By Robert L. Cain

By the time the Tucson police pulled her over, Randi Marie Hartjen had severely damaged the credit of six Phoenix-area women using stolen identities to rent or purchase six vehicles. How she did it shows how easy it is for someone to take over the credit of another person.

Since the institution of the EMV chips in credit cards, credit card fraud has diminished, but bad guys always find a way. Of course, as we would suspect, online sales using stolen credit card information have increased some. Crooks buy things online with stolen cards and have them shipped to a UPS store or other neutral site so the owner of the card won’t wonder where that package came from and won’t see the charge until the bill comes.

Many companies and industries are easy victims of account takeover because they “have had little reason to invest in the tools, tactics, and personnel to effectively prevent, detect, and resolve fraud,” said Al Pascual of Javelin Strategy & Research in an article in Enterprise & Cloud, March 18, 2019. As a result, they are easy targets.

It’s a relatively easy process. Most of the time, they need only a Social Security Number, name, and address. But in many cases, as shown by Ms. Hartjen, you don’t even need a Social Security Number. She stole six vehicles from companies using stolen driver’s license information. Three of the vehicles came from Enterprise Rent-A-Car and three from Carvana. She rented the cars and never brought them back. With Carvana, not even a credit card or Social Security Number is required. I went to their website to see how they operate. They sell cars online and offer prequalification explaining “When you pre-qualify with Carvana, you see real, personalized terms without affecting your credit score. We do not complete a formal credit inquiry until you place an order with your Carvana Financing.” I partially filled out a pre-qual form online (using dummy information, of course), just to see what they asked for. They never asked for a Social Security Number to check credit, but they implied that on their website. So all Ms. Hartjen had to do was show up with a phony driver’s license and drive off with a free, seven-day trial drive. Then she just didn’t bring the cars back and disappeared.

Here’s how she did it. Once she had the correct driver’s license information of the women she took over the accounts from, she simply went to DMV and changed the address on the license then got to renting, test driving, and stealing. Smooth sailing from there, at least until she saw the flashing blue lights in her rear-view mirror.

That was just to steal cars. If a crook has someone’s Social Security Number, opening new accounts is a piece of cake. Half of all identity theft involves credit card fraud. Once they steal someone’s Social Security Number, they can open new credit card accounts and turn them into cash. And it can all be done through the mail. Some 200 million people get credit-card offers in the mail and dutifully throw them in the recycling bin. Bad guys root through that and presto, they have everything they need to get themselves a new credit card in the name on the application. The banks sent out the pre-approved letter, so they don’t look too hard at them when they are returned dutifully filled out. Within 10 days, a crook has a new credit card ready to cash in on.

Do it online or on the phone, and it’s just as easy. Using a public computer terminal, so the IP address doesn’t help the authorities any, and a burner phone, the thief is anonymous. Fill out the form or call in the application, and 10 days later, brand new credit card.

Eric Kraus, fraud management vice president of FIS is quoted as saying the bad guys think, “If I can’t steal cards, the next best option is taking another individual’s information and getting a card sent to me.”

Then there’s Instant Credit. How many times have you been offered a store credit card when you made a purchase to get 18 or 20 percent off your next purchase? Clerks get commissions for signing people up, so they aren’t particularly diligent. In 20 minutes or less, with a stolen or even fake SSN, the “customer” has credit and the clerk a commission.

How do the bad guys get SSNs? An article in The Balance suggests “doing some searches via public records and finding the deed to their home online may provide one with an SSN.” Other times, they buy SSNs off the internet.

Every time someone’s SSN appears anywhere, it is ripe for theft. Even doctor’s offices ask for a person’s SSN on their forms. And many doctor’s office staffs are less than vigilant in protecting the information they have.

Other times, it’s closer to home. Sometimes the crook knows the person he or she is about to ruin. The promotional pricing of a Friends and Family Plan can make taking over an identity simple. In fact, some 51 percent of this kind of fraud comes from people the victim knew. Then the victims end up eating the damage with few of them willing to prosecute a friend or family member.

The amount of fraud from account takeover is $4 billion a year and new account fraud is $3.4 billion a year. The crooks have shifted to these targets since the banks and credit card companies have short-circuited credit card fraud with the EMV chipped cards and paid close attention to anomalies in credit card charges. That has resulted in a drop of $1.7 billion in losses from 2017 to 2018. Now the fraudsters take over other people’s accounts and run up bills that hit consumers directly that can mean months or years recovering their identities and restoring their good credit.

Randi Marie Hartjen’s case is just one example of how easy it is for someone to take over another person’s account. She will no doubt be going to prison, but so many more are taking her place.