All we never wanted to know about impersonation fraud

7 October 2009

It’s Rolf writing again for a change. Over the last few weeks I’ve had a horrendous time writing a research paper that was long overdue. An earlier draft of this had not made it through the internal review. I had tried to straddle the quantitative-qualitative divide by putting a bit of a story into the paper about the journey which led to the results I was presenting, and this didn’t go down well with some of the co-authors, who preferred a purely quantitative structure and style (this is just my interpretation, and there were other very valid points of criticism outside the realm of research philosophy). Anyway, I chucked some of the material out, added some more, reran two thirds of the compute-intensive experiments, dealt with a number of unexpected twists in the results, not to mention minor difficulties with the compute cluster, and rewrote the paper, which now looks like Phoenix risen from the ashes. You would think that all of this, on top of the non-routine work associated with moving abroad, should have been enough on my plate. But then I was reminded last week of the old saying “Isn’t it funny how just when you think that things can’t possibly get any worse, they suddenly do?”. Royal Mail forwarded a letter sent to our old address from Virgin Mobile, thanking me for the monthly phone contract I had recently entered with them. Only that, of course, I hadn’t. I rang them up, was put through to the fraud team straightaway and learned that, yes, someone else had clearly impersonated me to set up this account, and there were several patterns to the application that matched the typical ID theft. They had good advice for me, namely to check my credit rating with Equifax UK. Lo and behold, my credit report showed searches relating to purchases from Virgin Mobile as mentioned, but also O2 and Shop Direct Finance (formerly known as Littlewoods). The Shop Direct people were great, once I had managed to get through to them. The phone number that they provide for such situations — the only one they give out — cannot be connected if you happen to be outside of the UK. Sandra very kindly helped me out and rang them up on my behalf, and minutes later I had a call from them confirming that an order had been made in my name. The person had ordered a very fancy wristwatch by telephone, and they had asked for it to be delivered to a depot rather than a home address. This was suspicious enough for Shop Direct to cancel the order unilaterally. They even arranged for my credit records to have CIFAS protection. CIFAS protection is a flag that can be set on credit records, which prompts service providers to require extra proof of identity from prospective customers. I could have set this up myself, but it would have cost me £15. On to O2: dealing with them was a bit more troublesome — it took a while to explain that, no, I didn’t have an account number, and, no, I didn’t have an O2 telephone number, because all I had to go on was the entry in my credit report. Once I had made myself understood, it was plain sailing: the matter was passed to the fraud team and I received a phone call from a guy who assured me that the fraudulent account would be cancelled and the trace of the credit search erased (did you know that the very fact that a service provider has searched your credit record counts as a “black mark” against your credit worthiness?). On to Orange. No, I haven’t mentioned Orange before — they didn’t search my credit record (at least not through Equifax) — they just sent me an invoice for a Blackberry smartphone that I had never ordered. They were incredibly difficult: Birgit and I spoke to several “customer service advisors”, to be told various contradictory things, which boiled down to: “you cannot speak to the fraud team, they aren’t customer-facing”. “Not customer-facing”! How’s that for a euphemism — they have a fraud team, but they don’t give a toss about fraud victims. But persistence paid off: some advisors are apparently more competent than others, and if you ring Orange up a sufficient number of times, you will eventually find someone who will put you through to someone who can advise what to do in such a case: send the invoice back to the Orange Security Team, which will then investigate and cancel any services that have been set up by the imposter. Here’s to hoping. By the way: whoever was using my identity clearly wasn’t using my money. I’m not sure whether that’s a good or a bad sign. It means that they probably don’t have my bank and card details, but perhaps they have obtained credit somewhere in my name, bypassing the rating agencies… Anyway, knowing how good Thames Valley Police are (some may find this statement controversial, but I’ve had a host of good experiences with them), I rang them up as well. Now I’ve got a crime reference number and a promise that a specialized officer will investigate. I find this remarkable: identity fraud really must be all the rage, if the police force are designating officers specially to deal with this type of crime…

You may be asking, how did these criminals get my details? We think we’ve always been careful with our data, and we don’t think we’ve given anyone a chance by thoughtlessly filling out forms online or discarding unshredded paper. On the other hand, there are nevertheless a host of organizations that hold detailed files, and of course it doesn’t take more than one rogue employee. I guess when this happens it’s just bad luck. The damage so far has been relatively small — it’s cost me eight hours of my time and will probably take more, and I paid for the credit report and phone calls. There are stories in the press of people whose lives have been turned into a nightmare by some fraudster. It seems that we’re a little more fortunate, in that our imposters are neither particularly smart nor persistent — I suspect they’ve stolen a large list of identity data and are using each set in turn until it goes stale.

There is of course an upside as well — I may not have had a chance to tell a story in my research paper, but I certainly got to tell one here 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: