print all
rev. 1.1 2021-10-29

This website is not giving you legal advice. We're giving you some guidance on how to work your own way through the applicable laws, rules, forms, etc. based on our own unhappy experiences.THERE ARE PROBABLY SIGNIFICANT MISTAKES because we are still learning. So, take what we offer, educate yourself, protect yourself. And, of course, talk to a lawyer who knows consumer FCRA law to get it right.

Lock Your Credit Reports!!!

top
The single best thing we can do to protect ourselves seems to be "security lock" our credit profiles at ALL of the credit reporting agencies. It seems to me these companies are, either intentionally or negligently, aiding and abetting identity theft (and certainly making it exceptionally difficult to protect yourself when false information is placed in your file by one of their subscribing lenders). Read this. It was written in 2009 and things have only gotten worse since then.

If you are reading this, you have probably already been harmed by identity thieves, but it would be a really good idea to tell everyone you know to immediately (or sooner) add security locks to all of their credit profiles. It's time consuming and annoying. We are all hesitant to do so, because it makes any kind of credit-related transaction a real hassle.

However, since most companies are trying to "automate" so as to use "AI" and eliminate actual employees, that is sort of working to the consumer's advantage here. It is becoming easier to place and remove security locks. We should think of it as a unweildy form of two-form authentication.

Do you know how many credit reporting agencies are currently building a potentially damaging file on you? I don't, but here are the ones I know about:

ChexSystems, owned by Fidelity National Information Systems, owned by Fidelity which is, well ... if you've had any real estate title issues, you know ...
Clarity, owned by Experian -- because why have only one credit profiling company when you can have two?
CoreLogic - mostly involved used for rental applications and the like.
Experian
Early Warning Systems, LLC, owned by the same consortium that owns Zelle. cf Weiss v. Early Warning Systems, LLC dismissed September 2021. See this presentation by "Early Warning Services, LLC" in 2016 which provides a pretty good overview of the extent of identity theft going on circa 2016.
Equifax
Innovis, #4 of the "3 main credit reporting agencies". (See how this works? You can never keep up ...) More about Innovis/CBCInnovis (although the CBCInnovis link redirects here to a site called "factualdata.com").
TransUnion

Ramirez v. Transunion, or What is the Remedy??? Does the Government Hate Consumers???

top
Ramirez demonstrates that there is a concrete injury or harm when there are false third party reports. But what about the situation we are discussing here at "Lender Junta"? Our problem is not like Ramirez (Transunion flagged consumers as potentially "terrorists" and published that information to potential lenders). Our problem here is that lenders report phone, address, email addresses, employment that are false (having been submitted by identity thieves) but refuse to withdraw the false information. That then forms the basis for future identity theft because only the thief knows the false information seeded into the credit report. So, for instance, my wife and I had trouble getting a credit report because we did not know a fake residence address that had been seeded into our credit history. In addition, my wife apparently has two driver's licenses in addition to her own, still lives in the home we sold two years ago, has two unknown phone numbers and several unknown email addresses and once lived in Pennsylvania (even though she has never lived east of the Rockies). This has also created a problem with filing online tax returns, as identity "challenge questions" are drawn from credit agency profiles.

TRANSUNION LLC v. RAMIREZ (Sup Ct. reversal. For some reason, I couldn't find this in scholar.google.com).
Ramirez v. Transunion LLC (9th Cir remand following reversal by Sup. Ct.)
Ramirez v. Transunion LLC (9th Cir. opinion that was overruled.)

Congress, Courts and Gov't Agencies, the "Do Nothing Club"

top
So, we know what the Sup. Ct thinks from Ramirez. Open season on consumers, no matter how much Justice Thomas wishes to suggest it may be a "pyrrhic victory" for Transunion.

But Ramirez was factually a different situation: there, Transunion was irresponsibly misidentifying people as possibly being a person on a government terrorist list. In our instance, we are facing unauthorized access to our credit profile by 3rd party lenders who are not authorized; and the placing of false information into our reports as a result of the unauthorized access.

