It’s way past time for banks to start taking responsibility for issuing fraudulent loans. If someone else takes out a loan using my information, it shouldn’t even remotely be my problem to help clean up, and it shouldn’t involve me at all. This is between the bank and the fraudster.
Even the term “identity theft” is slimy: deftly deflecting blame from the negligent bank, trying to draw an unrelated 3rd party into the mix by nominating him as the “theft victim.”
In a just world, companies such as this lender would not only lose the money they loaned, but would be liable for the vast amounts of time and grief they caused a completely unrelated individual.
Only then might we get a financial system which is robust against ID theft. While the costs are externalized to countless individuals, nothing will change.
I wonder at the likelihood of success if this person were to sue the company in his local small claims court for a claim at N hours multiplied by $80 per hour to fix the problem. At the minimum it would require them to hire local counsel to show up and answer a statement of claim.
Sounds like a startup opportunity. There’s enough victims out there that should be compensated for their grief.
I would like to sue for the mortgage interest rate increase a fraudulent bank account cost us when buying our house.
There really should be an investigatory process when credit is fraudulently taken out in someone else's name.
How did the company get duped into making the loan? If the answer is something like "we treated an SSN as identification", that company should lose the right to be a credit issuer.
Serious question for any lawyers out there: why isn't there more serious recourse for consumers when credit agencies commit libel?
If Equifax issues a report saying that I owe X, and I contact them with proof that this was a fraudulent loan, and they continue issuing that report... how is this not criminal libel?
Being brutally honest: because Equifax and similar agencies always engage in politics. They lobby politicians, they have people on staff on alert should any legislation related to this topic come up, etc. Angering these companies carries political costs.
The typical individual is not engaged in the political process, and if they pay attention to this subject, they do so for an ephemeral amount of time. Individual voter's anger has no consequence.
Our system is optimized to privatize gains and socialize losses.
Regulatory capture through the "Fair" Credit Reporting Act. Go read it - they've legislatively exempted themselves from the standard time-honored tort! Similarly to how medical providers can nonsensically create post-facto arbitrary bills instead of needing to create contracts like every other industry.
Curiously, political pushes for reform never advocate for getting rid of the corrupt laws, but rather creating a whole new regulatory regime whose corporate giveaways will only become apparent down the line.
15 U.S. Code § 1681e(b) reads "Whenever a consumer reporting agency prepares a consumer report it shall follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates."
I know that courts move slowly and judges are often depressingly technological illiterate, but I have absolute confidence that I could put together an incredibly convincing panel of experts who would define "reasonable procedures" in a way that would run wholly afoul of the SOP of the major credit reporting agencies.
So don't let me stop you? In general courts are going to have their own standards for such things that differ from your plain language reading, and a stack of paperwork from the surveillance companies' auditors will suffice to meet it. But by all means, go for it!
By my quick non-attorney reading I think you'll be arguing under 1681o, and still stuck showing actual financial damages for having been denied a loan or whatever. Point being they've legislated themselves out of the straightforward tort of libel by 1681h (e).
Similarly to how medical providers can nonsensically create post-facto arbitrary bills instead of sticking to contracts like every other industry.
While medical providers do seem to take this to ludicrous, my understanding is that there's an underlaying common law principle concerning actions taken on behalf of someone in an emergency, and it's not just medical providers to whom this applies.
Two true stories...
When my partner was pregnant, the OBGYN's office would send us small little bills despite us having paid our copay's. The bills ranged from $40-$200 and did not indicate what the bill was for, listing it as something generic "misc services" for instance. I called down there once and asked what the bill was for and the person I spoke to could not tell me. So, I didn't pay any of them switched OBGYN's.
Second story, the partner had incredible stomach pain... we ended up in the ER, paid the co-pay, etc. A couple months later I get a bill for 1k for seeing an out of network doctor. I call the insurance company and ask if that's correct and this is what they told me: That the hospital had a habit of sending out fraudulent bills, and that they had a legal settlement with them that they weren't even allowed to contact the patients directly.
It was literally just a cash grab.
Yes, "unjust enrichment". But it doesn't entitle one to imagine arbitrarily exaggerated prices and demand reimbursement based on them.
One reason is because the Supreme Court held in late 2020 that unless you can prove you were actually--not theoretically--harmed by an exact instance of an entity covered under the Fair Credit Reporting Act, you do not have standing to sue.
