“Too easy” for crooks, says man whose identity was stolen to open a loan account, buy now, pay later
Neill Bryce is shocked at how easily a crook has stolen his identity to take out loans on his behalf.
The Lower Hutt electronics developer discovered that someone had opened a Humm buy now, pay later account in their name when a debt collector contacted him just over a week ago, demanding to ‘silver.
Bryce checked with credit rating agencies and discovered that four more credit applications were made on his behalf to GEM (owned by Latitude Financial Services), Genopay, Zip and Layby Holdings, all of which spotted and blocked the attempt. of fraud.
When Bryce asked for answers, Australian company Humm, which has more than 2.3 million customers in Australia and New Zealand, revealed that the scammer opened the account in January using only his name, date. of birth, address and driver’s license number.
* KiwiSaver member hacked: we are already victims
* Tracking the data breach that gave scammers my credit card details
* Prison for the leader of the massive identity theft network
âIt’s too easy,â Bryce said. “They don’t even require the identification document, just the driver’s license number.”
âIt’s done online and you just type the number in a box. It does not provide identification.
The email and phone number the scammer gave Humm wasn’t Bryce’s.
Fraud and cybercrime are the most underreported of all crimes according to the Crime and Victims Survey.
Purchases were made using the Humm account in his name at JB HiFi and Rebel Sport for a total of $ 620, he says.
When Bryce called Humm, with whom Westpac in New Zealand signed an agreement to provide buy now, pay later finance to their customers, he was surprised at the response.
âThe first person I spoke to was really, really jovial about it all. I said, âIt seems to be pretty easy to commit this kind of fraudâ, and she said, âIt happens all the timeâ. I did not know what to say.
He later got angry when Humm said he reported the account as fraudulent within a day of opening it, but despite his address, he didn’t even appear to have sent him a letter alerting him to the fraudulent activity he had identified.
After being contacted by Thing, Bryce was called in by Humm’s deputy general manager Chris Lamers, who apologized, but was concerned the ad would provide a “how-to” for crooks wanting to defraud Humm.
In a written statement, Lamers said: âFortunately, incidents of fraud are incredibly rare, but when they do occur it can be difficult for the victims and for everyone involved.
âWe pride ourselves on working hard to eliminate fraud and we make sure there is as little impact on the victim as possible. We will always bear the financial cost of any fraudulent activity, ensure that their credit report is not affected, and we work with them to understand how the fraud may have occurred.
“Our systems and processes mean this is always a rare event, and in the past 12 months, only 0.03% of applicants have been fraudulent.”
Lamers said he paid an external anti-money laundering company to verify all the apps, but also ran them through its own fraud management platform.
Humm accounts must have a valid credit or debit card loaded on them, but Bryce said the one that was used on his account was stolen, making him think his identity thief was probably part of an organized group capable of finding stolen sources. as well as stolen identity information.
Humm also confirmed that he will not sue Bryce for the money stolen on his behalf and that he will cancel the debt collector.
Mike Stone, director of AML at DIA, said under AML laws, lenders like Humm are required to take reasonable steps to verify the identity of their customers.
“In a situation where a new customer is enrolled through an online process, there must be a robust mechanism to ensure that the person being treated remotely is the true holder of the identity that they claim to be,” he said. he declares.
While there have been relatively few small-scale AML prosecutions in New Zealand, Australia the penalties have been brutal.
In 2019, Westpac was hauled to the coals for AML failures, including a small number of child exploitation payments, which cost the bank AU $ 1.3 billion in fines, and the chief executive of Westpac, Brian Hartzer, his work.
In 2018, Commonwealth Bank of Australia, owner of ASB, paid a fine of A $ 700 million for AML violations.
Humm owner Flexigroup’s 2020 annual report to investors in the ASX equity market cited “failing to establish and integrate processes and tools to support customer identification and credit scoring” as the one of its major risks.
Bryce doesn’t know how the con artist ended up with his driver’s license number.
But, he says, driver’s licenses are commonly used as identification documents, so it could be a breach of privacy in an organization he has dealt with in the past.
It wasn’t until late last year that the law changed to require businesses and other organizations to notify people when a privacy breach may have exposed their information to crooks.
Already this year, Bryce had been contacted by an organization – his dentist – who had suffered a privacy breach in which some of his private information had been compromised.
Lyn McMorran, executive director of the Federation of Financial Services, which represents many non-bank lenders, said identity fraud is a cost to lenders.
They had lobbied the NZTA for controlled access to its database of driver’s license photos so that they could develop systems to match photos taken of people making online claims with photos in the database. data.
âWe discussed with the NZTA that a driver’s license is not just a license to get behind the wheel of a vehicle. It’s an important piece of identification, âMcMorran said.
âLenders should have access to their photo database,â she said.
Bryce says it’s been hard work to regain control of her identity.
He had to deal with each of the lenders, get a new driver’s license, and ask the three credit bureaus to place “deletion” labels on his file, so any lender would know he had been victimized. identity fraud.
He is also working to restore his credit rating.
âMy credit rating is now in the worst tenth of the population,â he says.
He has also filed complaints with police and regulators, including the Privacy Commission.
Fraud and cybercrime were identified as the most common form of crime in the Crime and Victims Survey, but also the least reported, with only 7% of victims bothering to notify authorities.
Bryce suspects it’s because people know that no action will be taken.
The police told him: âAfter carefully considering the circumstances and the information available, we are unfortunately not in a position to take further action at this time. “