January 25, 2022

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.

The reader who shared this story (and copious documentation to go with it) asked to have his real name omitted to avoid encouraging further attacks against his identity. So we’ll just call him “Jim.” Last May, someone applied for some type of loan in Jim’s name. The request was likely sent to an online portal that takes the borrower’s loan application details and shares them with multiple prospective lenders, because Jim said over the next few days he received dozens of emails and calls from lenders wanting to approve him for a loan.

Many of these lenders were eager to give Jim money because they were charging exorbitant 500-900 percent interest rates for their loans. But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus, and none of the lenders seemed willing to proceed without at least a peek at his credit history.

Among the companies that checked to see if Jim still wanted that loan he never applied for last May was Mountain Summit Financial (MSF), a lending institution owned by a Native American tribe in California called the Habematelol Pomo of Upper Lake.

Jim told MSF and others who called or emailed that identity thieves had applied for the funds using his name and information; that he would never take out a payday loan; and would they please remove his information from their database? Jim says MSF assured him it would, and the loan was never issued.

Jim spent months sorting out that mess with MSF and other potential lenders, but after a while the inquiries died down. Then on Nov. 27 — Thanksgiving Day weekend — Jim got a series of rapid-fire emails from MSF saying they’ve received his loan application, that they’d approved it, and that the funds requested were now available at the bank account specified in his MSF profile.

Curiously, the fraudsters had taken out a loan in Jim’s name with MSF using his real email address — the same email address the fraudsters had used to impersonate him to MSF back in May 2021. Although he didn’t technically have an account with MSF, their authentication system is based on email addresses, so Jim requested that a password reset link be sent to his email address. That worked, and once inside the account Jim could see more about the loan details:

The terms of the unauthorized loan in Jim’s name from MSF.

Take a look at that 546.56 percent interest rate and finance charges listed in this $1,000 loan. If you pay this loan off in a year at the suggested bi-weekly payment amounts, you will have paid $3,903.57 for that $1,000.

Jim contacted MSF as soon as they opened the following week and found out the money had already been dispersed to a Bank of America account Jim didn’t recognize. MSF had Jim fill out an affidavit claiming the loan was the result of identity theft, which necessitated filing a report with the local police and a number of other steps. Jim said numerous calls to Bank of America’s fraud team went nowhere because they refused to discuss an account that was not in his name.

Jim said MSF ultimately agreed that the loan wasn’t legitimate, but they couldn’t or wouldn’t tell him how his information got pushed through to a loan — even though MSF was never able to pull his credit file.

Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach.

“We believe the outsider may have had an opportunity to access the accounts of certain customers, including your account, at which point they would be able to view personal information pertaining to that customer and potentially obtain an unauthorized loan using the customer’s credentials,” MSF said.

MSF said the personal information involved in this incident may have included name, date of birth, government-issued identification numbers (e.g., SSN or DLN), bank account number and routing number, home address, email address, phone number and other general loan information.

A portion of the Jan. 14, 2022 breach notification letter from tribal lender Mountain Summit Financial.

Nevermind that his information was only in MSF’s system because of an earlier attempt by ID thieves: The intruders were able to update his existing (never-deleted) record with new banking information and then push the application through MSF’s systems.

“MSF was the target of a suspected third-party attack,” the company said, noting that it was working with the FBI, the California Sheriff’s Office, and the Tribal Commission for Lake County, Calif.  “Ultimately, MSF confirmed that these trends were part of an attack that originated outside of the company.”

MSF has not responded to questions about the aforementioned third party or parties that may be involved. But it is possible that other tribal lenders could have been affected: Jim said that not long after the phony MSF payday loan was pushed through, he received at least three inquiries in rapid succession from other lenders who were all of a sudden interested in offering him a loan.

In a statement sent to KrebsOnSecurity, MSF said it was “the victim of a malicious attack that originated outside of the company, by unknown perpetrators.”

“As soon as the issue was uncovered, the company initiated cybersecurity incident response measures to protect and secure its information; and notified law enforcement and regulators,” MSF wrote. “Additionally, the company has notified individuals whose personal identifiable information may have been impacted by this crime and is actively working with law enforcement in its investigation. As this is an ongoing criminal investigation, we can make no additional comment at this time.”