The starting point of any analysis should be that only you can authorize access to your credit profile. The identity thief seeking credit in your name is not you, so the false report is not authorized.

It should not matter whether the fraudulent lender "thinks" the identity thief proved himself to be you. Only the fraudulent lender has the opportunity to verify the crook's identity, and indeed, the opportunity to catch the crook redhanded. You are not involved in the transaction, and so have no opportunity to protect yourself from the fraudulent lender and equally fraudulent credit agency, who are acting hand-in-glove to ruin your life for mutual monetary gain.

FTC: identitytheft.gov. But, of course, if the FTC were doing absolutely anything to stop identity theft, this wouldn't be happening, would it? So, Spotloan can laughingly refer the people it is harming to the FTC website, knowing nothing at all will happen to them -- and that if you, the victim, fill out and return the FTC form to them for the purpose of stopping the identity fraud, they will receive even more of your data by which to help their lowlife "customers" commit identity theft.

YOU must give us a "police report"
Plan of Action

top
A typical demand from lender (known as a "furnisher" under FCRA), is that if you want them to provide the fraudulent application (it is, after all, "yours"), you must provide proof of your identity and "a police report". This, of course, is an intentional misdirection designed to make you believe any action by you is futile.

If you don't read the Fair Credit Reporting Act and (in California) Civ. Code sec.1785.15 in detail they are sort of right: you will never use the right magic words to force them to take action. And, If you were to file a lawsuit against them, you will not have properly laid the groundwork. So you will lose, you will get sanctioned and you will pay their attorney's fees and costs. Sounds like a totally fair system, right?

Let's do a little reading. You definitely are going to have to provide something that proves you are the consumer. That "something" doesn't have to be very much. After all, they didn't require much from the identity thief, did they?

We'll get back to this.

FCRA does not say anything about a police report and, per the FTC, "Most ID theft victims don’t need a police report". There is also no rule that the lender who has failed to get YOUR consent (not the consent of an identity thief or an internet bot) has the right to access your credit report or put lies into it.

But, that is how the lenders read FCRA, because it's sort of a throw-down: "Make Me!"

And, in fact, there are some "Make Me!" rules in FCRA. The lender is betting you won't jump through the hoops to do it.

The rules are detailed and annoying and you will have to put a lot of reading and thought into exactly what you are required to do; and if you do it, exactly what the lender and credit reporting agency are required to do.

So, the magic FCRA words are "identity theft report". While a police report could qualify as an identity theft report, police departments are not equipped to investigate and take action regarding identity theft. Unless, of course, you know the identity thief to be your nextdoor neighbor or something.

Essentially, FCRA provides you need to make a report to an entity that can prosecute you if you lie to them. Now, skipping over the obvious fact that these lenders don't care at all about making sure someone is not lying to them, they convinced Congress that the aggrieved consumer (you) might actually be an identity thief trying to trick them into screwing up "the consumer's" credit report.

And, I'm sure there are people who have done this and who will try to do this in the future. So, carefully weighing and balancing the rights of consumers and the rights of online loan sharks charging 460% interest to extremely poor people with no credit, Congress made the obvious choice: They protected the loan sharks.

But then again, FCRA did not require the lender to get a notarized affidavit proving the identity thief is you. No, online lenders allow "someone" to enter your name and social security number (stolen or purchased from the dark web) into a webpage form and get an "approved" or "rejected" two minutes later. Because, "internet", right?

Although, I would not bet on this being "legal" for the lender ...
plan

Plan of Action

Let's have a plan of action.

Let's not contact the lender until we have our "identity theft report" in hand. Logic, the need for immediate action and normal human decency on the part of lenders would sort of suggest the other way around, but you are placing way too much hope into the "normal human decency" basket.

You are about to spend a lot of time navigating phone menus that do not have an actual option for solving your problem. You are going to speak to representatives that you can't understand (due to bad VOIP connection, different accents, etc.) and have "no idea" what it is you are asking them to do. They are going to refuse to give you the necessary contact information to mail or fax your complaint to anyone obligated to look into the problem.

