|
Return to Consumer
Information
The State of California - State and Consumer Services Agency
LEGAL AFFAIRS
400 R Street, Suite 3090
Sacramento, CA 95814-6200
CREDIT IDENTITY THEFT:
TIPS TO AVOID AND RESOLVE PROBLEMS
March 2002
Statutory Update, November 2002
"Credit identity theft", "identity theft" and "identity fraud". All of these terms describe the theft of a consumer's personal identification and credit information and the thief's use of this information to gain access to the consumer's credit and bank accounts and take over the consumer's credit identity.
Credit identity theft is a growing problem in California and nationally. The Federal Trade Theft Commission ranks California fourth nationally in reported identity theft cases per capita.1 The Privacy Rights Clearinghouse estimates that there are approximately 500,000 cases of identity theft nationally per year. The California Legislature has declared that identity theft is the fastest growing white collar crime in the nation.2
This Legal Guide explains how credit identity theft occurs; provides tips to avoid becoming a victim of credit identity theft; and suggests how to resolve problems if your credit identity is stolen. It is organized as follows:
I. Description of Identity Theft
II. How to Protect Against Identity Theft
III. What You Can Do if You Are a Victim of Identity Theft
IV. List of Resources
Endnotes
Text of Penal Code Sections 530.5-530.8
Victims' Rights Under Credit Reporting Act
I. DESCRIPTION OF CREDIT IDENTITY THEFT
A. Definition
Credit identity theft occurs when someone (the "perpetrator") willfully acquires a consumer's personal identification information, such as the consumer's name, address, Social Security number, date of birth, driver's license number, PIN (personal identification number), mother's maiden name, or some combination of these items. A consumer's Social Security number, along with the consumer's name, are the keys to tapping into the consumer's credit identity.3 The perpetrator also may acquire the consumer's credit or account information. The perpetrator may use this information unlawfully to obtain money, credit, goods, services, other things of value, and even medical information, in the victim's name and without the victim's consent. The perpetrator also may use this information to gain access to the victim's bank accounts. The means by which the perpetrator obtains this information are discussed at B. below.
A consumer may not know that he or she has been a victim of credit identity theft for some time after the fact. The consumer often learns that he or she has been victimized after being refused an extension of credit. Sometimes, the consumer learns that he or she has been victimized when a creditor or debt collector calls demanding payment for debts incurred by the perpetrator. Typically, the victim's credit standing is seriously damaged by the perpetrator, and the victim's credit report becomes filled with negative credit information as a result. Consumers who are victims of credit identity theft have found it difficult to remove erroneous negative credit information from their credit reports and to re-establish their credit standing.
In the past, some law enforcement officials and credit reporting agencies did not consider the consumer to be the "victim" of credit identity theft because the consumer's liability for credit card losses generally is limited by federal law to $50 for each card. They viewed the creditor or financial institution as the victim, although the consumer always has been the one who faces the emotional trauma and the often tedious task of removing erroneous information from his or her credit report and re-establishing his or her credit standing.
The California Legislature enacted a law, effective January 1, 1998, that created the crime of "identity theft."4 As knowledge of this provision has spread, it has become more clear to all that the consumer is the victim of credit identity theft.
B. How Credit Identity Theft Occurs
Credit identity theft can occur in daily consumer transactions in a variety of ways. For example:
- Mail theft - If a consumer leaves his or her credit card payment envelope in the mail box for the postal carrier to pick up, a thief may steal the envelope. The thief then may use the information from the credit card statement and the consumer's check to obtain credit in the consumer's name. A thief also may steal pre-approved credit offers and convenience checks from a consumer's mail box and use the information contained in them to obtain credit in the consumer's name.
- "Dumpster diving" - If a business discards papers containing its customers' personal identification information (such as loan applications) without shredding them, a "dumpster diver" may retrieve this information from the business' dumpster (trash container). The thief then may sell the information or use it to obtain credit in the consumer's name.
Recent legislation may make it more difficult for dumpster divers to obtain personal identification information. Now, businesses must destroy or arrange for the destruction of customer records that contain personal information when the records are no longer to be retained. 5
A thief also may steal personal identification information at a consumer's home. If a consumer discards documents containing personal identification information (such as pre-approved credit offers) without destroying them, a thief may steal the information from the consumer's garbage can.
- "Insider access" - An employee of a business may wrongfully retrieve personal identification information that the business has collected for legitimate reasons, such as the consumer's Social Security number. The employee then may sell the information to a crime ring or use it to obtain credit in the consumer's name.
- "Impostor access" - A thief may fraudulently obtain a consumer's credit report by posing as someone who has a legitimate need and right to the information in it, such as a landlord or employer.
- Purse or wallet loss or snatching - A thief may steal, or the consumer may lose, the consumer's purse or wallet. The thief then may use the consumer's stolen personal identification information to obtain credit in the consumer's name.
- Computerized information services - Businesses called "information brokers" sort, package and sell personal identification information in electronic form. Some businesses may not safeguard this information adequately, or may sell it to purchasers that the business has not appropriately screened. The purchaser or thief then may use the information to obtain credit in the names of the consumers to whom the information relates.
- Internet - Personal identification information that is available on the Internet can be intercepted or accessed by a thief and misused to obtain credit in the victim's name.
For example, the credit card numbers of people who make purchases over the Internet typically are stored in the databases of the businesses where they shop. As reported on occasion by the media, hackers can break into a business' database and steal credit card numbers and other personal information about the business' customers.
A new law is designed to help Californians whose personal information may have been compromised in this manner. Beginning July 1, 2002 a business conducting business in California that owns or licenses computerized personal information data and that learns of a breach of its security must disclose the breach to California residents whose unencrypted personal information may have been acquired by an unauthorized person. The business must make this disclosure without unreasonable delay, consistent with legitimate law enforcement and security needs.6
Having obtained the consumer's personal identification information, the perpetrator then may apply for a new driver's license in the consumer's name, order new credit cards in the consumer's name to be sent to the perpetrator's address, obtain a copy of the consumer's credit report, and otherwise assume the consumer's credit identity.
Neglect by some retailers and creditors may contribute to a perpetrator's successful use of the victim's credit identity.
For example, some retailers may not carefully examine photographs and signatures on identification given by perpetrators in check and credit card transactions. When perpetrators apply for new credit, some creditors may not check to see if the date of birth or mother's maiden name is correct, or if the driver's license is valid. Sometimes, a creditor may ignore a recent change of address, which can be an indication of identity theft (because a perpetrator often diverts the victim's mail to an address used by the perpetrator).
Legislation effective January 1, 2002, addresses some aspects of this problem. If the address a consumer gives on a application for credit does not reasonably match the address in the consumer's credit report, the retailer or other creditor must take reasonable steps to verify the accuracy of the address provided and confirm that the extension of credit is not the result of identity theft. If a retailer or other creditor has been notified by a credit reporting agency that an applicant has been a victim of identity theft, the user of the credit report must take reasonable steps to verify the consumer's identity and confirm that the application for credit is not the result of identity theft before it extends credit or lends money.7
C. Example of Credit Identity Theft: One Victim's Experience
A Consumer Reports article describes a typical case of credit identity theft as reported by the victim:8
An employee of a medical office where the victim received services obtained the victim's name and Social Security number from the victim's medical file. With this information, the thief allegedly was able to obtain lines of credit in the victim's name worth $10,000, rent an apartment, obtain utility service, and earn income in the victim's name. Prior to this, the victim's credit report was "spotless."
The victim first learned that she was the victim of credit identity theft when she began receiving telephone calls from lenders and collection agencies demanding payment of numerous past-due credit accounts that she had not opened. As reported by the victim, her bank refused to refinance her home mortgage because she was a bad credit risk, and the Internal Revenue Service claimed that she owed taxes on income that the thief apparently had earned.
It took the victim two years to have the negative credit information caused by the thief's activities removed from her credit report. The victim reported that during this time, the thief continued to use the victim's name, and creditors continued to press her for payment.
II. HOW TO PROTECT A GAINST CREDIT IDENTITY THEFT
It is impossible for a consumer to prevent all distribution of his or her personal identification and credit information, or to exercise meaningful control over all of the possible uses of that information. Nonetheless, a consumer can take steps to reduce the risk of theft and misuse of his or her personal identification and credit information. For example:
- Do not routinely carry your Social Security card, your birth certificate, your passport or more than one or two credit cards. When you must carry some or all of these, take special precautions to reduce the risk of loss or theft.