According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. representing tribal lenders, the short-term installment loan products offered by NAFSA members are not payday loans but rather “installment loans” — which are amortized, have a definite loan term, and require payments that go toward not just interest, but that also pay down the loan principal.

NAFSA did not respond to multiple requests for comment.

Nearly all U.S. states have usury laws that limit the amount of interest a company can charge on a loan, but those limits traditionally haven’t applied to tribal lenders.

Leslie Bailey is a staff attorney at Public Justice, a nonprofit legal advocacy organization in Oakland, Calif. Bailey says an increasing number of online payday lenders have sought affiliations with Native American tribes in an effort to take advantage of the tribes’ special legal status as sovereign nations.

“The reason is clear: Genuine tribal businesses are entitled to ‘tribal immunity,’ meaning they can’t be sued,” Bailey wrote in a blog post. “If a payday lender can shield itself with tribal immunity, it can keep making loans with illegally-high interest rates without being held accountable for breaking state usury laws.”

Bailey said in one common type of arrangement, the lender provides the necessary capital, expertise, staff, technology, and corporate structure to run the lending business and keeps most of the profits. In exchange for a small percent of the revenue (usually 1-2%), the tribe agrees to help draw up paperwork designating the tribe as the owner and operator of the lending business.

“Then, if the lender is sued in court by a state agency or a group of cheated borrowers, the lender relies on this paperwork to claim it is entitled to immunity as if it were itself a tribe,” Bailey wrote. “This type of arrangement — sometimes called ‘rent-a-tribe’ — worked well for lenders for a while, because many courts took the corporate documents at face value rather than peering behind the curtain at who’s really getting the money and how the business is actually run. But if recent events are any indication, legal landscape is shifting towards increased accountability and transparency.”

In 2017, the Consumer Financial Protection Bureau sued four tribal online payday lenders in federal court — including Mountain Summit Financial — for allegedly deceiving consumers and collecting debt that was not legally owed in many states. All four companies are owned by the Habematolel Pomo of Upper Lake.

The CFPB later dropped that inquiry. But a class action lawsuit (PDF) against those same four lenders is proceeding in Virginia, where a group of plaintiffs have alleged the defendants violated the Racketeer Influenced and Corrupt Organizations Act (RICO) and Virginia usury laws by charging interest rates between 544 and 920 percent.

According to Buckley LLP, a financial services law firm based in Washington, D.C., a district court dismissed the RICO claims but denied the defense’s motion to compel arbitration and dismiss the case, ruling that the arbitration provision was unenforceable as a prospective waiver of the borrowers’ federal rights and that the defendants could not claim tribal sovereign immunity. The district court also “held the loan agreements’ choice of tribal law unenforceable as a violation of Virginia’s strong public policy against unregulated lending of usurious loans.”

Buckley notes that on Nov. 16, 2021, the U.S. Court of Appeals for the Fourth Circuit upheld the district court ruling, concluding that the arbitration clauses in the loan agreements “impermissibly force borrowers to waive their federal substantive rights under federal consumer protection laws, and contained an unenforceable tribal choice-of-law provision because Virginia law caps general interest rates at 12 percent.”

Jim said he learned of the Thanksgiving weekend MSF loan only because the hackers apparently figured it was easier to push through loans using existing MSF customer account information than it was to alter anything in the records other than the bank account for receiving the funds.

But had the hackers changed the email address, Jim might have first found out about the loan when the collection agencies came calling. And by then, his exorbitant loan would be in default and racking up some wicked late charges.

Jim says he’s still hopping mad at MSF, and these days he’s just waiting for the other shoe to drop.

“They issued this loan in my name without verification and without even checking my credit at all, even though they were already on notice that they shouldn’t have been dealing with me from the May incident,” Jim said. “I still feel like I’m going to get that call at some point from a collection agency asking why I haven’t been making payments on some installment loan I never asked for.”

62 thoughts on “Scary Fraud Ensues When ID Theft & Usury Collide

  1. SB

    I experienced this nightmare late last year as well. Just started getting bombarded with offers. I tried contacting those that seemed to be legitimate offers, but could not keep up. Through the process, I learned that some use LexisNexis instead of the traditional credit reporting agencies. I requested a copy of my record with them and had them freeze and delete all of my records with them. The link is https://consumer.risk.lexisnexis.com/.

    1. B

      Was the Lexis data pull used to actually approve the loan, or did they do a Lexis data pull to even set up an account with the loan company? Or do they only check when they are about to issue a loan?

    2. thorne.side

      We have another credit score agency to worry about now?! W. T. F?!

      1. Max Power

        Actually, it’s not new. This appears to be part of the LexisNexis CLUE consumer reporting database that is used almost exclusively by insurance carriers to help asses your risk profile when they underwire insurance for you. It’s been around for years. It’s how one insurance company can find out that you had say an at-fault claim with another insurance company when you shop around for say a new auto policy. First time I heard though that lenders are supposedly using it for the purpose of credit scoring.

    3. Gordon Shumway

      I went to the links below to freeze my credit report with Lexisnexis, who I had never heard of before having read the comments on Brian’s article above. It seems pretty fishy that they require me, the so-called owner of the credit data, to provide a photo or government ID of myself to prove who I am to stop them from freely providing my to any company that pays them for it. So … what … I can “protect” my data by giving them more data .. that I never gave them permission to collect in the first place? Yeah, this business model is not exactly a benefit to anyone but the people that started it.

      What really pushed me over the edge on these guys is that there is basically no way to contact them to complain. Not that it would really do much good anyways. What are they going to do with picture, put it in a database so someone can steal it and create a new set of fake documents with it during the next “data breach”? Lets face it, its no longer a question of “if” there will be another breach, it’s now a question of “when?”.

      It seems pretty ironic that these privately owned companies have decided to become the guardians of our financial data, without our permission and for their own financial gains, then give us the opportunity to pay for their “monitoring” services when they do a lousy job of protecting it.

      Maybe its unfair to compare these privately owned “credit bureaus” to privately run prisons, but what do you think the government would do if private prisons had such poor security measures that all the criminals broke out … multiple times? There needs to be either a different way to verify someone’s credit worthiness (without using the SSN), or there needs to be WAY more expensive penalties to these companies other than a slap on the wrists. Maybe I’m just mad because I didn’t think of starting one of these “credit services” before they did and lost out on all that money?

  2. PFlagge

    Not only were they able to hack into their system to pilfer data, they were able to change account/system data so that an account that had a fraud alert and no credit check was still able to receive loan funds. Their email response to “Jim” makes no mention of that occurring or how it was possible.

      1. James

        I can pretty much guarantee they already have it. In fact, you should assume that ALL your personal data resides in several databases owned by crims, let alone “legitimate” companies.

      2. Jon Marcus

        It’s okay to give them a copy of my drivers license??

      3. JamminJ

        It is really necessary to prove your identity whether placing a security freeze, or lifting a freeze.

        Why? Because a fraudster could just plant their own flag by freezing your credit first, then only they can unfreeze it, which they will do, right before getting a loan in your name.

        Like most initial identity proofing, there are many options. Choose one from each category.
        Category 1
        Social Security card
        U.S. passport picture page
        Alien registration card
        Military identification card (front and back)
        Category 2
        Recent cable, utility or telephone statement with your name and current mailing address
        Bank or credit card statement with your current address
        Rental lease agreement showing your current address
        Voided personal check with your preprinted current address
        Notarized letter from your landlord confirming your current name and residential address
        Mortgage statement with your the current address
        W-2 tax form with your current address

      4. Chris

        Many companies use Lexis Nexis to verify all that personal information like, how much did your house cost in 1993? Which one of these four people are you related to? What company did you have a mortgage with? What car did you own? They aggregate ALL your data.

  3. JB

    Maybe I am overly paranoid, but that seems like a huge amount of PPI lexisnexis wants to place a credit freeze.