And then they are going to tell you they can't help you until you present an affidavit proving who you are and a police report.

So, why call twice when we can call once? Why write and re-write and re-write our explanations when we can do it all at once?

First, gather all the necessary info. By now you have retrieved your credit report having the bogus information on it, correct? (Unless, of course, you can't get access.) In any event, have in hand whatever alerted you to the problem, such as a credit FRCA reject letter. Find the website of the lender. Find its phone number, email address, fax address, mailing address -- whatever is available. Check to see the "formal name" of the lender, if it is available. And, because we are going to be typing into an unfriendly web form, let's type what we want to say into a word processing document. LET'S REMEMBER -- WE ARE NOT GOING TO PUT IDENTITY-THEFT TYPE PERSONAL INFORMATION IN THIS COMPLAINT. Just fill in the boxes. A lot of info (name, address, phone number) is already public knowledge. Never give more than "last 4 digits" of social security numbers, credit card numbers, etc.

Let's file an identity theft complaint with the identitytheft.gov. This is a one time thing, although if more accounts are opened in your name, they can be added. This is what we need when lender/credit reporting agency demands a "police report"! FTC expressly stated (in 2017), ` "By reducing the need for police reports, IdentityTheft.gov helps you get started on your recovery quickly, and helps free local police to focus on public safety." So, the FTC system, at least as of 2017, was viewed by the FTC to meet the FCRA "identity theft report" requirements. Let's save a pdf and print out this report, because we are going to be ending it a lot of places. And, FTC has a "walk-through" of what you should do next. Go ahead and read it. But, don't necessarily trust the FTC. When the report is complete you will see a statement that "lenders may also ask you for a police report." Who's side is the FTC on, anyway. They may "ask", but as we know from the FTC's own lawyer (link above), a police report is neither necessary nor helpful -- and this FTC report form was explicitly created to avoid the necessity of a "police report."

Let's talk about the defects in the FTC reporting system, because, again, "who's side are they on, anyway?"
- There is no "other" category. Therefore, there is no applicable category if no one has opened a fraudulent account in your name. But, we need a report when identity thieves are trying to open accounts in our names. After accounts have been opened is a little late!
- The entry boxes on the form are all entirely inadequate. You have many things to enter, there is room for only a few things.
- There is no room for explanation. For instance, identity thieves will use your old addresses and phone numbers. That is still part of the identity theft, but technically those WERE genuine addresses for you in the past. But, you absolutely don't want the reported as "current" to the credit reporting agencies!!!
- The limited information accepted by the FTC shows it is obvious the FTC has no interest in investigating or even learning the unscruplous ongoing activity out there by "funishers" (lenders and banks who access your credit info) and credit reporting agencies.
- FTC will remind you to place fraud alerts and security locks on the 3 major credit reporting agencies. But, FTC is apparently completely unaware there is entire swampy, slimy subprime bog of "specialty" credit reporting agencies that are ruining your credit.
So, we will be sending a copy of the FTC Identity Theft Report as the first thing we do which each lender/bank/credit reporting agency we communicate with. We will also be sending them this statement:
There is no requirement for a Police Report. https://www.consumer.ftc.gov/blog/2017/04/most-id-theft-victims-dont-need-police-report, where the FTC's attorney states,"By reducing the need for police reports, IdentityTheft.gov helps you get started on your recovery quickly, and helps free local police to focus on public safety."

Maybe you will feel you have done enough at this point. Perhaps with a nice letter and the FTC Identity Theft Report, you can get all of the false and fraudulent information removed. If that works, good for you, now you can sleep better at night!

But then again, you are anticipating normal human decency on the part of employees of lenders and credit reporting agencies. In my experience, that will be a mistake.

Lenders and credit reporting agencies are going to continue to demand "a police report". And, they will ratchet up their demands. Now they will want a "notarized affidavit" proving your identity. If you are represented by an attorney, they will want a "notarized power of attorney" authorizing your attorney to communicate with them, even through they are not justified in asking for it. Lenders and credit reporting agencies know that if they throw enough roadblocks in your way, you will give up and go away.