- Always take credit card, debit card and ATM receipts with you. Never throw them in a public trash container. Tear them up or shred them at home when you no longer need them.
- Do not leave bill payment envelopes at your mailbox for the postal carrier to pick up. Install a lock on your mailbox if you live in an area where mail theft has occurred.
- Tear up or shred unused pre-approved credit card solicitations and convenience checks.
- Carefully review your credit card statements and utility bills (including cellular telephone bills) for unauthorized use as soon as you receive them. If you suspect unauthorized use, contact the provider's customer service and fraud departments immediately.
- Order your credit report each year from each of the three major credit reporting agencies (see the List of Resources). Check each credit report carefully for accuracy and for indications of fraud, such as credit accounts that you did not open; applications for credit that you did not authorize; credit inquiries that you did not initiate; 9 charges that you did not incur; and defaults and delinquencies that you did not cause. Check the identifying information in your credit report to be sure it is accurate (especially your name, address, and Social Security number).
- Never give out your credit card, bank account or Social Security number over the telephone unless you placed the call and you have a trusted business relationship with the business or organization.
- Guard against overuse of your Social Security number. Release it only when necessary - for example, on tax forms and employment records, or for banking, stock and property transactions.
Do not have your Social Security number printed on your checks. Do not allow a merchant to write your Social Security number on your check. (California law does not specifically allow or prohibit merchants from requesting and recording your Social Security number when you pay by check.)10
If a business requests your Social Security number, ask to use an alternate number. Some businesses have systems that do not use Social Security numbers to identify their customers. If the business does not have such an alternate system, ask to use an alternate identifier that you will remember (for example, a combination of the letters of your last name and numbers). You can lawfully refuse to give a private business your Social Security number, but the business then can refuse to provide you service.
Recent legislation addresses several problem uses of Social Security numbers by private businesses, such as printing Social Security numbers on cards needed to access the business' products or services, intentionally making Social Security numbers available to the general public, and other uses. A business that uses your Social Security number in a prohibited manner after July 1, 2002 must notify you that you may stop it from using your Social Security number in that manner by sending it a written request. The business must comply within 30 days, and cannot charge you a fee to implement your request or deny you services because of it.11
Health care service plans, health care providers, insurers, administrators of health care and insurance plans, and pharmacy benefits managers and contractors are subject to a later timeline. State and local agencies are not subject to this new law.
If a government agency asks for your Social Security number, a Privacy Act notice should accompany the request. 12 This notice will explain whether your Social Security number is required or merely requested; the use that will be made of your Social Security number; and what will happen if you refuse to provide it.
- If you do not receive your credit card statement on time (or if you do not receive a new or renewed credit card when you expect it), your mail may have been stolen. It also is possible that an identity thief has filed a change of address request in your name with the creditor or the post office. Identity thieves do this to divert their victims' mail to the thief's address.
Call the creditor to see if a change of address request has been filed in your name, or if additional or replacement credit cards have been requested on your account. If either has happened, inform the creditor that you did not make the request and instruct the creditor not to honor it.
Call the post office to see if a change of address request has been filed in your name. If this has happened, immediately notify the Postal Inspector.
- If you shop on the Internet, use a credit card rather than a debit card, and shop only with reputable companies that you know. One Internet expert recommends that you use a single, distinct, credit card with a low limit when you shop online. Make sure that you are using a secure browser that complies with industry security standards, such as Secure Sockets Layer (SSL), before you provide any sensitive personal information. These standards help ensure the security of your transaction by encrypting or scrambling the purchase information (including your credit card number) that you send over the Internet. Look for symbols of an unbroken lock or key at the bottom of your browser window, a Web address that includes an "s" (for example, "https://), or the words "Secure Sockets Layer (SSL)" in the browser's and merchant's privacy statements. Alternatively, you can place your order by telephone or mail. Never send payment information by e-mail.13
Some credit card issuers now offer single-use credit card numbers to their card holders. As the name implies, a single-use card number can only be used once, and cannot be tracked back to the cardholder. This technology is designed to prevent fraudulent use of credit card numbers and to prevent hackers from obtaining actual credit card numbers (because they are not stored in the seller's database).
Learn about Internet scams before you use the Internet. You can learn about current Internet scams on the Federal Trade Commission's Website on identity theft (see the List of Resources). At this writing, for example the FTC warns that an e-mail that appears to be from your Internet Service Provider (ISP) stating that you account needs to be updated or that your credit card has expired may be a ruse to obtain personal information or your credit card number. The FTC advises not to respond to such an e-mail without first calling your ISP to make certain that it is legitimate.
- When you use a credit card to make a purchase, try not to let the card out of your sight. An unscrupulous employee may use hand-held "skimming" device to retrieve and store the data contained in your card's magnetic strip, or to copy the data to another card's magnetic strip. Use of these devices with intent to defraud is a misdemeanor,14 but your best protection is vigilance. Also, when you make a credit card purchase, be certain that your credit card is returned to you.
- Check your Social Security Earnings and Benefits statement each year to make sure that someone else is not using your Social Security number for employment. The Social Security Administration now mails these statements annually to all eligible workers age 25 and older.
- Consider having your name removed from marketing lists.
The three major credit reporting agencies use information from credit reports to develop lists of consumers who meet criteria specified by potential creditors. You can request that your credit information not be used for these purposes.15 Doing this will limit the number of pre-approved credit offers that you receive.
Credit card issuers often compile lists of marketing information about cardholders based on their purchases. Under California law, you can request your credit card issuers not to disclose to marketers of goods and services any marketing information about you which discloses your identity.16
The Direct Marketing Association (DMA) maintains lists of people who do not want to receive mail, telephone and e-mail solicitations from national marketers. You can request that your name be added to the DMA's Mail Preference Service, Telephone Preference Service and E-Mail Preference Service name-removal lists.
See the List of Resources.
- Consider not listing your residence telephone number in the telephone book, or consider listing your name and residence telephone number without an address. If you decide to list your name and telephone number, consider not listing your professional qualification or affiliation (for example, "Dr.," "Atty.," or "Ph.D .").
- Make a list of, or photocopy, all of your credit and debit cards. For each card, include the account number, expiration date, credit limit and the telephone numbers of customer service and fraud departments. Keep this list in a safe place (not your wallet or purse) so that you can contact each issuer quickly if your cards are lost or stolen. Make a similar list for your bank accounts.
- Cancel your unused credit cards so that the accounts will not appear as being "open" or "active" on your credit report. (If an identity thief obtains your credit report, the thief may access and use these accounts. To help avoid this problem, some credit reporting agencies "truncate" account numbers on credit reports.) Ask the credit card issuer to tell the credit reporting agency that the account was closed at your request.
- When creating passwords and PINs (personal identification numbers) do not use any part of your Social Security number, birth date, middle name, spouse's name, child's name, pet's name, mother's maiden name, address, telephone number, consecutive numbers, or anything that a thief could easily deduce or discover.
- Memorize all your passwords and PINs; never write them in your wallet, purse, Palm Pilot or Rolodex.
- Shield the keypad when punching in your PIN at an ATM or when placing a calling card call. This helps protect against "shoulder surfers" learning your code.
- Install a lock on your mailbox at home, or use a post office box. This will reduce the risk of mail theft.
- When you order new checks, pick them up at the bank instead of having them mailed to your home.
- When you fill out a loan or credit application, be sure that the business either shreds these applications or stores them in locked files. These applications often contain all of the information that a dumpster diver or an unscrupulous employee needs to assume your credit identity. By law, businesses must destroy or arrange for the destruction of customer records that contain personal information when the records are not longer to be retained.17
- If you have a good reason to believe that you are the target of an identity thief, consider placing a security alert or security freeze on your credit report. You also can request that a victim's statement be placed in your credit file.
III. WHAT TO DO IF YOU ARE A VICTIM OF CREDIT IDENTITY THEFT
Anyone can become a victim of credit identity theft. You must act quickly upon discovering that you are the victim of credit identity theft.18 Acting quickly will help prevent the thief from making further use of your credit identity, and may make the process of restoring your credit standing less burdensome.
A victim of identity theft should keep a log of the date, time and substance of all personal and telephone conversations regarding the theft. The log also should include the name, title and telephone number of each person to whom the victim speaks. The log should also include copies of all e-mails sent and received. The victim should follow up each telephone call with a letter that confirms the conversation and any agreed-upon action. The victim should send all correspondence by certified mail, return receipt requested, and keep each return receipt and a copy of each letter and any enclosures.
