It seemed strange, when I was balancing my business account checkbook using Chase’s telephone system, that five checks I’d written weeks before to local businesses had yet to clear the bank. And calling to see whether the businesses had received those checks did not elicit good news. No, apparently five checks mailed at the Cherry Lane post office in West Fort Worth had never reached their destinations. A quick trip to the local bank branch and a heavy charge for stopping payment on those checks should have put this problem behind me.
Within a reasonably short time I received a letter from a federal prosecutor, informing me that some individuals had been arrested for mail theft and my checks were among the evidence. To the feds’ credit, those letters continued to come my way through the trial and conviction; a final letter said my checks would be forever held as evidence in the case.
JP Morgan Chase, on the other hand, renewed my stop payments on those checks a year later, once again billing me for the pleasure of protecting my money in their bank.
That was not the worst of it: JP Morgan Chase was hacked in August of 2014, the computer thieves making off with, according to the New York Times, “huge amounts of data, including current checking and savings account information.” If you remember this infamous hack, you remember that fingers immediately pointed in Russia’s direction. However, if you were waiting for JP Morgan Chase to send clients a letter explaining exactly what was stolen, or whether it might affect your own accounts — my wife and I have numerous accounts with Chase and their investment bank — I hope you didn’t hold your breath: Chase never sent one. Nor was any apology ever extended to those of us using their bank. Apparently, no one was concerned that alleged Russian hackers had made off with sensitive information on 83 million customers’ accounts.
Digital Access For Only $0.99
For the most comprehensive local coverage, subscribe today.
Oh, and it wasn’t a bunch of Russian hackers, either; it was part of a much larger Internet fraud scheme masterminded by Gery Shalon out of Israel. Apparently, he settled for a plea deal this past June, turned over $400 million of his ill-gotten gains, and now gets to move on, comforted by a net worth estimated by World Casino News as still around $2 billion. (WCN covered Shalon’s case because he also ran illegal Internet gambling websites.) But in 2014 this was considered the greatest breach of confidential financial data in the world.
Then it really got personal: My accountant notified me that when he tried to transmit my tax return for the previous year, the code came up showing it had already been filed. The IRS rejected my return he tried to transmit.
That’s right, someone had gotten my Social Security number and filed a false tax return to generate a cashable tax refund check. And, although whoever did this could not spell my name properly and obviously used a different address, occupation, and income, IRS computers are not set up to flag returns even if numerous database fields are completely different from those on previous returns.
That shouldn’t surprise anyone, in 2011 IRS sent 23,994 tax refunds totaling over $46 million to one, count ’em, one address in Atlanta. (A second Atlanta address received another 11,284 checks that year.) That’s right, there’s nothing in the IRS computer system that would flag 23,994 checks to one address as being somewhat unlikely to be legitimate. Come to think of it, my first question, upon reading that story, was why the postal carrier or post office wasn’t investigated. One would assume that the postman would question whether hundreds, or thousands, of tax refund checks going to the same location day after day might be illegal. Unless they were in on it.
The cost of protecting myself from this ID theft started jumping. Now it was thousands of dollars to hire a tax attorney to get the IRS to throw that phony tax return out and accept my legitimate tax filing. It was almost humorous; while most Texans scream and moan about paying taxes, I’m paying an attorney to force the Treasury Department to take my money.
It would take months, with me in limbo over my unfiled return, before the problem was corrected.
Then came the biggest hack of all, just last week: 143 million records out of the Equifax computers; as the media put it, “the credit files, Social Security numbers, addresses, and credit card and bank account numbers of 44 percent of the population of America.” Actually, that’s foolish statistic, because kids in first grade or Pre-K probably don’t have credit files — or, if they do, it’s likely they haven’t borrowed any money yet. So if one takes the 143 million stolen files by the number of individuals over 21 years of age, the correct percentage is that Equifax allowed the sensitive credit files of over 57 percent of all adult Americans to be stolen.