There is no legal requirement for these things. (Generally speaking, if we are laying the groundwork for a lawsuit, we are going to do some of these things anyway. A judge or jury will want to know why you filed an expensive lawsuit when you could have got a $20 notarized affidavit and sent it to them. But once again, do not be putting much "identifying information" in your affidavit -- DO NOT fill out and return the one they send you! Stick to "last 4" of social security number, "last 4" of account numbers, and only such information (name, address, phone number) that is already in public records.

For every false and fraudulent statement in your credit profile, a lender placed that information in your file without your consent. In each instance, a credit reporting agency accepted the word of a low-life lender over yours, even if the lender has a history of processing fraudulent applications; and even if the information submitted by the lender completely conflicts with the known information already in the credit reporting agency's data. After all, for the rejected loans, the rejection was determined by "AI" on the basis that the application didn't match up with the credit profile. So, the lender absolutely knows its applicant is not you and therefore the lender does not have "the CONSUMER'S consent", as required by FRCA. YOU didn't consent, did you? Some degenerate armed with your name and social security number, possibly an internet bot, gave consent. The lender should therefore not inject the false information into your credit file, but knowingly and wilfully does so anyway. "Lender Junta," anyone?

Before we start contacting lenders and credit agencies, let's file some additional online reports (and then we will send copies of the reports to the lenders and credit reporting agencies as part of our "Dispute" package.

Let's file a complaint with the Consumer Financial Protection Bureau ("CFPB"). When we are done typing, let's "print" to PDF (and a hard copy) so we have a record of what we filed.

Now, for us Californians, let's file a complaint with the California Department of Financial Protection & Innovation.. On this one, you will want to expand the boxes so that all of your text is visible, then save a pdf and print before hitting "submit" (because DFPI doesn't display the complaint when it gives you the filing number). Save and print the confirmation page with the filing number as well.

If we Californians are really having fun, let's also file a complaint with the Office of the Attorney General. If I remember correctly, you can't upload documents, so if you want to include attachments, you have to mail it in. I am collecting together a bunch of complaints, using the copies I made of the PRIOR complaints, and sending them to the designated address with a cover letter itemizing all of the separate complaints. The form is annoying to fill out, but I found that if I typed everything in a word processing document, using normal wordwrap, I could then copy and paste one line at a time into the line "boxes" of the fillable pdf file. If you make a lot of typos like I do, this was way easier than typing into the form in the first place.

We are going to take the bundle of complaints relating to a particular lender, add a cover letter that details our specific DISPUTE and a DEMAND to remove the specific false and fraudulent info, and mail them to their designated address. (You can fax them too. Be careful not to put identity-theft type identifying info in emails and faxes, you don't know which internet identity theft bots are going to be reading them. BUT, while lenders will "respond" to emails, faxes and phone calls, it seems from FCRA that you haven't effectively triggered their legal obligations until you mail them your dispute.

If we are feeling like wasting money, we can overnight, priority mail, or whatever. The cheapest method I have found whereby you can still prove the mailing was received is to send certified. I understand we can get verification of delivery from the tracking number. I generally do not like "return receipts", because in my experience the post office loses them and I don't get them back. But, they do add an additional layer of "proof" when signed by the lender's employee. (But again, even when "signed", it is usually impossible to identify who signed the return receipt and whether that person actually works for the lender.)

What happens with all these complaints? The government agency sends a copy to the lender and asks for a response. The lender responds, saying something like, "we made a soft inquiry and did not place any derogatory information in the file." The government agency then will forward the inadequate response to us and close the case.

We have failed and the false information is still in the file. If we then file a lawsuit, which is expensive and time consuming, the lender will immediately "do the right thing" and remove the false and fraudulent information, leaving our lawsuit "moot". If we go forward, we will probably get sanctioned because the judge doesn't think it is reasonable to waste court time litigating over attorney's fees -- most of which will have been incurred after the lender has removed the info, and therefore are expended "to recover attorney's fees." And, because lenders always win.