The following tips are offered to help a victim report and document the theft of his or her credit identity and to help the victim begin to rebuild his or her credit standing. Each case of credit identity theft involves unique facts and circumstances, and other than reporting the crime to the police, one victim will not necessarily take the same steps as other victims. If your credit identity has been stolen, you should review all of the following tips and choose those that are appropriate to your situation.
A. Law Enforcement
Report the crime to the police immediately. California Penal Code section 530.5 classifies identity theft as a crime - either a misdemeanor or a felony.19
You can initiate a law enforcement investigation by contacting the local law enforcement agency having jurisdiction over your address. The agency must take a police report, give you a copy of it, and begin an investigation.20 If the crime was committed in a different jurisdiction, the agency may refer the matter to a law enforcement agency where the crime was committed for investigation. The crime may be prosecuted in the county where the theft of the personal identifying information occurred, or where the information was used illegally.21 Some law enforcement agencies charge for copies of the police report. The laws on identity theft neither permit nor prohibit this practice.
Beginning January 1, 2002, a Department of Motor Vehicles investigator with peace officer status also can take an investigative report. You can use the DMV report or the police agency report to block reporting of identity theft-related information in your credit report.22 You can use the police report to obtain copies of your credit report.23 You can use the police report to obtain copies of applications for credit submitted by the thief in your name.24
Give the police or DMV investigator as much information and documentation as you can about the theft and about accounts that have been fraudulently accessed and opened in your name. Creditors, banks, credit reporting agencies and insurance companies may require you to provide a police report to verify that you are a victim of the crime of identity theft.
The full text of Penal Code sections 530.5-530.8 is reprinted at the end of this Legal Guide. Not all law enforcement officials will be aware that identity theft is a crime, or that they are required to take a police report, give you a copy of it, and begin an investigation. If necessary, show this Legal Guide and the text of sections 530.5-530.8 to law enforcement officials when you request a police report and an investigation.
B. Credit Reporting Agencies
Call the fraud units of the three major credit reporting agencies (see the List of Resources). Inform each credit reporting agency of the theft of your credit cards, account numbers or identifying information.
- You can request that a victim's statement be added to your credit report - for example: "My identification has been used to apply for credit fraudulently. Call me at ________ to verify any application for credit." The credit reporting agency will require you to verify your identity (for example, by submitting your phone bill).
- Beginning July 1, 2002, you can call or write the credit reporting agencies to request that a "security alert" be placed in your credit reports. The security alert notifies recipients of your credit report that your identity may have been used fraudulently to obtain goods or services in your name. The security alert will remain in effect for at least 90 days, and you may request that it be renewed.25 Beginning January 1, 2003, you can request a free copy of your credit report at the time that the 90-day alert period expires.26
- Beginning January 1, 2003, you can place a "security freeze" on your credit reports by sending written requests by certified mail to each of the credit reporting agencies. A security freeze prevents the credit reporting agencies, in most instances, from releasing your credit report or information in it without your prior express authorization. The credit reporting agency will provide you a unique personal identifier that you can use to temporarily lift the security freeze. Otherwise, the freeze remains effective until you request that it be removed. Credit reporting agencies cannot charge a fee for these services if you are a victim of identity theft and submit a valid police report or DMV investigative report.27
C. Credit Reports
Send each credit reporting agency a request for a copy of your credit report and enclose a copy of the police report or DMV investigative report. Beginning July 1, 2003, upon your request, the credit reporting agency must send you up to 12 free copies of your credit report (one per month for 12 consecutive months following the date of the police or DMV report). 28 Other circumstances under which credit reporting agencies must provide you with free copies of your credit reports are described in endnote 29. 29 In all other circumstances, each reporting agency can charge you $8.00 for your credit report. 30
Check each credit report carefully when you receive it. Look for accounts that you have not applied for or opened; charges that you have not incurred; inquiries that you have not initiated; and defaults and delinquencies that you have not caused. Check your identifying information carefully - especially your name, address and Social Security number. The report will list all variations of your Social Security number and other identifying information reported to the credit reporting agency by creditors and other users of your credit reports.
Send each credit reporting agency a written request to remove all information that appears in your credit report as a result of the theft of your personal identification and credit information. It may take some time to have all of this erroneous information removed from each of your credit reports.
Each month when you receive your credit reports, check to see that all of the erroneous information has been removed from each report, and that each report contains a security alert or a victim's statement, if you requested one. Also, check your credit reports for new erroneous information, and for previously-deleted erroneous information that may have reappeared.
- Credit reporting agencies must block reporting of any information that a victim of identity theft alleges appears in his or her credit report as a result of the crime of identity theft. The victim must submit to the credit reporting agency a copy of a valid police report or DMV investigative report filed under Penal Code section 530.6. 31
- Credit reporting agencies must delete from your credit report those inquiries based on credit requests that the agency verifies were initiated as a result of identity theft.
32
D. Credit Card Issuers
Call each of your credit card issuers to report that you are the victim of credit identity theft. Ask each credit card issuer to cancel your card and provide a replacement card with a new account number. Ask that a password be required before any inquiries or changes can be made on the account. Immediately follow up each telephone call with a letter that confirms the conversation and the action the credit card issuer has agreed to take. Send the letter by certified mail, return receipt requested, and keep a copy.
Ask each credit card issuer about the status of your account. Ask if the card issuer has received a change of address request, or a request for additional or replacement credit cards. If you have not filed a change of address request or requested additional credit cards, instruct the card issuer not to honor these requests.
- Credit card issuers who receive a notice of change of the cardholder's billing address, and within 10 days also receive a request for additional credit cards, must verify the change of address before activating additional cards or issuing additional cards to the new address. Also, card issuers must verify addresses on accepted credit card solicitations or applications that differ from the address in the solicitation or application. 33
- A credit card issuer that issues a substitute credit card for an accepted credit card must have an activation process that the cardholder must contact before first using the substitute card. 34
- A consumer's liability for unauthorized use of a credit card cannot be more than $50. 35 The consumer must notify the credit card issuer promptly upon learning of the unauthorized use. Most creditors will waive (forgive) the $50 if the consumer notifies the creditor within two days after learning of the unauthorized use.
Also call (and then write) each credit card issuer or creditor that has opened a new account that you did not authorize or apply for. These accounts probably will be listed in your credit reports, along with the creditor's or issuer's address, and often, its customer service number. Explain that you are the victim of credit identity theft and that you did not open the account, and ask each issuer and creditor to close the account immediately. Some credit card issuers and creditors may ask you to sign an affidavit or to submit a copy of the police report on the theft of your personal identification information. Some issuers and creditors may accept the Federal Trade Commission's ID Theft Affidavit. Ask each issuer and creditor to inform each credit reporting agency that the account was opened fraudulently and has been closed at your request.
E. Financial Institutions
If your bank account information or checks have been stolen, or if a fraudulent bank account has been opened using your identification information, immediately notify the bank and the check verification companies listed in the List of Resources. Do this both by telephone and in writing.
- Close your checking and savings accounts and open new accounts with new account numbers.
- Report lost or stolen ATM and debit cards immediately by calling the financial institution. Then send a follow-up letter by certified mail. It's important to act immediately because a thief with your card and PIN can drain your account, and because your liability for loss depends on how quickly you report that your card has been lost or stolen. 36
- Ask the bank to use a new unique identifier for your accounts. Request that a password be required for access to the new accounts. Do not use your mother's maiden name as a unique identifier or a password, since this information is available in public records.
- Call the payees of any outstanding checks that you are not certain you wrote. The payee is the person or business to whom you wrote the check. Explain to each payee that you are the victim of identity theft and that you have closed your checking account for that reason. Ask each payee to waive (forgive) any late payment or returned check fee. Then send each payee a replacement check drawn on your new account and stop payment on the check that it replaces. It's a good idea to enclose a note with each check explaining why you are sending a replacement check and reminding the payee that the payee has agreed to waive the late payment or returned check fee (if the payee has agreed to do so).
- Get a new ATM card and PIN. Do not use your old password or PIN.
A merchant may refuse to take your check on the advice of a check verification company (because the thief has written bad checks in your name). The merchant will refer you to one of the check verification companies in the List of Resources. Call the check verification company and explain the situation.
You can ask the check verification company to notify retailers using its database not to accept checks from your old account. Some banks will take the initiative to notify the check verification company it does business with that your checks have been stolen or that a fraudulent bank account has been opened in your name.
- If you cannot open a checking account because of the thief's activities, call Chex-Systems,
see the List of Resources.
