I'm not sure if this is the right forum. If it's not mod please move. Thank you!

Well, I guess it would happen sooner or later. I just got a letter saying that my application for a Discover It card was denied...the issue is I never applied for one. I immediately called Discover, and they told me an application was submitted with my name and social. So my world came crashing down. I immediately (through calling and two computers at the same time) contacted all three credit bureaus (even though I didn't have to as they would forward the alert to each other) to set up a 90 day fraud alert. I got credit reports from all three agencies. Sure enough, there was two inquiries, one for Discover and one for Citibank. Conveniently, Citibank's new accounts team was closed for the night so I just called my card services to make sure that I did not have a new card under my name, which I didn't. I then rinsed and repeated for Chase and Amex. Fortunately, no new accounts.

So tl;dr, identity stolen, what to do from here? I guess I will file a police report and place a 7 year alert on my system...but that's going to make applying for credit such a pain in the ......no more instant approvals. Any suggestions?

Sorry for being all over the place...it's what my mind is right now.

P.S. also placed fraud alert for my wife just to be safe but she doesn't seem to be affected.

IIRC it's possible to temporarily unblock your credit reports if you want to apply for new credit. It's still a bit more hassle than if you didn't have them blocked at all but I think you should still be able to get instant approvals assuming your credit history in general is good.

(Disclaimer: I've never had to do this so I'm not 100% sure on the details. Maybe someone can confirm that I'm not completely wrong here?)

That's the reason you've flagged your credit reports - you don't want a criminal getting instant approval and getting new credit cards in your name sent to them. I've been the victim of identity theft before (a temp worker in personnel stole the identifying information on all city employees). Worst I had was a cell phone ordered in my name, but others had accounts set up at big box stores and appliances and computers ordered in their names delivered to addresses they don't live at.

I still applied for credit while the credit report flags were in place. I'd receive a postcard in the mail within a few days with the denial, then call in by phone, answer a few questions, and get approval. Yes, a little bit of a nuisance, but much better than dealing with closing accounts opened fraudulently in my name.

I'd take a look at the FTC website and think about reporting it there, also:
https://www.identitytheft.gov/

Nothing really. You did what you can.

At the minimum, you should be lucky that you sustained no damage as the result of the identity theft. SSA does not change your SSN solely based on the fact that you are a identity theft victim.

Once the fraud alert is placed, is there any way to confirm it? These credit bureaus are really bad at providing any sort of reassurance whatsoever.

This happened to me about 3.5 years ago. Only things stolen were Soc Sec. and birthdate -perhaps in dr's office (was being treated for breast cancer). They went to phone store, opened acct and bought 4 phones on the account. Got the bill 2 days before Xmas -some fun. No cc info-that would have been easier to deal with. Filed police report, and pay monthly to Equifax for monitoring -hate this but they file the fraud alerts w. 2 other credit bureaus evey 90 days. Since I am now on Medicare my SS# is on that damn card as well as on my husband's (he' got spousal SS) so I have great concern.
I try to remember to unlock my Equifax rept before applying, but generally I get a phone call to ensure that I made the app. Never been denied, but, yes, it is a bit of pain. Sometimes I just call them telling them I just made app and have fraud alert on acct. I think BofA Alaska gave me instant approval but that was only one I can recall.

Sorry to hear that. Has any more fraudulent activities occurred since the first purchase of the phones? Or do these fraud alerts actually work?

I also put security freezes on my bureaus too just to be safe...except Transunion. That website is dysfunctional even for a credit bureau.

No, I haven't had any fraudulent activity, thankfully. Out of curiosity, I looked in my file where I keep the incident report, and this happened in Dec. 2010. I actively started applying for cards sometime in 2011. When I apply for a new card (17 since 2011), in my "application excitement", I have often forgotten to unlock my report. So, I'm used to not getting instant approval, but I have not been denied on any application. My credit before and since has always been excellent (over 800), even after cancelling my oldest card from 1991 in the summer of 2012. My biggest problem now is reduction in income (retirement).

I didn't want to put an actual freeze on my credit reports because I understood the freeze/unfreeze process to be more cumbersome.

I've considered dropping the Equifax service due to price. I have been involved in several other potential identity theft situations that have offered free for 1 year services, and I have enrolled in them. But when I filed the fraud alerts in the first place, I was told that the thieves could have tossed the information after buying the phones, or they could have sold it, or saved it, and sometimes it could resurface months or years later. That is an unsettling thought. I often wish it had just been a credit card that was compromised. rather than my Social Security number.

Good luck, and may you not encounter any future negative incidents.

I'm not an expert regarding ID theft, but I've had some recent personal experience.