So why do we do all this? Because (a) there is identity compromising information in our credit files and that is a problem. (b) Each time you or I or someone else files one of these complaints, it is another chance for someone at the regulatory agency to look at it and say, "wait a minute, there is an actual regulatory issue here ..." And, (c) every now and then we will get lucky. A dedicated civil-servant will take the whole thing seriously -- because it IS serious -- and engage in real enforcement action.

Bluechip Financial DBA SpotLoan

top
Bluechip Financial is a "Rent-a-Tribe" company purporting to be wholly owned by a Turtle Mountain Band of Chippewa Indians, and therefore claims to be immune from federal and state credit laws. It makes online payday loans to subprime, low income borrowers.

Bluechip considers it has no obligation to determine if the purported borrower is actually the person he/she claims to be, because "internet." So, if an identity thief has your name, social security number and some address that shows up in your credit profile, the thief will be treated as "you", an unauthorized inquiry made to your credit profile at ChexSystems and Clarity (and possibly other credit reporting agencies).

This allows thieves to "seed" your credit report with false information, which can then be used to "verify" the thief's identity in further online transactions. For instance, when we attempted to retrieve the ChexSystems report online, for "identification" we were challenged to provide information about a "former address" at which we had never lived. Bluechip seeded our credit report with a false phone number, false bank records, false employment and false "confirmation" of an address at which we no longer live.

Although no effort is made to properly identify the thief, when you, the actual person, file a complaint with Bluechip Financial, they will demand that you provide a notarized affidavit or they will not remove the data submitted by Bluechip to the credit reporting agencies.

Credit agencies, in turn, claim they have no duty to verify that their reporting company actually has authorization to access your credit report. The credit agency will refer you back to the entity that made the fraudulent report. While that *might* have some marginal validity where the reporting company is covered by the Fair Credit Reporting Act, in this instance, the credit reporting agencies are accepting reports from a lawless entity that claims to be beyond the reach of federal and state governments.

$18 million Settlement

top
An $18 million settlement was reached in 2020 that included also waiving $170 million in outstanding consumer debt. According to a complaint in the Turner, et al., v. ZestFinance, Inc., et al. – Class Action lawsuit, "At the direction of Merrill and ZestFinance, a tribal entity, BlueChip Financial, was created to serve as a front to disguise ZestFinance and Merrill’s role in making usurious loans. BlueChip immediately began making loans using the 'Spotloan' tradename." The complaint further informs us, "In 2009, former Google Chief Information Officer Douglas Merrill founded ZestFinance, which was then known as ZestCash, and which is now known as Spotloan".

We trust the unidentified online identity thieves, so "prove who you are".

top
Would a reputable company do this? Pretend that some online ghost they have never met is you because that person happened to know your social security number and a few other details? Everyone in the financial business knows this data has been repeatedly stolen from places like Equifax, Facebook, government agencies, etc. But, of course, the person seeking a payday loan at 460% interest is totally you, despite the fact that you have an 800+ credit score.

Whereas, you are not you, no matter what information you know about you, because the identity thief is totally you. We, on the other hand, will only identify ourselves by first names, such as "Rachael P" and "Susan", while we destroy your credit. So, now you need to go to a notary and provide us with a notarized voluntary form for filing a report about identity theft problems (DO NOT USE THIS, BECAUSE IT PROVIDES THEM WITH MORE IDENTITY THEFT INFORMATION!!!) that has purportedly been purloined from ftc.gov, (good luck finding it there) including a law enforcement complaint that we were doing business with a thief, because otherwise, "we are not going to remove the [false] data we placed in the ChexSystems", in the Clarity system, etc. (And, since we are in the sovereign nation of Turtle Mountain Band of Chippewa Indians, laws don't apply to us and we can engage in all of the [otherwise] criminal acts we wish to. Nevermind that our CEO Sam Spratt lives and works in San Diego.

Of course, if one fills out the report, he or she is simply providing a criminal subprime lender with even more identity theft information, making it virtually impossible to protect yourself.

Chime and Bancorp Bank

top
A few days after learning about the subprime credit and credit reporting junta, we received a Chime debit card in the mail, with the account number to our new Bancorp bank account, with instructions how to have our paychecks auto-deposited to the new account.