- Be prepared for banks and credit grantors to ask you to fill out fraud affidavits to be notarized or signed under penalty of perjury. You can ask to have the fees for notarizing documents waived or reduced. Ask banks and credit grantors if they will accept the Federal Trade Commission's ID Theft Affidavit.
F. Utilities
Notify your gas, electric, water and trash utilities that you are the victim of identity theft, and alert them to the possibility that the thief may try to establish accounts using your identification information . Provide similar notice to your local, long distance and cellular telephone services. Ask the utility and telephone services to use a new unique identifier for your accounts. Do not use your mother's maiden name, since this information is available in public records. If your long distance calling card or PIN has been stolen, cancel it and obtain a new account number and PIN.
If you have trouble getting fraudulent telephone charges removed from your account, you can contact the California Public Utilities Commission (regarding local service providers) and the Federal Communications Commission (regarding long-distance and cellular providers). (See the List of Resources.)
G. Driver's License/California ID Card
The California driver's license and California identification card are primary identification documents in California. Therefore, they often are targets for identity thieves.
If you have lost your driver's license or California identification card, or if you suspect that someone may be using your driver's license or ID card number, immediately call your local Department of Motor Vehicles office for an appointment (listed under "State Government" in the white pages of the telephone directory) or call the DMV's toll free fraud hotline number, (866) 658-5758. It is possible to obtain a new driver's license or ID card number under limited circumstances. 37
- A new law seeks to discourage identy thieves and other imposters from obtaining drivers licenses. Beginning January 1, 2003, it is a misdemeanor for a person to obtain a California driver's license, ID card or other official document issued by the Department of Motor Vehicles if the person knows that he or she is not entitled to it. 38
H. Social Security number
If you can prove that you are being disadvantaged because someone used your Social Security number, it is possible, in extreme cases, to obtain a new Social Security number. 39 In order to obtain a new Social Security number, your situation must fit the Social Security Administration's criteria for issuing a second Social Security number. See endnote 40 for a general overview of these criteria. 40
If you suspect that someone else is using your Social Security number for employment purposes, request a copy of your Social Security Earnings and Benefits statement. (The Social Security Administration now mails these statements annually to all eligible workers who are 25 and older.) If the statement confirms this use of your Social Security number, contact the Social Security Administration immediately. (To order your statement, or to contact the Social Security Administration, see the List of Resources.)
I. Mail
If you suspect that an identity thief has stolen your mail or has filed a change of address request in your name, notify the Postal Inspector (see the List of Resources, under "U.S. Post Office").
J. Passport
If you have a passport, notify the passport office that the identity thief may apply for a new passport (see the List of Resources, under "U.S. Post Office").
K. Erroneous Civil or Criminal Judgment
The actions of an identity thief sometimes result in civil or criminal judgments being entered against the victim. If you are a victim of identity theft, and have had an erroneous civil or criminal judgment entered against you, you should consult an attorney about vacating the judgment.
A victim of identity theft whose identity was used by the thief to commit another crime can seek to have his or her record cleared under certain circumstances. If an identity thief has willfully obtained another person's personal identification information without that person's authorization, has used that information to commit a crime in addition to the crime of identity theft, and is convicted of that additional crime, the court records must reflect that the person whose identity was falsely used to commit the crime did not commit the crime. 41
A victim of identity theft can petition a court for a determination of factual innocence (1) where the victim's identity has been associated mistakenly with a record of criminal conviction, (2) where the perpetrator of the identity theft was arrested or cited for, or convicted of a crime under the victim's identity or (3) where a criminal complaint has been filed against the perpetrator in the victim's name 42. (This court procedure is described at endnote 43) 43 Once you have obtained such a court order, you can apply to register with the California Attorney General's ID Theft Database.
L. Uncooperative Creditor or Credit Reporting Agency
Occasionally, a victim of credit identity theft may encounter a creditor or credit reporting agency that unreasonably does not cooperate with the victim as the victim seeks to restore his or her credit standing. For example:
- The victim may notify a creditor that he or she is the victim of credit identity theft, and may provide the creditor appropriate documentation, but the creditor continues to report debts incurred by the thief to the credit reporting agencies; or
- The victim may provide a credit reporting agency appropriate documentation and request the credit reporting agency to remove information from the victim's credit report that appears due to the theft of the victim's personal identification and credit information, but the credit reporting agency does not remove the erroneous information from the victim's credit report.
Hopefully, the requirement that local law enforcement agencies must take police reports will make it easier for victims of identity theft to use police reports as one means of convincing an uncooperative creditor or credit reporting agency that the victim's identity has been stolen, and that the victim is not responsible for th e charges or credit information at issue. Also, as described under the preceding heading, a victim whose identity has been used or associated with a crime can seek a judicial determination of factual innocence of the crime, which may help when dealing with an uncooperative creditor or credit reporting agency. 44
The credit reporting laws also may offer some help to a victim faced with an uncooperative creditor or credit reporting agency:
- A creditor who provides information to a credit reporting agency regarding its transactions and experiences with consumers is called a "furnisher" of information. If a consumer notifies a furnisher that the consumer disputes the completeness or accuracy of information that the furnisher has provided to a credit reporting agency, the furnisher must include a notice that the information is disputed if it provides the information to a credit reporting agency. 45
- A furnisher is prohibited from providing information to a credit reporting agency on a specific transaction if the furnisher knows, or should know, that the information is incomplete or inaccurate. 46 If the furnisher determines that reported information is incomplete or inaccurate, it must promptly notify the credit reporting agency of its determination, and must provide the agency corrections to make the information complete and accurate. Thereafter, the furnisher cannot provide the credit reporting agency any of the information that remains incomplete or inaccurate. 47 To invoke these protections, the victim should send the furnisher a letter that clearly explains and documents why the reported information is incomplete or inaccurate. The letter should be sent to the address specified by the furnisher for this purpose. Keep copies of all correspondence.
If you are a victim of credit identity theft, and if you believe that a creditor or a credit reporting agency unreasonably or carelessly continues to report erroneous information that is the result of the theft of your personal identification and credit information, consider seeking assistance from an attorney.
M. Demands to Pay Debts Caused by the Credit Identity Thief
Since the victim of credit identity theft did not incur the debts caused by the thief, the victim ordinarily will have a complete defense to the collector's demand for payment of those debts. The victim ordinarily should not pay any debt which is the result of the theft. If a debt collector demands that the victim pay such a debt, the victim should explain why he or she does not owe the debt. The victim should dispute the debt in a follow-up letter to the debt collector, which also should include the victim's explanation why he or she does not owe the debt and a copy of the victim's police or DMV report or ID Theft Affidavit. 48 The victim should send the letter by certified mail, return receipt requested, and keep a copy of the letter and enclosures.
In an effort to convince the debt collector that the victim did not incur the debt, the victim may decide to provide personal identification information to the collector. For example, the debt collector may request the victim's Social Security number, driver's license number and addresses for the last several years. Disclosing some or all of this information entails a loss of privacy, which the victim must balance against the possible benefit of convincing the debt collector that the victim did not incur the debt. The victim should keep the originals of any documents provided to the debt collector.
The victim may find it helpful to consult an attorney if the victim receives demands to pay debts caused by the identity thief. The victim should consult an attorney if the victim receives notice of a legal action based on debts incurred by the thief. (See the List of Resources.)
As a practical matter, the victim should contact the original creditor to explain why he or she does not owe the debt, and ask the creditor to inform the debt collector that the victim is not responsible for the debt. The victim should send the creditor a follow-up letter, including the victim's police or DMV report or ID Theft Affidavit, by certified mail, return receipt requested. The victim should keep a copy of the letter and enclosures.
See Legal Guide DC-4, "Checklist for Identity Theft Victims Who are Contacted by a Debt Collector," for steps a victim should take when the victim learns of the theft of his or her identity and when the victim is first contacted by a debt collector. (See the List of Resources.)
Two recent laws may help protect victims of identity theft from being pursued by debt collectors and creditors for claims incurred by the identity thief. Beginning January 1, 2002:
- A creditor cannot sell a consumer's debt to an outside debt collector if the consumer is a victim of identity theft and the creditor has received notice from a credit reporting agency that reporting of that debt has been blocked. (The credit reporting agency must block reporting of a debt when the consumer has submitted a police or DMV report and alleges that the debt appears on the consumer's's credit report as a result of identity theft.) 49
- A victim of identity theft can file a lawsuit against a person who purports to have a claim for money (or an interest in property) in connection with a transaction procured by identity theft. If the claimant has already filed suit against the victim, the victim can file a cross-complaint against the claimant. The victim must prove that he or she is the victim of identity theft as to the particular claim. If the victim proves this, the court can award the victim a broad range of relief as appropriate to the case, including a declaration, injunction, dismissal of the claimant's claim, damages, and costs and attorneys fees. 50
In order to recover damages or attorneys fees, the victim must have sent the claimant, at least 30 days before the victim files his or her action, a written notice explaining that the victim is a victim of identity theft. This notice should include a copy of the victim's police report or DMV investigative report. If the victim files a cross complaint, this notice can be part of the cross complaint. 51 This new law also provides for award of a substantial civil penalty against the claimant in limited circumstances. 52
N. Tools and References
1. Copies of Applications
Upon request by a victim of identity theft, most lenders, creditors, financial institutions, public utilities and cell providers must send the victim (or a law enforcement officer specified by the victim) copies of application forms and application information containing identifying information submitted by the identity thief in the victim's name, and a record of transactions or charges associated with the application or the account that was opened. The victims' request must be accompanied by a police report issued under Penal Code section 530.6 and proper identifying information. Copies must provided without charge. 53
2. Federal Trade Commission ID Theft Affidavit and Database
The Federal Trade Commission (FTC) has created an ID Theft Affidavit that victims can use to notify some companies where new accounts were opened in the victim's name. Using this form allows the victim to complete a single, standard form to submit to the companies that have agreed to accept it. These companies will use the information that the victim submits to investigate and decide the victim's claim. The Affidavit form and instructions for completing and using it are available through the FTC's Web site, www.ftc.gov.
The victim may decide to file a complaint with the FTC. The FTC collects complaints about identity theft from consumers who have been victimized, provides them information to assist in resolving financial and other problems that can result from identity theft, and refers victims to other government and private agencies for assistance. The FTC does not have authority to bring criminal cases against perpetrators.
The FTC holds complaint information in a secure consumer fraud database, and may, when appropriate, share victims' information with other law enforcement agencies and private entities. (See the List of Resources.)
3. Attorney General's ID Theft Database
The California Attorney General's office has created an Identity Theft Database to help victims of identity theft who have been wrongfully accused of, or associated with, crimes. 54 If you have been charged with a crime committed by another person using your stolen identity, or if your identity has been mistakenly associated with a record of criminal conviction, you can apply to register your name with this database.
In order to apply to the database, you must first obtain a court order verifying that you are the victim of identity theft.
Once your information has been confirmed, it is entered into the database and can be used to show others that you were not actually responsible for the crime. In addition, your information is submitted to the Automated Criminal History System, identifying you as a victim of identity theft, and directing law enforcement and criminal justice agencies to contact the Attorney General's office for further information concerning your registration. (See the List of Resources below under "California Attorney General's Office")
4. References on Dealing With ID Theft
"Coping With Identity Theft: What to do When an Impostor Strikes" (Privacy Rights Clearinghouse); "Identity Theft: What to do if it Happens to You" (California Public Interest Research Group and Privacy Rights Clearinghouse); "ID THEFT: When Bad Things Happen to Your Good Name" (Federal Trade Commission). (See the List of Resources below.)
IV. LIST OF RESOURCES
A. Victim Advice and Assistance
Privacy Rights Clearinghouse
3100 5th Avenue, Suite B
San Diego, CA 92103
Tel: (619) 298-3396 FAX: (619) 298-5681
Email: prc@privacyrights.org
Web: www.privacyrights.org
Publications include "Coping with Identity Theft," "Identity Theft: What to do if it Happens to You" (co-authored by CalPIRG), "My Social Security number: How Secure is It?" and "How Private is My Credit Report?"
Identity Theft Resource Center
P.O. Box 26833
San Diego, CA 92196
Tel: (858) 693-7935
Email: voices123@att.net
Web: www.idtheftcenter.org
Publications include information on prevention, financial and criminal identity theft, facts and statistics, contacting credit reporting agencies and starting local support groups.
California Public Interest Research Group (CalPIRG)
3435 Wilshire Blvd., Suite 380
Los Angeles, CA 90010
Tel: (213)-251-3680
Email: watchdog@pirg.org
Web: www.pirg.org/calpirg
Publications: "Identity Theft: What to do if it Happens to You" (co-authored by the Privacy Rights Clearinghouse), "What to do to Avoid Becoming a Victim of Identity Theft."
Federal Trade Commission
600 Pennsylvania Avenue N.W.
Washington, DC 20580
Identity Theft Hotline: (877) 438-4338
Web: www.consumer.gov/idtheft
www.ftc.gov
Publications: "ID THEFT: When Bad Things Happen to Your Good Name;" Online Complaint Form; ID Theft Affidavit
California Department of Consumer Affairs Office of Privacy Protection
400 R Street, Suite 3000
Sacramento, CA 95814
(800) 952-5210, (916) 323-0637 (Sacramento area calls)
FAX: (916) 323-8451
Email: privacyprotection@dca.ca.gov
Web: www.privacyprotection.ca.gov
www.dca.ca.gov
Advice and information regarding credit identity theft; referrals to other resources.
Department publications include Legal Guides DC-1 "What to do if You Receive a Demand of Payment from a Creditor or a Debt Collection Agency," DC-2 "Summary of the Fair Debt Collection Practices Statutes," DC-3 "Debt Collectors' Wrongful Conduct: Some Tort Remedies for Debtors," DC-4 "Checklist for Identity Theft Victims Who are Contacted by a Debt Collector."
California Attorney General's Office Public Inquiry Unit
P.O. Box 944255
Sacramento, CA 94244-2550
Tel: (800) 952-5225, (916) 322-3360)
Web: www.caag.state.ca.us/consumers/mailform.htm
General advice regarding credit identity theft.
California Attorney General's Office Identity Theft Registry
P.O. Box 903417
Sacramento, CA 94203-4170
Attn: ID Theft Registry
Tel: (888) 880-0240 (toll free)
Web: www.ag.ca.gov/idtheft
California Department of Motor Vehicles
P.O. Box 825389 MS# H217
Sacramento, CA 94232-3890
Attn: Driver License Fraud Unit
Tel: (866) 658-5758 (toll free) (916) 657-7489 (out of state)
E-mail: DLFraud@dmv.ca.gov www.dmv.ca.gov
For appointment: (800) 777-0133 or Web: www.dmv.ca.gov
Local Police Department
Look in the white pages of your telephone book under the "Government" listings.
Local County Bar Referral Service
Referral to local attorneys. Look in the white pages of your telephone book under "[ _____ County] Bar Association" in the "Business" listings.
B. Credit Reporting Agencies
[The following addresses and telephone numbers are accurate as of January 2002, but may change in the future.]
Experian (formerly TRW)
To report fraud: (888) EXPERIAN [(888) 397- 3742 ] (toll free number)
Fax: (800) 301-7196
Write: Experian Consumer Fraud Assistance, P.O. Box 2002, Allen, TX 75013-0949
Web: www.experian.com
To request report: (888) EXPERIAN [(888) 397-3742 ] (toll free number) Write: Experian, P.O. Box 2002, Allen, TX 75013
To dispute information: Call number in credit report or (888) EXPERIAN [(888) 397-3742 ] (toll free number)
To opt out of marketing and promotional lists: (800) 407-1088) (toll free number)
To opt out of pre-approved offers: (888) 567- 8688 (toll free number)
Equifax
To report fraud: (800) 525-6285 Write: Equifax, P.O. Box 740241, Atlanta, GA 30374-0241
To request report: (800) 685-1111, (800) 997- 2493 Write: Equifax, P.O. Box 740241, Atlanta, GA
30374-0241
To dispute information: Call number in credit report. Write: Equifax, P.O. Box 105873, Atlanta, GA 30384
To opt out of pre-approved offers: (888) 567- 8688 (toll free) Write: Equifax Options, P.O. Box 740123, Atlanta, GA 30374
Web: www.credit.equifax.com
Trans Union
To report fraud: (800) 680-7289, FAX (714) 447-6034 Write: Trans Union Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634
To request report: (800) 888-4213. Write: Trans Union, P.O. Box 1000, Chester, PA 19022
To dispute information: Write: Trans Union, P.O. Box 34012, Fullerton, CA 92831
To opt out of pre-approved offers: (888) 567- 8688 (toll free). Write: Trans Union, P.O. Box 97328, Jackson, MS 39288-7328
Web:
www.tuc.com
C. Direct Marketing Association
1120 Avenue of the Americas
New York, NY 10036-6700
Tel: (212) 768-7277
FAX: (212) 302-6714
Web: www.the-dma.org/consumers
Mail Preference Service
c/o Direct Marketing Association
P.O. Box 9008 Farmingdale, NY 11735-9008
Telephone Preference Service
c/o Direct Marketing Association
P.O. Box 9014 Farmingdale, NY 11735-9014
You may complete the appropriate forms online at www.the-dma.org/consumers. You must pay $5.00 (charged to your credit card) for each online registration.