And as shocking as this story is, most are not fully understanding of the long-term consequences of what just transpired. Once someone has your Social Security number, name and credit score, it becomes quite easy to open new accounts in your name, or take out loans or mortgages. The first you know about it will be when you go to get new credit and you’re rejected for a large past due loan you knew nothing about, much like I found out someone had stolen my identity when I tried to file a tax return. True, you can file with the credit bureau to have those illegitimate accounts removed from your file, but the media is full of stories pointing out that it’s taken some a year or more to get their credit files corrected.
And if this is as bad as first reported it could hurt the ability of millions, the next time they try it, to purchase a car, home or boat or execute any other sort of credit instrument. Down on our Gulf Coast, or in Florida and with another hurricane coming, imagine someone trying to borrow money to purchase a car because their vehicle was totaled, only to find they can’t get a non-subprime loan because someone stole their information from Equifax and already used it. That’s not likely right now, because of the short period between the hack and needing to borrow money quickly, but there will be other problems in the future that may require using one’s good credit.
The Worst Part
This is not a new situation. The Department of Justice reported in 2012 that identify theft created financial losses of $24.7 billion in that year alone. Two years later the DOJ stated that 17.6 million Americans were victims of identity theft, or 7 percent of residents aged 16 and older. USA Today reported in February that identity theft hit another 6.15 percent of all adults last year. And now, stated again, the Equifax hack means the financial data of 57 percent of all American adults has been stolen in one heist.
It almost takes one’s breath away. But it also makes you question why Equifax bragged about its head of security in its SEC filing, not to mention paying him over $2 million in bonuses for the exceptional job he has performed. At least, right up to the point to where they realized he’d lost everyone’s most sensitive data.
Equifax’s remedy is no remedy at all. This problem is so overwhelming that every one of the 143 million individuals needs to freeze their credit files immediately. If it’s true that bank accounts were also stolen, they need to close and reopen new ones. At one point Equifax said only 209,000 credit card numbers were taken, but the reporting failed to say whether any cardholder or issuing bank would be notified. Or even whether that number is true in any way.
This is serious because, whether it’s a new home, shopping at department stores or purchasing a new or used car, America runs on credit. And sooner or later one of these heists will be put to use and potentially devastate the financial landscape. The only thing left to see is how much of our credit information is going to be fenced to people who intend to make the theft a reality instead of an abstract concept.
As mentioned in this column several times, many Americans’ creditworthiness started suffering in the late Eighties. So much so that, over 20 years ago, it took a completely new system of subprime loans to keep the automobile industry viable. And over the past 20 years the subprime market has evolved; in many cases it’s no longer the high interest, super-high down payment loans that once were the norm. (Dealers were often the ones kicking in those down payments, but they did it by marking up the prices of their used cars.) Still, even if you have a perfect credit score, or even a very good one, it only takes someone opening one credit card using your file, running up a tab and defaulting to make you appear to be a subprime candidate. Again, one can ultimately have all of this removed from your credit files, but it takes time and patience.
Again, though, these hacking and identity theft crimes have been going on for a very long time. Forty years ago, a salesman at a Dallas GM dealership was caught reading the obituaries and using dead people’s good credit to get living ones new car loans. A decade ago a friend who owned a leasing company got burned by ID thieves for a handful of new Mercedes he leased them. And anyone in the auto industry for any length of time can probably tell you a story about the customer who came in and tried to use someone else’s credit to purchase a vehicle.
The reality is that this type of crime has been going on so long that no one really cares about it, unless it happens to you. And the hacks are so common it literally took stealing almost everyone’s credit file in America to get a headline.
Then again, it wasn’t that long ago that the IRS sent 23,994 checks worth $46 million to one address in Atlanta. If that wasn’t the canary screaming in the mineshaft, nothing is.
One can see their free credit report at annualcreditreport.com, and then consider locking down your credit files to ensure that no one uses your information fraudulently. Then, once you’re protected, ask yourself how this has been allowed to keep happening for decades and why Congress hasn’t fixed the problem yet.
© Ed Wallace 2017
Ed Wallace is a recipient of the Gerald R. Loeb Award for business journalism, bestowed by the Anderson School of Business at UCLA, and hosts the top-rated talk show, Wheels, 8:00 to 1:00 Saturdays on 570 KLIF AM. Email: firstname.lastname@example.org