While I was spending half the day on Monday dorking around with the latest identity fraud moment, it did occur to me to wonder why on earth a person would apply for a business credit card under a fake name and then fill in the business’s correct address. Wonder-Accountant speculated that the form may have had a mailing address as well as a street address. But if that were the case, then Chase would have sent the letter asking for more information to that mailing address. Instead, they sent it here. I had about concluded that what appeared to be application fraud was really more like a prank when I came across this amazing report, detailing an alleged collaboration between insiders at Chase credit card services and UPS.
Now, I have no way of knowing whether what this guy says is true. But it would explain why the perp would ask to have his fraudulent credit card sent to my business’s real address.
JoshEAC, the post’s author, describes learning that a credit card had been ordered from Chase, supposedly by his wife. After considerable argument, in which a Chase customer disservice representative suggested that his wife was lying to him when she denied ordering a card, he managed to obtain the UPS tracking number for the card Chase claimed to have sent. At this point he began to proactively track the package wending its way toward him via the Brown Trucks. In the middle of the afternoon, he saw that the package had been diverted from home delivery to the pick-up counter at a UPS station. Three hours later, the tracking system reported that his “wife” had changed her mind and asked to have home delivery after all.
And lo! A day or two later Chase calls to inquire about the fraudulent charges being racked up on the “wife’s” new credit card!
Two possibilities presented themselves to JoshEAC: gross incompetence on Chase’s part — altogether credible given the outrageously ridiculous interactions he had with the bank’s customer disservice reps and their supervisors — or organized fraud committed by insiders at Chase and UPS.
If you buy the second scenario, someone on the inside at Chase creates a fraudulent application. He arranges to have the fake credit card sent to the mark’s real address via UPS. He has access to the passwords for this account. The card is shipped off to the mark.
A few hours later, his co-conspirator at UPS arranges to stop delivery to that address and then, shortly afterward, to have the card delivered to her, only this time on the UPS crook’s truck. The card, of course, never arrives at the mark’s home. With the stolen password, the perps start charging thousands of dollars’ worth of merchandise on the hot credit card.
Well. This conspiracy theory could, no doubt, be nothing more than a figment of its author’s imagination…EXCEPT that it explains, to a “t,” why the identity thief would enter my S-corporation’s address on his application for a fraudulent card. Presumably, once the card was diverted through UPS, the crook inside Chase would simply change the address in the bank’s records, thereby diverting the future statements, too. Or set the account not to deliver paper statements at all.
My monthly dues payments to the Scottsdale Business Association are paid by check and deposited to the group’s account at Chase Bank. The checks are printed with my business’s name and address only. That would explain why the perp didn’t have my name. And, since this is evidently an inside job, it explains why the fraudulent account was set up at Chase and not anywhere else.
JoshEAC described this episode in December, 2011. If he’s right, it means that two years later Chase has done nothing to bring a stop to this caper. Whoever’s responsible for it presumably continues to collect a paycheck and at the same time, no doubt, collects payment from “customers” who put him up to issuing fake credit cards.
By now, though, what’s happened is that the thieves have developed the sophistication to realize that small businesses are even more vulnerable to application fraud than are individuals, because the major credit bureaus give short shrift to business credit-card users. Identity-theft protections are set up to serve individuals. As a business owner, I’ve run into a wall — about my only recourse is to report the episode to the police and pray for the best.
Doing battle with Apple consumed most of the afternoon on Wednesday, and yesterday I was in business meetings or teaching all day. I’m out of food and gasoline, today being the first of the month, and so will have to spend this morning driving around the city by way of restocking the larder. So, the soonest I’ll be able to call the police again will be this afternoon, and presumably I’ll miss the guy again, since they’re not in any hurry to deal with this thing.
But if and when I actually meet with a police officer, you can be sure I’ll hand him a printout of JoshEAC’s post.