January 19, 2018

Reacting in an Identity Theft Crisis

by Melissa Izenson, Luper Neidenthal & Logan LPA

Identity theft affects 17.6 million people in the United States each year, at a cost of $15.4 billion in 2014.

Eighty-six percent of identity theft victims experienced the fraudulent use of existing account information, such as credit card or bank account information. Most victims did not know how the offender obtained their information.

The Fair Credit Reporting act (FCRA) sets out rights for victims of identity theft, and responsibilities for businesses. Businesses are required to provide identity theft victims with copies of records relating to the theft, and are required to do so within 30 days, free of charge and without a subpoena. Businesses who do not comply could be subject to an administrative enforcement action by the FTC or a State Attorney General, but cannot be sued by a consumer for damages for willful or negligent noncompliance. The court can, however, impose penalties of up to $2,500 per violation. So, it’s good practice to make sure you have policies in place for responding to victims’ requests for records.

First, know what types of records you have. Do you have credit applications, account statements, receipts, notes? You need to provide all types of records related to the identity theft. Also, understand that you cannot deny a victim’s request because you previously provided the records to the victim. Finally, you may ask for proof of identity, such as a copy of a government-issued identification, before turning over the records. You may also ask for proof of a claim of identity theft, such as a police report or an FTC Identity Theft Report.

If you’re ever stuck in the crosshairs of an identity theft crisis, consult a local business attorney.