Regarding the CRAs/CRBs (Experian, Equifax, et al.), my understanding is that there is a fraud alert and a freeze. These are different. I believe a fraud alert is just that; it alerts parties that access your credit report that fraud of some type has been reported, and they are supposed to exercise appropriate caution before issuing any new credit. I have applied for credit after a fraud alert was in place on my credit report, and a rep for the issuing bank told me "it means we're supposed to contact you before processing your application," more or less. However they were able to see my credit report when they did a hard pull, and they were able to see the fraud alert, as well. A freeze prevents third parties from accessing your credit report. Doesn't it cost money to put a freeze on and also to remove it? That is my understanding. Fraud alerts are free, unless you go through one of those grifter organizations like LifeLock.

Regarding credit monitoring services, I use this kind of service but wonder how effective it is. From applying for a credit card and watching how long it takes for the monitoring service to advise me of a hard pull, my sense is that the damage may already be done by the time you respond to the alert. But at the same time, issuing banks require activation of a card, and unless the ID thief has a lot of information at their disposal, I would guess it is much more difficult to get a card issued fraudulently in this day and age. It's not like it was twenty years ago when they sent cards out that were ready to use without activation. In my limited experience, a far more common type of fraud is when they obtain the account number and CVV off a card, and use that for fraudulent purchases.

With recent data breaches, I gather the most common type of identity theft is now related to filing fraudulent income tax returns, mainly because the reward:risk ratio is so high. The IRS and various state-level equivalents are overwhelmed with this right now; the IRS says that it takes them at least 180 days to process a legit return when a fraudulent one has been filed, and in my state the Franchise Tax Board says they need at least four months for the same problem. Somewhat ironically, the IRS is the source of at least some of this.

In my own case, someone filed a fraudulent tax return at the federal and state level for me. I file early, but they filed earlier. When I learned of the fraud, I was able to create an account with the CA Franchise Tax Board at their "MyFTB" Web portal, and I was able to download a copy of the fraudulent state return. This was helpful, because it gave me an idea regarding what information the thief has. In addition, I was able to message the FTB regarding the fraud, and that saved me the hassle of dealing with a "tax due/pay or we'll pursue collection" notice that was generated by their computers in response to the fraudulent return. I will probably file a written request with the IRS to obtain the fraudulent Federal form, as well. As an aside, the FTB shut down my MyFTB account once the fraud flag was placed on my account, regardless of the fact that I had set it up after the fraud and had engaged in communication with them. But communicating with them, either by secure message or by phone, has been a whole lot more helpful than communicating with the IRS. Two separate phone calls to the IRS have been an utter waste of time; their customer service is so poor in these circumstances that they make the customer service folks at my cable company seem awesome in comparison.

In any case, it seems the IRS Identity Protection PIN thing is rolling again, so if you had a fraudulent return filed at the Federal level, it might be a good idea to apply for one, if only to prevent the same problem next year (another fraudulent return filed on your behalf). Of course, I did have an eFile pin previously, which I thought would protect me, but the IRS halted the use of them without directly advising any of the taxpayers that had used them previously, so it turned out to be of no value. My state revenuers have no way to prevent future fraudulent return filings other than a "fraud flag" designation on taxpayer accounts, whatever that means. I plan to respond by jiggering my withholding, so that I never have to wait for a refund from them again.

Aside from all of this, you may wish to open an account at IdentityTheft.gov.

Great points. However, they do not allow me to open an account at identitytheft.gov since I didn't actually lose any money. Apparently the theft of my identification info is not serious enough so they are telling me to wait until I get more f*d in the a* first. Crazy.

Based on what you said I am legitimately concerned about fraudulent tax returns now. When is the earliest I can file?

Also, I placed fraud alerts AND security freezes on my bureaus.

You don't need an account at the IdentityTheft.gov site to follow the steps they suggest.

You can file with the IRS as early as January 01, 2017 for the 2016 tax year, but for most people it's not totally practical, unless you're tracking everything yourself and don't need numbers from any forms (W-2, 1099, etc.). I do track all of that with personal financial software, but I still wait for the various forms to arrive in the mail and typically don't file until I have them all. If, in my haste to beat potential fraudsters to the punch, I file a return with some error(s), that could also be a hassle.

I think a better strategy is to 1) get an IP Pin from the IRS (and from your state revenuers, if possible), 2) make sure neither the Feds or your state revenuers owe you a refund, so you're not waiting interminably for it while they process your return, and 3) get a police report and send a copy to the CRAs/CRBs so they will put a perma-fraud-alert on your credit record, so you don't have to set one up every 90 days.

Dealing with a fraudulent return is much more of an annoyance when you're waiting for a significant refund to come back to you. But in my experience, jiggering the withholding so as to avoid a refund and a penalty (for underpayment) is a bit of an art, even when you track everything carefully. But it is worth pursuing, because when you owe them money, dealing with the fraudulent return basically means you file an additional affidavit with your legit returns. You sign it, you provide copies of your ID, and send it with the returns. Of course you pay them in a timely fashion, as well.

