ID Fraud Protection: Loophole to get it free discussion

illumin8r

So what is the difference between credit card protection and identity fraud protection? Or are they one and the same thing?

littlemoney

The Capital One web site now states:

"Capital One World MasterCard® customers, and any Capital One customers who opened their account before July 2011 benefit from our free Identity Alert Service."

It seems that only the World MasterCard has this free service now. Other Capital One cards not included.

OwenA

ardchattanruse wrote: »

I phoned Tesco today to confirm receipt of my credit card & also got their spiel about identity fraud. When I was able to say what Identity fraud was & that I shredded my information she then asked if I realised I could be held financially responsible for any fraud carried out in my name. So I asked her how many people had been held resposible for this type of fraud. Her first reply was that 275 people are victims of identity fraud each day - when I pushed her to answer my question, eventually her response was that as they could only give me factual information and as the number involved changes every day she wasn't able to provide me with that information. I did suggest that she could give me the figure for last year, but she still insisted that wasn't possible. To be fair to her I think even she realised it was a very lame excuse. Needless to say I declined her offer of identity theft protection. And then consulted MSE to check whether I should lok for protection elsewhere - I'm glad I didn't spend £80 unnecessarily!!:)

Rather than offer insurance perhaps Tesco could help to reduce ID fraud by improving its procedures.

In October 2011 I returned from overseas to find letters fromTesco asserting I had bought phones ‘on’ Vodafone and Orange. These had been intercepted, signed for and stolen. The Tesco website says phones will only be delivered to an address at which ‘your bank details are registered’ so I assumed the company had my bank details, even though it had used those belonging to someone else when setting up network contracts. When I contacted Tesco about phone delivery Iwas told an imposter must have had details of a card held in my name and AVS/CV2checks would have been done on this. As I had more than one debit card I asked Tesco for two digits from the sort code of the relevant card. The Tesco Phone Shop took nearly two months to reply and only did so after I contacted head office in Cheshunt. It then gave me the sort code of the account used to set up contracts, not the one on the card it said it had checked. When I pointed this out I was told no further comment would be made on the matter.

I was subsequently advised by the Information Commissioner’s Office (ICO) to make a Subject Access Request for the information the company held on me. Tesco did not reply directly to this request but passed it on to a sub-contractor, 20:20 mobile, which told me it had no information it needed to disclose. I therefore went back to the ICO who took the matter up and wrote to Tesco on January 7th 2013. Tesco said it never received this letter and it was March 27th before I had a response.

Enclosed with the response were print-outs of the applications made in my name. Although my name, address, gender and date of birth - all in the public domain - were correct the rest of the information was incorrect and there was nothing on the section marked ‘card details’ that could match any card I held. The letter itself did not give me the information I requested, referring only to the bank account details used to set up the contracts, not to supply of the phones. It did, however, state ‘We do not hold credit card details for each order as they are only used to perform an AVS/CV2check to pre-authorise an order’. I do not have a credit card and even if I did this would, of course, not give access to the address at which my bank details are registered.

It would be useful in combating ID fraud if Tesco kept a record of any cards used to identify addresses to which handset are sent. This would mean anyone who found their home had been under surveillance by criminals waiting to intercept a phone could immediately check with Tesco and not have the added worry of wondering which bank account had been used to authorise their dispatch.

Annouck

Owen A - thank you so much for posting about your experience. I also found out this week that I have been the victim of identity theft. Nationwide have been excellent and quickly picked up on multiple small transactions to mobile phone companies running credit checks. Sadly it looks like they are now buying the accompanying mobile phones via the Tesco website and again Nationwide have been excellent in refunding me £400 so far for this fraud.
One result of this is that I cannot yet carry out a credit check on myself to report any fraudulent activity on my report - you need a card to do that ironically! I also have a police report number. Importantly, I think that this may come back to haunt me in the months to come so your 'Tesco' post was interesting and I'll keep a copy of it just in case.
And to the git in Croydon (i'm in Cheshire) who tried to book movie tickets and a pizza on my card on Wednesday night - I hope it chokes you.

OwenA

Annouk - bad news about the money being taken out of your account. In my case no money was taken out of either of two possible accounts. Tesco said it could not tell me which one was used for the pre-order check as it did not hold such records. As gemma1986 rightly says (post 43 above) the law takes the view it was the company (in this case Tesco) that was the victim of ID fraud and not me. However, I was the one who was inconvenienced, probably had my house under surveillance by criminals and then had to deal with the network companies when they wanted money.
Tesco said the phones were sold ‘on’ Vodafone and Orange and passed my personal details to them. However, the only accurate details it provided were my name, date ofbirth, address and gender. These are all in the public domain and would have been easy to obtain, as they would be for most people, from a variety of sources.
A NatWest bank account that was to be purportedly used for the direct debit payments to the network companies did not belong to me and Tesco made no checks to see if it did. It said it believed that Vodafone and Orange would do their own credit check when my personal information was passed to them. As I understand it credit agencies do not have access to the name of a person who owns a bank account and it would be illegal for a bank to give that information to them under the Data Protection Act. Consequently, it appears the checks that Vodafone and Orange made were purely on the basis of the four personal details listed above and they then immediately sent out what they call ‘Welcome’ letters which were, in fact, ‘Onus’ letters. They put the onus on me to let them know if the NatWest bank account and my personal details were correct. Both companies must have been aware that Tesco had not checked to see if the NatWest account belonged to me and they could have written to ask me to confirm that it did (or if the owner wanted it to be used for payments for the account) before opening the network account. But they chose not to. Within a couple of days of returning from my trip I had a letter from Vodafone dated October 30th 2011 saying I owed £37.16 with a potential termination fee of £1,276.54. Orange soon began pressing me for money too.