> Held: Only a plaintiff concretely harmed by a defendant’s violation of the Fair Credit Reporting Act has Article III standing to seek damages against that private defendant in federal court.
Per the Court, this means something like you were provably denied credit on the basis of the incorrect reporting, and you either didn't have an opportunity to explain yourself or your explanation was not accepted in favor of the information from the credit reporting agency's information. This is a very, very high bar to clear and is made even more difficult by the fact that almost any agreement of substance includes a mandatory binding arbitration clause. Thus, you don't even get the chance to go to court.
(Many businesses lauded here on Hacker News have such clauses, so even the "good" entrepreneurs can't resist taking away rights to the courthouse from their users.)
More coverage and links to the decision at SCOTUSblog: https://www.scotusblog.com/case-files/cases/transunion-llc-v...
I'm not sure that ruling really has the impact you say it does here. That ruling held that of the 8,000 plaintiffs in the class action suit, only 1,853 had standing because their incorrect credit reports were actually sent to businesses. The remaining 6,332 did not have standing because although their files were incorrect, this incorrect information was never transmitted to anyone (I am getting this from scotusblog coverage). I wouldn't call this a very, very high bar to clear.
Serious answer (I am not a lawyer): partly because the threshold for libel is really high in the US.
Partly because there is also some procedure for challenging credit reports. I'm going to try and find the blog post about it...
I don’t think Equifax is saying that “you owe X to lender Y”. They’re saying that “lender Y has reported that you owe X”.
Because the court system has become a pay to play scheme where if you have more money than your opponent, the courts will provide an advantage to the one who is profiting from corruption than the ones being taken advantage of. Even representing yourself pro se does not come without a significant burden where judges will clearly tell you that you are disadvantaging yourself by doing so, and the laws are so complex that often they could care less what is fair rather than what a previous judge decided a long time ago back when racial discrimination was prominent.
Why isn't the Bank of America account in his name? I was under the impression that know your customer laws would require them to match up the individual taking the loan and the individual holding the bank account.
Is it really just a simple as an ACH transfer?
KYC laws just require that the source and destination accounts are tied to individuals whose identities are known, not that they are tied to the same individual.
Why not just outlaw loans with interest rates above some reasonable limit rendering the obligations void and the very attempt of offering such a loan a crime?
These loans are illegal in most states however the loan sharks have paid individuals associated with a native american tribe to "own" the company in an effort to claim tribal sovereignty much like casinos like to do in states where gambling laws aren't favorable. The state may set an upper limit on these usurious loans but if an individual tribe has not then they can run the business under the jurisdiction of the tribal council even though most of the people getting these loans legitimately are not a member of the local tribe.
What're the best practices for dealing with this if one is a victim?
What a nightmare!
This sentiment is summed up perfectly in a Mitchell & Webb Sound titled Identity Theft[1].
1 - https://www.youtube.com/watch?v=CS9ptA3Ya9E
It's almost as if.. The power to mediate loans from fed interest rates to an arbitrary rate should come with.. The responsibility to ensure that the loan went to the right person.
They decided who the loan went to, so why is it someone else's responsibility if they got conned?
>It’s way past time for banks to start taking responsibility for issuing fraudulent loans.
That sounds nice and all, but what would that actually look like in terms of legislation? Legally speaking you're already not responsible for fraudulent loans, and the onus is on the creditor to prove that the debt was actually yours.
Legally, yes. In practice, debt collectors (which originators of debt of all sorts will quickly dump unpaid debt onto, even medical providers who don't want to wait for patients to cough up the funds due) will take advantage of unsophisticated/financially illiterate citizens to coerce payment, even if there is no obligation to pay.
The fix is straightforward: require evidence of the debt upfront, and if you're attempting to collect on debt you can't verify was agreed to by the person you're pursuing, damages are substantial (say, $1M per occurance). Make reporting of violations via the CFPB frictionless.
You will see debt originators rapidly standing up robust identity proofing systems (having customers come into a branch with their IDs), and asking Congress to legislate their implementation (Login.gov and similar for private enterprise, with the end game being a usable national ID system such that Estonia has [1]).
Tangentially, current risk management in this space between identity and finance sucks. I worked with someone to get liens off their Lexis Nexis Risk Solutions report (which mortgage originators use for compliance purposes with conventional mortgage underwriting guidelines as it relates to foreclosures and real estate fraud) that were on their report for almost 8 years in error. It took a CFPB complaint for Lexis Nexis to remove them with citations from an attorney to state statute, and this data isn't classified as consumer reporting, so it's almost impossible to obtain financial recourse/damages for these occurrences.