D. Social Security Administration
To order your Social Security Earnings and Benefits statement:
(800) 772-1213 or www.ssa.gov/mystatement. Or visit your local Social Security office. (The Social Security Administration now sends these statements automatically to eligible workers age 25 and older each year near their birthdays.)
To report that your Social Security number is being used by another person to obtain credit or for employment purposes, call the Social Security Administration's Fraud Hotline, (800) 269-0271.
To locate your local Social Security Administration office, call (800) 772-1213, use the Social Security Office Locator at www.ssa.gov/reach.htm, or see the "Social Security Administration" listing under "United States Government" in the white pages of the telephone directory.
E. U.S. Secret Service
The Secret Service has jurisdiction over financial fraud cases, but usually does not investigate individual cases unless the dollar amount is high, or the victim is one of many people victimized by the same perpetrator or a fraud ring. See the "Secret Service" listing under "United States Government" in the white pages of the telephone directory, or visit the website at www.treas.gov/usss.
F. U.S. Post Office
The Post Office has jurisdiction over stolen mail, falsified change of address forms, and falsified passport applications. Postal inspectors are responsible for investigating these crimes. You can locate your local postal inspection service office by looking in the "Post Office" listing under "United States Government" in the white pages of the telephone directory, or by visiting the Postal Service's web site at www.usps.gov/websites/depart/inspect.
G. Telephone Service Provider
Many white pages telephone directories provide information on identity theft and steps to take if you become a victim. Check your local white pages to see if this kind of information is included. For example, the SBC Pacific Bell white pages includes information on identity theft in its Customer Guide.
Telephone service providers' websites also may have information on identity theft and prevention. For example, see www.pacbell.com.
If another person has established telephone service in your name with your telephone service provider, call the provider's fraud hotline number (often listed as part of the directory's identity theft information). For example, SBC Pacific Bell's fraud hotline numbers are (877) 202-4558 (English) and (888) 615-0743 (Spanish).
H. California Public Utilities Commission and Federal Communications Commission
The California Public Utilities Commission (CPUC) may be able to assist victims of identity theft who have been unable to convince their local telephone service provider that telephone charges were incurred by the thief. The CPUC may intercede on the victim's behalf in appropriate cases, but does not have regulatory authority in this area.
California Public Utilities Commission
505 Van Ness Avenue
San Francisco, CA 94102
Tel: (800) 649-7570
www.cpuc.ca.gov
The Federal Communications Commission regulates interstate and international communications by radio, television, wire, satellite and cable. The Commission can be reached at:
Federal Communications Commission
Consumer Information Bureau
445 12th Street, S.W. Room 5A863
Washington, DC 20554
Tel: (888) 225-5322 (toll free number)
www.fcc.gov
I. Check Verification Companies
To report that your checks have been stolen or that bank accounts have been opened in your name without your consent:
CheckRite (888) 276-0625 ext. 113
ChexSystems (800) 428-9623
Equifax (800) 437-5120
National Processing Company (800) 526-5380
SCAN (800) 262-7771
Telecheck (800) 710-9898
NOTICE: We attempt to make our legal guides accurate as of the date of publication, but they are only guidelines and not definitive statements of the law. Questions about the law's application to particular cases should be directed to a specialist.
Prepared by:
John C. Lamb, Legal Services Unit
March 2002
Statutory update, November 2002
This document is available at www.dca.ca.gov. This document may be copied, if all of the following conditions are met: the meaning of the copied text is not changed; credit is given to the Department of Consumer Affairs; and all copies are distributed free of charge.
ENDNOTES
1. "Identity-Theft Victims Struggle Against Rising Tide of Abuse," San Francisco Chronicle, February 11, 2001.
2. "Stealing People is Wrong," The Economist, March 10, 2001; Civil Code section 1786(e) (Statutes 2001, chapter 354 (AB 655 (Wright)). See Statutes 2002, chapter 915, section 1(c) (DB 1386 (Peace)).
3. Statutes 2002, chapter 915, section 1(c) (DB 1386 (Peace)).
4. Penal Code section 530.5 (enacted by Statutes 1997, chapter 768 (AB 156 (Murray)). This section has been amended and supplemented by Statutes 1998, chapter 488 (SB 1374 (Leslie)), Statutes 2000, chapter 631 (AB 1862 (Torlakson)), Statutes 2000, chapter 956 (AB 1897 (Davis)), Statutes 2001, chapter 478 (AB 245 (Wyland)), Statutes 2001, chapter 493 (SB 125 (Alpert)), Statutes 2002, chapter 254 (SB 1254 (Alpert)), and Statutes 2002, chapter 851 (AB 1219 (Simitian(). Statues 2002, chapter 907 (AB 1155 (Dutra))(Penal Code section 182(a)(6) makes a felony conviction for conspiring to commit identity theft subject to $25,000 fine.
The full text of section 530.5-530.8 is reproduced at the end of the endnotes section.
5. Civil Code section 1798.80 (Statutes 2000, chapter 1039(AB 2246(Wayne)).)
6. Civil Code section 1798.82 (Statutes 2002, chapter 1386(AB 1386(Peace)). New Civil Code section 1798.29 imposes similar requirements on state agencies.
7. Civil Code section 1785.20.3 (Statutes 2001, chapter 354(AB 655(Wright)), Statutes 2002, chapter 1030(AB 1068 Wright). These protections do not apply if one of the addresses is a military post office address.
8. "Are You a Target for Identity Theft?" Consumer Reports, September, 1997.
9. Credit inquiries that you did not initiate will normally be legitimate - such credit inquiries are part of the normal credit granting and reviewing process. You should focus on inquiries that you do not recognize, and check to be certain that they did not result in credit being extended to an identity thief.
10. Civil Code section 1725.
11. Civil Code section 1798.85 (Statutes 2001, chapter 720 (SB 168 (Bowen)), Statutes 2002, chapter 786(SB 1730(Bowen)).
12. The Privacy Act of 1974, Section 7, Pub.L 93-579 (set out in the Historical and Statutory Notes following 15 United States Code section 552a).
13. "Shop Safely Online," Federal Trade Commission, 2001; Direct Marketing Association Action Line Reports "Is Your Credit Card Number Secure When Shopping Online?" (February, 1999), "Tips for Cybershopping" (November, 1999), "Top 7 Tips for Smart Cybershopping" (November, 2000).
14. Penal Code section 520.6 (Statutes 2002, chapter 861(SB 1259 (Ackerman)).
15. 15 United States Code section 1681b(e). To opt out of pre-approved offers, call (888) 567-8688 (toll free number). This number serves the three major credit reporting agencies. (See List of Resources.)
16. Civil Code section 1748.12.
17. Civil Code section 1798.80 (Statutes 2000, chapter 1039(AB 2246 (Wayne)).
18. Statutes 2002, chapter 915, section 1(e)(SB 1386 (Peace)).
19. Penal Code section 530.5 creates the crime of "identity theft," defined as the willful obtaining of a consumer's personal identification information by another who uses that information for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services or medical information in the consumer's name without the consumer's consent. The full text of section 530.5 is reprinted on at the end of the endnotes.
The federal "The Identity Theft and Assumption Deterrence Act of 1998" prohibits the knowing and unlawful transfer or use of personal identifying information, such as a Social Security or driver's license number, with intent to violate a federal law or a state felony law. Violation of this law is punishable by up to 15 years in federal prison and an unspecified fine. (18 United States Code section 1028.) As required by this Act, the Federal Trade Commission has established a centralized complaint and consumer education service for victims of identity theft.
21. Penal Code section 786(b) (Statutes 2002, chapter 908 (AB 1773 (Wayne)). If the same personal identifying information belonging to one person is used illegally by the same defendant in multiple counties, the crime may be prosecuted in any of those counties.