Vodafone

Hi OwenA,

Could you confirm whether the account with us is resolved?

If it isn't could you email me with the relevant details via the link in our profile here?

All you need to do is copy and paste the link into your web browser and it'll take you to the Contact us form on our website. To make sure it reaches me could you also quote the code WRT135 - MSE in the subject line?

Once sent you'll receive an automated reply with a reference number. Could you update the thread with this and I'll get back to you as soon as possible?

Kind regards,

Lee

Web Relations

Vodafone UK

OwenA

The issue that needs to be dealt with (it may have been already) is the attitude Vodafone takes to information it accepts from Tesco and the checks it then makes. The only correct personal information provided by Tesco was in the public domain. As I had an excellent credit rating no ‘flags’were raised. As soon as Vodafone received the information from Tesco it started to treat me as a customer. It then began pressing me for money when the first direct debit payment was missed although it knew Tesco could not have checked whether the NatWest account belonged to me without directly contacting me.

So the question is - Has Vodafone now changed its policies so the default position is that someone will not be deemed a customer until they confirm to Vodafone they are the owner of the bank account against which direct debits will be drawn? I presume the present Vodafone policy can be posted so all readers of moneysavingexpert.com can see what it is.

On finding a 24 month contract had been opened in my name I sent Vodafone a letter saying the NatWest bank details did not belong to me and asked how, in these circumstances, a contract could be set up. I continued to try and get a straightforward answer to this question until September 2012 but never did although I was finally told the reason the NatWest bank details were not checked to see if they were mine was because;

There are no agreed verification agreements in place between companies (not just Vodafone but any company that offers credit of any sort) and the banking industry which would allow confirmation of the bank account details submitted.

I feel this is somewhat misleading. It implies a bank would be free to confirm 'bank account details submitted' if an agreement were in place between Vodafone and the banking industry, but the Data Protection Act would need to be changed too. As things stand any bank passing personal information to Vodafone without the permission of an account owner would be liable to penalties.

OwenA

I had hoped the Vodafone company representative would have replied to post 58 by now.

Perhaps I should point out the policy of Orange (run in the UK by Everything Everywhere) was the same as that of Vodafone.

During November 2011 despite contacting Orange by both letter (which the company later said it did not receive) and telephone I had two demands for payment. One asked if I had considered paying by direct debit, which would mean payment would be taken out of my bank account without my having to lift a finger, or lick a stamp. This was curious as the Orange Onus letter of October 3rd had said Thanks for paying your bills by direct debit. The second threatened disconnection and said if it did not hear from me fraudulent activity would be assumed and action taken. The letter also said disconnection will also affect your credit rating and your ability to receive credit in the future. I think this is quite a serious threat, especially at a time when one is constantly reminded of the importance of a good credit rating.

I rang Orange on December 1st and asked, for the fifth time, why an account had been opened in my name against bank details not belonging to me. This time I was told the volume of connections made meant it was not possible to make such checks. I was also told that no ‘Stop’ had been put on the process of trying to extract payment despite the fact that Orange had acknowledged, by letter, it had been told of the fraud two weeks earlier.

On December 20th I received a letter from Orange saying it accepted the account in my name had been opened fraudulently but, despite having considered my views about verification of bank details, the Orange position remains the same on new connections.

Correspondence was essentially terminated by Orange in April 2012. The company repudiated any responsibility for opening an account in my name saying it was;

..activated via a third party, connecting to Orange as the chosen network. Therefore, Orange cannot be held responsible for the identity checks performed via a third party company. Activation of accounts is an automated process and Orange are reliant on the third party providing the correct information within the systems.

But, of course Tesco, could not have confirmed that the NatWest bank account belonged to me without contacting me directly. And Orange knew this - or should have done.

I wonder if Orange has now changed its policies so the default position is that someone will not be deemed a customer until they confirm to Orange they are the owner of the bank account against which direct debits will be drawn.

Buzby

Where all his falls down is your assumption that anyone can 'verify' anything! If they are given a Sort Code and A/c the verification that the codes are valid is a successful debit - what you are asking for breaches DPA rules and impractical.

You are expecting that any bank will, on being asked to make a payment, to additionally disclose the name of the account holder and their address so this 'verification' can take place.

Or perhaps you would like the CRA's to hold this data too - so that firms could help themselves without you having to remember anything? Just think what could happen if you had the cheek to change banks!

Your issue is easily resolvable - if the data the network holds is false, you can demand its correction. If they don't fix it - complain to the ICO.

Vodafone

Hi OwenA,

Apologies for missing your reply of 16 June.

It's good to see that the account with us has been resolved.

In regard to how we handle customer information you can find further details within the Privacy policy section of our website. Due to the posting guidelines which company representatives are required to follow I'm afraid I'm unable to provide you with a link to it.

Thanks,

Lee

Web Relations

Vodafone UK