[1] https://privacyinternational.org/case-study/4737/id-systems-...
[1] https://news.ycombinator.com/item?id=29980189 (HN thread of the above link)
> Make reporting of violations via the CFPB frictionless.
Totally agree.. but sending a debt validation letter is already pretty simple. In most cases you can send the scumbag collector a barely-modified form letter and that’s that. I’ve done this twice and it’s pretty painless, but in a perfect world, I wouldn’t be involved at all!
Banks need to be forced to stop considering
…to be equivalent to a person, for the purpose of issuing loans. It’s total madness, and honestly I’m shocked that this kind of fraud isn’t even more common.That and
…is enough to withdraw money from my bank account thru ACH! Also lunacy. How are banks allowed to be so crappy?Legislation, plz.
> Walk out onto a public street. Ask the first 3 people you come across if they know how to send a debt validation letter. Report back. One should not need to have knowledge with consumer credit laws and regulation to navigate exceptions; it's citizen hostile and a developed economy anti pattern imho. Fail citizen safe.
By that logic, other things that are antipatterns:
* most laws (do you think "the first 3 people you come across" would know the difference between murder and manslaughter?)
* programming APIs (ie. the trope of programmers having to search up usages for basic library functions)
* most basic life tasks (this can be literally anything. even how to cook. if your parents didn't teach you, and you couldn't search on the internet, most people would be toast).
>Agree about ACH. The Fed's FedNow instant payment system due out next year should deprecate all that is trash about the ACH rails (switching to a push from a pull model being one of said deficiencies).
Are they actually going to get rid of ACH though? It's all pointless if they still have ACH for legacy reasons. Take our EMV implementation. Not only do we have "chip and signature" if the chip fails to read three times most readers just fall back to mag stripe.
The complaint system isn’t too terrible to use - at least when I last tried it out for a credit reporting dispute. You’ll likely get a reply from the institution in a week or so, and if they don’t reply in a timely manner it’s a red flag:
https://www.consumerfinance.gov/complaint/getting-started/
> if you're attempting to collect on debt you can't verify was agreed to by the person you're pursuing, damages are substantial (say, $1M per occurance)
Congratulations, you just outlawed uncollateralised lending to everyone but the super rich.
The core idea is sound. But link the payout to actual costs and damages.
Uhm, I don't think that outcome is a bad thing at all. There should be very few and ideally no reasons you have to go into debt, except for high-value long-term purchases. And these are typically things that can sever as collateral (think houses, cars). Heck even computers and phones nowadays have significant resell value.
Come to think of it, except for medical bills, I really don't know what an uncollateralized loan would be for and which I'd consider a net-positive. And before you come back to me with medical bills: Fix your health insurance system and that problem goes away...
> Propose a penalty that is sufficient to deter unscrupulous behavior but not so excessive as to cause lenders to flee the market entirely
Treat it as you suggest: a KYC/AML failure. Public reporting requirements. Liability to the injured (for actual damages). And, if a pattern emerges, license restriction and eventually revocation.
A $1mm mandatory penalty will force lenders to settle. (Nobody will spend $100k proving they properly made a $25k loan with a $1mm penalty if they’re wrong or unconvincing.) When customers know that, you get adverse selection. That would shut down the market.
There are a lot of people in the USA without proper identity documentation, or who live under the identity of someone else.
I know brothers who share a passport and driving license, and do just one lot of taxes between them.
Tightening up identify verification laws will further exclude these people, and may be a net loss for the nation.
Sorry, are you saying that criminal impersonation should be legal, because making it illegal excludes people and may be a net loss to the nation? If they want to be included, surely they can just be honest about who they are.
> European and developed world thing and use IDs with proper identification methods
You obviously have no idea what you are talking about. Perhaps "Europe" to you only refers to some rich Scandinavian countries?
In Eastern Europe ID cards are frequently issued solely on the basis of witness statements, fraud is very common.
There are probably hundreds of thousands of "fraudulently" issued European passports in circulation. If you go walk near embassies in Chisinau, you'll be approached a plenty of people offering to help you procure one.
Even the UK has struggled with this https://www.bbc.com/news/uk-58876645
>And why would you live under someone else's identity? Isn't it identity theft?
Because you don't have your own, there are a plenty of Europeans who have never even had a birth certificate (or lost theirs).