I know this will shock you (especially since Chime stresses on its website how "secure" its product is) ... but we had nothing to do with opening this account.

On its website, Chime boasts, "Applying for an account is free and takes less than 2 minutes. It won’t affect your credit score!". No estimate, however, for how much time and energy the defrauded person will have to waste trying to undo the fraudulent accounts that that quick "2 minute" application allows to the credit thief to open.

You won't find any link on the Chime website regarding how to address fraud. The only contact information provided is 844-244-6363, and if you call it, you will be greeted by an unhelpful voicemail system that does not mention "fraud" at any time. You can select "lost or stolen debit card", but this card isn't lost or stolen, is it? You sure don't want to activate it to make an inquiry about "my account".

So, we contacted Bancorp, but the rep. for Bancorp -- the actual issuer of the debit card and bank account -- refused to take any action other than to dial the exact same phone above. We don't know which menu selections and numbers he entered, but that resulted in getting a Chime rep. on the line.

So, it would appear Bancorp's commitment to fighting fraud is, "hear no evil, see no evil," right? As it says on its website, "Chime is a financial technology company, not a bank. Banking services provided by The Bancorp Bank or Stride Bank, N.A.; Members FDIC". Apparently this is true unless the banking services you are seeking have anything to do with closing the fraudulent and illegal Bancorp bank account and debit card account issued by Bancorp in your name. Such as, for instance, to stop the fraud, and have the fraudulent accounts immediately flagged and closed.

After spending many minutes explaining the situation to the first rep, and again to the second rep, our call got "escalated" to yet a third rep (who apparently had no access to the notes of rep 1 or rep 2), whereupon we were required to explain about the fraudulent accounts all over again. Rep. number three (known only as "Chris") had no authority to do anything about the fraud, he could only submit a fraud report to the fraud department, which is only accessible via email, at the generic Chime email address, "support@chime.com" (to which we had already written). But, "the fraud department is vigilant and will get right back to you." (At the time of this writing, 6 hrs. and counting, unless "get right back to you" means an automated response to your own email to the support address, as so far, no acknowledgment whatsoever from the Chime fraud department or the Bancorp fraud dept. (And oh, by the way, we have also faxed a demand letter to both Chime and Bancorp, for which we have fax transmittal receipts, but no response from them either. Did I mention, hear no evil, see no evil? What kind of business model relies on allowing the opening of fraudulent accounts and the refusal to respond to the defrauded parties? But then again, we cannot afford to buy any congresspeople.)

In case you are wondering whether we asked to speak to a supervisor, yes ... Chris IS the supervisor. The buck stops with him. (But not the buck that involves doing anything about fraudulent accounts, that buck can only be reached by email to support@chime.com, which is very concerned about security and will get right back to you ...)

I am guessing the fraud department is so busy processing two-minute fraudulent account applications 24/7, they don't have any time to respond to fraud complaints about the ones they have already opened and are in the process of opening right this minute.

Index

Background on the Lending Junta subprime identity theft-enabling scams

Lock Your Credit Reports!!!

Ramirez v. Transunion, or What is the Remedy??? Does the Government Hate Consumers???

Congress, Courts and Gov't Agencies, the "Do Nothing Club"

YOU must give us a "police report"
Plan of Action

Plan of Action

Bluechip Financial DBA SpotLoan

$18 million Settlement

We trust the unidentified online identity thieves, so "prove who you are".

Chime and Bancorp Bank

More links

Index

Background on the Lending Junta subprime identity theft-enabling scams

Lock Your Credit Reports!!!

Ramirez v. Transunion, or What is the Remedy??? Does the Government Hate Consumers???

Congress, Courts and Gov't Agencies, the "Do Nothing Club"

YOU must give us a "police report" Plan of Action

Plan of Action

Bluechip Financial DBA SpotLoan

$18 million Settlement

We trust the unidentified online identity thieves, so "prove who you are".

Chime and Bancorp Bank

More links

YOU must give us a "police report"
Plan of Action