In this day and age, with the vast number of data breaches, and the exceptional reward:risk ratio associated with it, I'm guessing the fraudulent income tax return will continue to be a problem for a while. In the same way that you have two kinds of cyclists (ones that have crashed, ones that will crash), two kinds of computer users (ones that have lost data when a hard drive died, and ones that will lose data when a hard drive dies), and so forth, maybe there are two kinds of taxpayers: ones that have had a fraudulent return filed on their behalf, and ones who will.

My husband's SSN was used to file a fraudulent tax return in 2013 for 2012 return. We only learned about it because the fraudster altered the address by a slightly off street number that does not exist. We had an excellent mailman at that time and he delivered that IRS mail to us even though the address had an off street number.

IRS in that letter said the tax return was under review, and required some supporting documents.

We called and found out someone had filed an electronic return 1.5 month before our paper return (we always filed paper return), and claimed $3K refund. IRS somehow caught it and did not issued the refund check despite the stupid Congress had passed a law that required IRS to issue refund BEFORE all the pertinent information was received (employer's W2 could be turned in as late as June 30, for example.)

Our tax returns never would have a few K's refund as we pay estimate taxes every quarter, any extra, normally no more than a few hundreds, would go to the next year's est payment. That might be why despite IRS woefully lack of software ability, it still caught this fraudulent return.

Long story short, it took us almost 12 months to finally get the whole thing resolved, getting his ID back, and putting the rightful refund ($390) on our return to the next year's est payment. The case was resolved barely in time for us to file the following year's return which the $390 could be counted as est payment.

The work including filing an address change form to correct the altered address, numerous phone calls to IRS, and submitted TWICE the needed affidavit to IRS on husband's identity. IRS was soooo behind that the 2 affidavits sent in 3 months apart (we were told IRS never received the first one) were posted into their system on the same date! Though to the credit of some one who worked on the case, we did get a phone call from a manager from Austin office to inform us the case was resolved and that we could use the refund as est payment on the upcoming return. When asked if we would get a letter to confirm everything, she said probably not but assured us everything was fine now.

Eventually about 2 weeks later we did get a letter and a PIN for the subsequent year's return. We still receive a PIN each year. For 2016 filing time, the letter IRS sent, has a PIN but said to use 2014 PIN. Later IRS sent a letter on that mistake and said to use the PIN in the previous letter. Though that PIN is also a recycled PIN from 2013. IRS basically is at a mess in handling the ID theft. They dont have the enough manpower nor the technology to prevent / identify / handling the ID theft cases.

We suspect his ID was stolen in one of the health provider's office. There are numerous cases in South Florida of this type of ID thefts. The craziest one was about 200ish Firefighters/policemen's SSNs were stolen wholesale. There were also a lot of fraudulent tax returns - one court case showed a woman had over hundreds of tax refund checks sent to her address for a total value in the Millions that lasted for 2 years ... How in the world IRS system could not catch that is beyond me.

Astonishingly, other than the very aggravating experiences dealing with IRS, there is no fraudulent purchases / credit applied, during the period husband's SSN was stolen. We did not even bother to report to the credit bureaus as we figure we could easily see the unrecognized CCs popping up in the issuers account online. AFAIK, the only major issuer whose account online is not going by SSN is Citi. Chase/BofA/Barclays/CapOne, to name a few, all would automatically show CCs approved under the same SSN. So we decided to take a chance.

OP you have done all you could. Not much you could do more. If you can get a PIN for your next year's Tax Return, do so.

Sorry to hear of your travails.

Similar to your situation, when that phone account was opened in my name with the 4 iPhones charged to it, the bill had a street number just a bit off mine, but that number didn't exist so my mailman delivered it to me, or I would never have known the account had been opened.

Since paperless billing is all the rage now, I wonder if someone could open an account and set it up for paperless billing to some phony email address?

And, like you, I believe my info was stolen in a health providers office. OR, and this is unsettling, I was leaving on a cruise and called the bank in case I wanted to use my debit card at an ATM in port. The scam occurred during my cruise on what was the only sea day! Now the bank employee would have had access to my Soc. Sec.# and birthday.

As for fraud alert vs. freeze, the poster above explained how the fraud alerts work. If you set them yourself, you have to remember to renew them every 90 days. So for now I am paying for the service. Supposedly it also tracks my Social Security number on the web. Who really knows.

It becomes a bit of a who do you trust game. think you have done what you can.

I've always wondered about this, but let me offer a different perspective.

What is the point of reporting the identity theft compromise to the credit bureaus and the police? Will it help you get your money back, assuming you lost anything of value to begin with?

Also, with a fraud alert won't that reduce the chance of auto-approvals and/or make recon calls more difficult?

Fraud alert and police reports are more for prospective loss than incurred loss. I agree it's hard to get your money back, but does that mean you don't want to stop the bleeding?

Reducing the chance of auto-approval is a small price to pay (likely a phone call or two after the application) for the peace of mind that criminals will likely be deterred as well, imo.