Because yours comes with the wrong nationality, a semipermanent black mark that prevents you from seeking normal employment.
Strengthening identification is a non-starter until the US has something similar to the GDPR, and the surveillance industry has been massively reigned in. Right now it's a feature that the average person balks when asked for personal identifiers like social security number, otherwise things like grocery store discount cards would insist on positive identification. If we had a universal smartcard for ID, imagine having to swipe it for every single fucking transaction.
Maybe because you were never given an identity at birth? Or you are in the country illegally? Or you are trying to escape debt or the law or someone wanting you dead? Maybe you lost all your id documents in a fire and don't have anything left for the government to reissue you an ID. Maybe you've just forgotten who you are due to illness.
Plenty of reasons, some more legit than others, but there are a large number of people in this position.
> How is excluding tax frauds a "net loss for the nation"?
Calling this tax fraud is... I guess true, but kind of odd and silly.
Two people making $X/2 will in almost all cases pay more taxes while receiving fewer benefits than one person making $X. If you wanted to pay fewer taxes, you wouldn't use this scheme except in a few strange edge cases. I don't think the brothers are sharing a passport, a driver's license, and tax filings in order to reduce their tax bill...
(Reading between the lines, since you didn't seem to pick up on it: one of the brothers is an undocumented immigrant. The goal is not tax minimization... the two brothers are paying more taxes while receiving fewer benefits in order to avoid deportation of the undocumented brother.)
Legislation to broaden access for the unbanked and legal docs for non-citizens is the way to solve that use case, not enabling illegal credential sharing to obtain money as a use case (in my opinion)
> living under the identity of someone else
Quite sure most people, the vast majority of people would rather this be tightened up just for the fact that they don't want to have others living under their identity.
As for brothers sharing a passport, I doubt that these laws would affect them the same way, especially if they're twins and pass for each other. But then, just because they can do so, doesn't mean that they should.
Very simple: any contract between a financial institution and a third party is rescinded and null in whole if the third party was represented by someone else, without power of attorney. Full stop. Burden of proof on the bank to ensure this. They already have a huge apparatus in place to verify creditworthiness and identity. Any attempt to collect once such a complaint is filed should be illegal before it is resolved.
One easy, but indirect, fix would be to remove the legal special casing that exempts credit reporting companies from libel laws.
That would force a number of other changes, and I think they would mostly be positive. Those whose businesses depend on high-volume easy credit may disagree.
> One easy, but indirect, fix would be to remove the legal special casing that exempts credit reporting companies from libel laws.
I wonder if this can be bypassed by a warrant canary (or repayment canary)? Basically instead of having creditors report that you defaulted on your debts, creditors will just report whether you opened/closed a line of credit, and whether you're current on it. If you aren't current, then the algorithm assumes you're delinquent. Since you can't compel speech (first amendment), you'll have a very hard time forcing companies to do something.
Has the legality of a warrant canary ever been tested? Commenters on this site often mention that the law is not executed by machine, and so it seems a court would see through this charade.
As far as I understand, the major effect of identity theft on the person is the problems with their credit score and thus all kinds of other credit-related activities while the issue is being resolved. I think that at least in parts of Europe the legal solution is a requirement that lenders must get these fraudulent loans off the credit reports within a fairly strict time limit when they're contested in a simple, standardized way, so even if some investigation takes a long time, that does not affect your creditworthiness during that time.
Legally speaking I had someone take out a fraudulent PACE loan which the administrative agency then used to put a lien on my property taxes and I’m still fighting to get that money back.
Not necessarily a common problem, but this kind of stuff can pop up in surprising ways where the victim is left cleaning up the mess of the financial institutions involved.
BofA account receiving money was NOT HIS!
It would be very easy to verify and confirm for a bank.
This should be the end of the story. If bank would've been on a hook - they'd look way more carefully on it.
Is it possible to sue for damages as an innocent bystander in these cases? I'm guessing damages are small and not worth pursuing, but is it legally feasible?
Completely agree, and I've worked at fintech companies that issue credit products.
Yup.
And also on-point, when are management and coders going to realize that much data should be treated as toxic waste and destroyed, rather than kept forever, just in case we might want it?
This guy had an ID theft, prevented it from going forward, but the payday lender had his info in their DB, and so the second time around somehow actually authorized the bogus loan. If they hadn't stored the info from this person who would NEVER deliberately be a customer, the bogus loan would not have happened.
And all that trouble caused so some thief could net a measly $1000.
yup