Why do we need a binding impersonation code for lenders
Christchurch man Philip Nicholson’s credit score fell from an excellent 900 to an abysmal 300 after identity thieves managed to take over his Flight Center Mastercard and went on a frenzy expenses.
OPINION: Falling prey to identity thieves is an experience you wouldn’t wish on your worst enemy.
However, it is not just criminal acts that hurt victims.
The amount of help victims can get from lenders who have unwittingly lent money to scammers posing as them can leave victims feeling left behind.
Over the past few months, I’ve written about the experiences of three men who fell prey to scam artists who successfully deceived lenders and took out loans on their behalf.
* Man’s credit score destroyed by identity theft and lender’s inaction
* The secret “buy now, pay later” code of conduct that you are not allowed to see
* Identity thief victim ‘Mr Mucky’ asks lenders like Humm to beef up defenses
In each case, it seems, crooks had gotten their hands on some of the victims’ personal information, possibly as a result of cybersecurity breaches at another company they had dealt with.
The waters of identity theft are often quite muddy.
From the outside, it’s really hard to tell how effective lenders’ systems are at identifying identity fraud.
Fraud and cybercrime are the most under-reported crimes according to the Crime and Victims Survey.
My experience with banks is that their fraud systems are quite good at detecting suspicious transactions and blocking them. I’m not at all sure that the newer smaller lenders have particularly good identity verification systems.
Nor the Minister for Trade and Consumer Affairs, David Clark, who surprised me the other day.
The Buy now, pay later (BNPL) lenders asked him to let them regulate themselves.
“Several BNPL vendors have indicated that they will commit to verifying customer identities and conducting initial and ongoing checks as part of any industry code,” Clark told me.
This was, he said, already required by our anti-money laundering laws.
Confusing stuff. It almost seems that some BNPL lenders are not meeting their legal obligations.
Our ordinary lives are increasingly digital. This brings huge opportunities for lenders. They can grow upside down when borrowers can register for loans and extend loans online.
The trade-off must be that the defenses are strong enough to protect the public and that when we are victimized by identity thieves, they act proactively and quickly in our interests.
Over the years I have lost faith in lenders to self-regulate, and I would be surprised if the minister let them.
But any industry code (or regulation) it accepts should require BNPL lenders to meet minimum legal standards for verifying the identity of people they lend to and monitoring accounts for suspicious transactions.
They should be engaged to proactively contact people whose identities have been stolen, even if it took a bit of work.
It seems that lenders sometimes suspect someone of being the victim of identity theft or an attempted identity theft, without even telling them or trying to contact them to tell them.
In one of the three cases I mentioned, the victim discovered that several other failed attempts to take out loans had occurred and, to his knowledge, the lenders had not attempted to alert him.
This is not good enough.
It is not entirely clear that lenders are committed to proactively alerting credit bureaus to protect the credit scores of victims of identity theft.
There seems to be little advice given to victims on how to re-secure their identity, and there doesn’t seem to be a minimum timeframe to do any of this.
I would like lenders to provide details of crimes against them to victims of identity theft, so that they can use them for the police.
The three men I spoke to all scratched their heads about how they had been victimized and how the scammers deceived the lenders.
There is a very profitable business model in online loans.
We, the public, should expect to see some of that profit invested in our protection, and the Minister of Commerce should demand it.
- Keep an eye on your accounts, monitor your credit report
- Be very careful in your e-commerce
- Find out how to spot suspicious emails, texts and calls