22. Civil Code section 1785.16(k) (Statutes 2001, chapter 354 (AB 655 (Wright)).
23. Civil Code section 1785.15.3(b) (Statutes 2002, chapter 860 (SB 1239 (Figueroa)).
24. Civil Code section 1748.95, Financial Code sections 4002, 22470, Penal Code section 530.8 (Statutes 2001, chapter 493 (SB 125 (Alpert)), Statutes 2002, chapter 254 (SB 1254 (Alpert)).
25. Civil Code section 1785.11 (Statutes 2001, chapter 720 (SB 168 (Bowen)).
26. Civil Code section 1785.11.3(b) (Statutes 2001, chapter 720 (SB 168 (Bowen)). You may not be able to obtain a free copy of your credit report under this provision in addition to the maximum of 12 free reports described in the text accompanying endnote 28. (see Civil Code section 1785.15.3(b).)
27. Civil Code sections 1785.11.2-1785.11.6 (Statutes 2001, chapter 720 (SB 168 (Bowen)), Statutes 2002. chapter 786 (SB 1730 (Bowen)).
28. Civil Code section 1785.15.3 (Statutes 2002, chapter 860 (SB 1239 (Figueroa)). Until this new law takes effect, you may have to send a letter to each credit reporting agency every two-three months explaining that you are the victim of credit identity theft and asking that you be provided a free copy of your corrected credit report.
29. The credit reporting agency must give you a free copy of your credit report if you have been denied credit. Civil Code section 1785.17(b). In order to receive a free copy of your credit report, you must request it within 60 days after receiving the notice of denial. You may not be able to obtain a free copy of credit report under this provision in addition to the maximum of 12 free reports described in the text accompanying this endnote. See Civil Code section 1785.15.3(b).)
If you certify to the credit reporting agency in writing that you believe that your file contains inaccurate information due to fraud, the credit reporting agency must give you a free copy of your credit report. (15 United States Code section 1681j(c) (Limited to one free copy in any 12-month period.)
30. Civil Code section 1785.17(1).
31. Civil Code section 1785.16(k).
32. Civil Code section 1785.16.1 (Statutes 2001, chapter 354 (AB 655 (Wright)).
33. Civil Code sections 1747.06(a),(c).
34. Civil Code section 1747.05(b) (Statutes 2002, chapter 682 (SB 1617 (Karnette)).
35. 12 Code of Federal Regulations section 226.12(b).
36. If you report the lost ATM or debit card within two business days of discovery, you can be held responsible for up to $50 in losses, if any have occurred. If you do not give notice within the two business days, you can be held responsible for up to $500 in losses, provided that you report the lost card within 60 days of a statement showing an unauthorized electronic fund transfer. You are liable for loss only to the extent that giving notice within the two days would have avoided the loss. However, you can be held responsible for all the money that the thief takes from your account if you wait more than 60 days after the statement and the loss could have been prevented if you had given notice during the 60 days. (12 Code of Federal Regulations sections 205.6(b)(1),(2),(3). See Civil Code sections 1783.30-1748.3 1. Some debit card issuers may voluntarily limit liability for unauthorized use to $50 per card.)
37. If you discover that you have become the victim of identity theft as a result of driver's license or identity card theft, immediately contact your local Department of Motor Vehicles office for an appointment. At the time of the appointment, you must complete a statement describing the facts of the fraud, submit a copy of the police report (or a written statement explaining why you did not file a police report), and submit copies of canceled check, bills or letters from businesses or banks proving the fraud. You also will need to prove your identity with a document that has not expired, such as a US or Canadian passport, a resident alien card or a US military photo identity card. You may also use a California driver's license or identity card, even if it has expired. Contact your local DMV office for information on other acceptable documents. If you meet all of the requirements, DMV headquarters can issue you a new driver's license or identity card. ("Identity Theft: Have you Become a Victim of Identity Theft?" Fast Facts publication number FFDL 24 (2001) available at your local DMV office or at www.dmv.ca.gov/pubs/brochures/fast_facts/ffdl24.)
38. Penal Code section 529.7 (Statutes 2002, chapter 907 (AB 1155 (Dutra)). Any person who assists the thief or impostor to obtain the official DMV document also is guilty of a misdemeanor.
39. "When Someone Misuses Your Number," SSA Publication No. 05-10064 (June, 2001). See also "New Numbers for Domestic Violence Victims and Others," SSA Publication No. 05-100 93 (June, 199 9). These publications are available at www.ssa.gov/pubs.
40. To be assigned a new Social Security number, the number holder must provide evidence to the Social Security Administration showing that he or she is being disadvantaged by misuse of his or her Social Security number, such as:
- Misuse of the Social Security number that has caused the number holder to be subjected to negative economic or personal hardship; or,
- The number has been misused by another with criminal intent that has caused the number holder problems.
Generally, the evidence required is from one or more third parties documenting actual Social Security number misuses, as well as evidence documenting that the individual is being disadvantaged by the misuse.
For example, the number holder might be asked to submit a letter or other documentation from one or more creditors clearly stating that someone else is using the number holder's Social Security number to obtain credit, and a recent letter denying the number holder credit.
The evidence must show that the disadvantage is recent or ongoing (that is, the disadvantage has affected the individual within the past year or happened further in the past but continues). The evidence can show that the Social Security number misuse occurred in the past, but the disadvantage must be recent. Third party know ledge must include the basis for the third party's knowledge.
The number holder also must provide evidence as is required for obtaining an original Social Security number. (Social Security Administration, Program Operations Manual System ("POMS"), RM 00205.001, 00205.25.)
41. Penal Code section 530.5(c).
42. Penal Code section 530.5(b) (Statutes 2002, chapter 851 (AB 1219 (Simitian)).
32. Penal Code section 530.6(b) (Statutes 2000, chapter 956 (AB 1897 (Davis)), Statutes 2002, chapter 851 (AB 1219 (Simitian). The victim may petition the court, or the prosecutor may move, for an expedited judical determination of factual innocence. The court may hear and decide the petition or motion based on written evidence such as a police report, affidavits and other reliable information submitted by the parties or ordered by the court to be part of the record.
If the court finds that the petition is meritorious and that no reasonable cause exists to believe that the victim committed the offense, the court must find the victim factually innocent of the offense and issue an order certifying this determination.
A court that has issued a determination of factual innocence may vacate it at any time if the victim's petition or supporting information is found to contain any material misrepresentation or fraud.
44. Penal Code sections 530.6(a),(b) (Statutes 2000, chapter 956 (AB 189 7 (Davis)), Statutes 2002, chapter 851 (AB 1219 (Simitian)).
45. 15 United States Code section 1681s-2(a)(3).
46. Civil Code section 1785.25(a).
47. 15 United States Code section 1681s-2(a)(2).
48. If the debt collector has reported the debt to a credit reporting agency, the debt collector must inform the credit reporting agency that the debt is disputed once the debt collector receives the victim's written dispute. (15 USC § 1692e(8 ). See 15 USC §§ 1682 s-2(a)(2),(3).)
49. Civil Code section 1785.16.2 (Statutes 2002, chapter 1030 (AB 1068 (Wright)).
50. Civil Code sections 1798.92 - 1798.97 (Statutes 2001, chapter 354 (AB 655 (Wright)).) See these sections for notice requirements and other important details.
51. Civil Code section 1798.93(c)(5).
52. Civil Code section 1798.93(c)(6).
53. Civil Code section 1748.95, Financial Code sections 4002, 22470, Penal Code section 530.8 (Statutes 2001, chapter 493 (SB 125 (Alpert)), Statutes 2002, chapter 254 (SB 1254 (Alpert)).
54. Penal Code section 530.7 (Statutes 2000, chapter 631 (AB 1862) (Torlakson)).
TEXT OF PENAL CODE SECTIONS 530.5-530.8
530.5(a) Every person who wilfully obtains personal identifying information, as defined in subdivision (b), of another person, and uses that information for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services or medical information in the name of the other person without the consent of that person is guilty of a public offense, and upon conviction therefor, shall be punished either by imprisonment in a county jail not to exceed one year, a fine not to exceed one thousand dollars ($1,000), or both that imprisonment and fine, or by imprisonment in the state prison, a fine not to exceed ten thousand dollars ($10,000), or both that imprisonment and fine.
(b) "Personal identifying information," as used in this section, means the name, address, telephone number, driver's license number, health insurance identification number, taxpayer identification mumbler, school identification number, state or federal driver's license number, or identification mumbler, social security number, place of employment, employee identification number, mother's maiden name, demand deposit account number, savings account number, checking account number, PIN (personal identification number) or password, alien registration number, government passport number, date of birth, unique biometric data including fingerprint, facial scan identifiers, voice print, retina or iris image, or other unique physical representation, unique electronic data including identification number, address, or routing code, telecommunication identifying information or access device, information contained in a birth or death certificate,or credit card number of an individual person.
