B and he even sent a copy of this section to the CRAs - just as advised by the FTC. I double-checked for him and all necessary information (i.e. proof of identity, copy of theft report, identification of such by consumer and statement that information is not relating to consumer) was provided.

 

I don't think though that a police report was filed and attached because the FTC listed such a report as optional and mentioned that the FTC-report would be sufficient.

 

https://www.consumer.ftc.gov/blog/2017/04/most-id-theft-victims-dont-need-police-report

 

Of course, if a police report would be requested, he wouldn't have an issue filing one. However, Equifax did not mention in their response (see above) that a block wouldn't happen due to the lack of documentation. They didn't request any additional information. They confirmed the receipt of the report and their decision to simply not comply. None of the three reasons to deny blocking under 605B were mentioned. They are basically treating this as a regular dispute (30 day, verifying with creditors) AND as an ID-theft (theft alert on report, mentioning of no blocking in their response). as I said, they are mixing their own law-cocktail.


 

Nowadays, the credit bureaus are very skeptical about fraud disputes, because a lot of consumers are submitting frivolous disputes.

 

So, even a legit claim may have to be sent in a few times, until it reaches someone that will act on it.

 

Believe it or not, you may just try uploading the documents into their online dispute, and checking the fraud box on the fraudulent items in question. Just be sure to include a current copy of your most recent utility bill, that lists the same address as your primary listed on your Equifax file. You can then keep a copy of your dispute, for if and when you need to contact the CFPB.

 

But, lately... the online method, with the upload documents feature, is more reliable with Equifax, in particular. It's easier to track; and you'll know that someone has actually received it. The credit bureaus seem to be ignoring a lot of snail mail form letters, nowadays. But, they will definitely look into something that drops into their own online upload system.

Message 7 of 23
ScoreBooster
Frequent Contributor

Re: CRAs and Identity Theft

@trusty:

 

It would be nice if the FTC would be aware of these requirements. You would at least expect Equifax to tell you that they require certain documentation in order to comply. As I mentioned, the reply my friend received did not claim the lack of a utility bill or a police-report. The way it is written, they don't even care IF a police-report was filed ("Please be advised that Equifax, at this time, will not block the information subject to the submitted identity theft and/or police report you provided as part of your dispute").

 

I don't think my friend would really care if the CRAs would put him on a 'Black List'. In all my years dealing with them, I have never experienced any 'courtesy' that they changed or deleted derogatory information when not required by law.

Message 8 of 23
ScoreBooster
Frequent Contributor

Re: CRAs and Identity Theft

@trusty:

 

Thanks for the online-advice. I'll certainly let him know.

I would never have expected that an online-dispute would even have achance. After all, everybody is advising these days to build a paper-trail with certified letters etc. to build a case.Smiley Wink

Message 9 of 23
trusty
Frequent Contributor

Re: CRAs and Identity Theft


@ScoreBooster wrote:

@trusty:

 

It would be nice if the FTC would be aware of these requirements. You would at least expect Equifax to tell you that they require certain documentation in order to comply. As I mentioned, the reply my friend received did not claim the lack of a utility bill or a police-report. The way it is written, they don't even care IF a police-report was filed ("Please be advised that Equifax, at this time, will not block the information subject to the submitted identity theft and/or police report you provided as part of your dispute").

 

I don't think my friend would really care if the CRAs would put him on a 'Black List'. In all my years dealing with them, I have never experienced any 'courtesy' that they changed or deleted derogatory information when not required by law.


 

Well, the credit bureaus don't exactly follow the law to the letter. They have their own quasi way of applying the law, which gets mixed up with the misgivings of their own internal processes and faulty systems. We just learn what their own internal rules are through trial and error... dealing with various reps, some more helpful than others; and, sometimes the rules change. It used to be the police report could be from whenever. Now, it's within 12 months.

 

Also, yes, an FTC report will suffice... so long as it lists the fraudulent items in question; is accompanied by a consumer statement affirming the ID Theft statute; and a utility bill with primary address that matches the credit file. Two utility bills is better than one, also. They will also ask for a picture identification, although, it's really just the address that they are verifying.

Message 10 of 23
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.