(c) In any case in which a person willfully obtains personal identifying information of another person without the authorization of that person, and uses that information to commit a crime in addition to a violation of subdivision (a), and is convicted of that crime, the court records shall reflect that the person whose identity was falsely used to commit the crime did not commit the crime.
(d) Every person who, with the intent to defraud, acquires, transfers, or retains possession of the personal identifying information, as defined in subdivision (b), of another person is guilty of a public offense, and upon conviction therefor, shall be punished by imprisonment in a county jail not to exceed one year, or a fine not to exceed one thousand dollars ($1,000), or by both that imprisonment and fine.
530.6(a) A person who has learned or reasonably suspects that his or her personal identifying information has been unlawfully used by another, as described in subdivision (a) of Section 530.5, may initiate a law enforcement investigation by contacting the local law enforcement agency that has jurisdiction over his or her actual residence, which shall take a police report of the matter, provide the complainant with a copy of that report, and begin an investigation of the facts or, if the suspected crime was committed in a different jurisdiction, refer the matter to the law enforcement agency where the suspected crime was committed for an investigation of the facts.
(b) A person who reasonably believes that he or she is the victim of identity theft may petition a court, or the court, on its own motion or upon application of the prosecuting attorney, may move for an expedited judicial determination of his or her factual innocence, where the perpetrator of the identity theft was arrested for, cited for, or convicted of a crime under the victim's identity, or where a criminal complaint has been filed against the perpetrator in the victim's name, or where the victim's identity has been mistakenly associated with a record of criminal conviction. Any judicial determination of factual innocence made pursuant to this section may be heard and determined upon declarations, affidavits, police reports, or other material, relevant, and reliable information submitted by the parties or ordered to be part of the record by the court. Where the court determines that the petition is meritorious and that there is no reasonable cause to believe that the victim committed the offense for which the perpetrator of the identify theft was arrested, cited, convicted, or subject to a criminal complaint in the victim's name, or that the victim's identity has been mistakenly associated with a record of criminal conviction, the court shall find the victim factually innocent of that offense. If the victim is found factually innocent, the court shall issue an order certifying this determination.
(c) After a court has issued a determination of factual innocence pursuant to this section, the court may order the name and associated personal identifying information contained in court records, files, and indexes accessible by the public deleted, sealed, or labeled to show that the date is impersonated and does not reflect the defendant's identity.
(d) A court issuing a determination of factual innocence pursuant to this section may at any time vacate that determination if the petition, or any information submitted in support of the petition, is found to contain any material misrepresentation or fraud.
(e) The Judicial Council of California shall develop a form for use in issuing an order pursuant to this section.
530.7(a) In order for a victim of identity theft to be included in the data base established pursuant to subdivision (c), he or she shall submit to the Department of Justice a court order obtained pursuant to any provision of law a full set of fingerprints, and any other information prescribed by the department.
(b) Upon receiving information pursuant to subdivision (a), the Department of Justice shall verify the identity of the victim against any drivers license or other identification record maintained by the Department of Motor Vehicles.
(c) The Department of Justice shall establish and maintain a database of individuals who have been victims of identity theft. The department shall provide a victim of identity theft or his or her authorized representative access to the database in order to establish that the individual has been a victim of identity theft. Access to the database shall be limited to criminal justice agencies, victims of identity theft, and individuals and agencies authorized by the victims.
(d) The Department of Justice shall establish and maintain a toll free number to provide access to information under subdivision (c).
(e) This section shall be operative September 1, 2001.
530.8. (a) If a person discovers that an application in his or her name for a loan, credit line or account, credit card, charge card, public utility service, or commercial mobile radio service has been filed with any person or entity by an unauthorized person, or that an account in his or her name has been opened with a bank, trust company, savings association, credit union, public utility, or commercial mobile radio service provider by an unauthorized person, then, upon presenting to the person or entity with which the application was filed or the account was opened a copy of a police report prepared pursuant to Section 530.6 and identifying information in the categories of information that the unauthorized person used to complete the application or to open the account, the person, or law enforcement officer specified by the person, shall be entitled to receive information related to the application or account, including a copy of the unauthorized person's application or application information and a record of transactions or charges associated with application or account. Upon request by the person in whose name the application was filed or in whose name the account was opened, the person or entity with which the application was filed shall inform him or her of the categories of identifying information that the unauthorized person used to complete the application or to open the account. The person or entity with which the application was filed or the account was opened shall provide copies of all forms and information required by this section, without charge, within 10 business days of receipt of the person's request and submission of the required copy of the police report and identifying information.
(b) Any request made pursuant to subdivision (a) to a person or entity subject to the provisions of Section 2891 of the Public Utilities Code shall be in writing and the requesting person shall be deemed to be the subscriber for purposes of that section.
(c)(1) Before a person or entity provides copies to a law enforcement officer pursuant to subdivision (a), the person or entity may require the requesting person to submit a signed and dated statement by which the requesting person does all of the following: (A) Authorizes disclosure for a stated period. (B) Specifies the name of the agency or department to which the disclosure is authorized. (C) Identifies the types of records that the requesting person authorizes to be disclosed.
(2) The person or entity shall include in the statement to be signed by the requesting person a notice that the requesting person has the right at any time to revoke the authorization.
(d) As used in this section, "law enforcement officer" means a peace officer as defined by Section 830.1 of the Penal Code.
(e) As used in this section, "commercial mobile radio service" means "commercial mobile radio service" as defined in section 20.3 of Title 47 of the Code of Federal Regulations.
Summary of Identity Theft Victims' Rights
Under California's Credit Reporting Act
(Quoted in part from the Act's summary of consumer rights. (Civil Code § 1785.15(f).)
["]You have a right to place a "security alert" in your credit report, which will warn anyone who receives information in your credit report that your identity may have been used without your consent and that recipients of your credit report are advised, but not required, to verify your identity prior to issuing credit. The security alert may prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that taking advantage of this right may delay or interfere with the timely approval of any subsequent request of application you make regarding a new loan, credit, mortgage, insurance, rental housing, employment, investment, license, cellular phone, utilities, digital signature, Internet credit card transactions, or other services, including an extension of credit at point of sale. If you place a security alert on your credit report, you have a right to obtain a free copy of your credit report at the time the 90-day security alert period expires. A security alert may be requested by calling the toll-free telephone number.
You have a right to place a "security freeze" on your credit report, which will prohibit a consumer credit reporting agency from releasing any information in your credit report without your express authorization. A security freeze must be requested in writing by certified mail. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or applications you make regarding a new loan, loans, and services from being approved in your name without your consent. When you place a security freeze on your credit report, you will be provided a personal identification number or password to use if you choose to remove the freeze on your credit report or authorize the release of your credit report for a specific party or period of time after the freeze in is place. To provide that authorization you must provide all of the following:
(1) The personal identification number or password
(2) Proper identification to verify your identity
(3) The proper information regarding the third party who is to receive the credit report or the period of time for which the report shall be available.
A consumer credit reporting agency must authorize the release of your credit report no later than three business days after receiving the above information.
A security freeze does not apply to a person or entity, or its affiliates, or collection agencies acting on behalf of the person or entity, with which you have an existing account, that requests information on your credit report the purposes of reviewing or collecting the account. Reviewing the account includes activities related to account maintenance, monitoring, credit line increases, and account upgrades and enhancements.
You have a right to bring civil action against anyone, including a consumer credit reporting agency, who improperly obtains access to a file, knowingly or willfully misuses file data, or fails to correct inaccurate file data.
If you are a victim of identity theft and provide to a consumer credit reporting agency a copy of a valid police report or a valid investigative report made by a Department of Motor Vehicles investigator with peace officer status describing your circumstances, the following will apply:
(1) You have a right to have nay information you list on the report as allegedly fraudulent promptly blocked so that the information cannot be reported. The information will be unblocked only if (A) the information you provide is a material misrepresentation of the facts, (B) you agree that the information is blocked in error, or (C) you knowingly obtained possession of goods, services, or moneys as result of the blocked transactions. If blocked information is unblocked you will be promptly notified.
(2) Beginning July 1, 2003, you have a right to receive, free of charge and upon request, one copy of your report each month for up to 12 consecutive months."
Return to Consumer Information
|