    1. Jon Marcus

      Agree. They need a copy of my Drivers License?? That seems…a bit much.

  4. ReadandShare

    How do people (like Jim in this example) get picked as victims to begin with?? I ask out of curiosity. Like Jim, I too have “freezes” put on my credit info at each of the three credit agencies. Apparently, that’s still insufficient protection!?

  5. Robert Scroggins

    Good report–thanks Brian.

    Reminds me of the use of Indian tribes as a shell for casinos. Everything remains the same–it’s just changed a bit!

    1. Mike Jackson

      Touché Robert. How ironic this occurred around “Thanksgiving” too. Coincidence?…..

  6. Peter Dordal

    I do not think it is useful to describe Jim as a victim of “identity theft”. The term “identity theft” was created to blame the customer (or, in this case, non-customer). Nothing was stolen from Jim. It is MSF that was robbed.

    As I understand the Fair Credit Reporting Act, MSF (though not credit bureaus) would be liable for reporting false information about Jim.

    1. JamminJ

      This is correct.
      With such a compromise of their internal systems, they didn’t actually need to deal with unfreezing credit reports from any CRA.
      They simply bypassed all of that and defrauded the company MSF to issue funds.

    2. Lindy

      ” Nothing was stolen from Jim. ”

      Oh, really? How about peace of mind, and wasted time trying to sort this hellish mess out.
      Obviously you have never had an account or private info breached.
      And why didn’t MSF listen to Jim and cancel the paperwork and delete his file? If they had done that perhaps it wouldn’t have escalated like it did.
      This law protecting tribes from usury and that they can’t be sued makes for some mighty tempting opportunities by unethical parties. There needs to be some changes on that.

      1. jbmartin6

        I agree that ‘identity theft’ isn’t a good term, but not for quite the same reasons. The term paints the picture that It should be called ‘negligence’ as in financial institution negligence. They should either tighten up their authentication processes, or take the hit for the fraud as well as any impact on the person whose identity they failed to adequately validate. Lenders should be held liable in cases like this, for everything. That would be a useful consumer protection law.

  7. JamminJ

    “But had the hackers changed the email address, Jim might have first found out about the loan when the collection agencies came calling.”

    Maybe, but maybe not.
    Most lenders would have followed procedure for collections.
    It is highly likely that they would have found their compromise when they tried to send his account into collections.

    There’s a whole process involved when sending to third parties in order to collect and write a delinquent or defaulted account in the credit report with the CRAs.

    I think if the hackers change the email address, then it would have taken a lot longer, but they would have found their problem when they started to deal with third parties in order to collect give him a negative credit report.

  8. auspost

    Buckley notes that on Nov. 16, 2021, the U.S. Court of Appeals for the Fourth Circuit upheld the district court ruling, concluding that the arbitration clauses in the loan agreements “impermissibly force borrowers to waive their federal substantive rights under federal consumer protection laws, and contained an unenforceable tribal choice-of-law provision because Virginia law caps general interest rates at 12 percent.”
    think about lots of what this means to say really agree with the note. also i use this post on my web.

  9. Mallory

    Brian, do you recommend doing a freeze with Lexus Nexus?

  10. Mahhn

    Someone loans money to someone without verifying their identity, to bad. They F’d up.
    I would never bother to respond to any loan crap. I don’t want one, won’t talk to a FI about it.
    I don’t get how “apparently” these people are held responsible at all. I mean if I walk into a bank and rob them, and give them a name, will they go arrest that person and never look for me?
    F’d up world where criminals can just drop your name, and supposedly you have to pay.
    If I was Jim, I would just ignore the scamming bank and their partner scammers.

  11. BB

    Should we request the LexisNexis report first, and then do the freeze? Should we also do the opt-out form for LexisNexis?

  12. BB

    Should we request the LexisNexis report first, and then do the freeze? Should we also do the opt-out form for LexisNexis?

    1. Jim

      Tribes need to get in the 21 century & get over it.
      Undo the reservations & deed the property to the tribe & divide it up evenly between the tribe people.
      Pay taxes, just like every body else. In other words,,,, become a US citizen & do away with all this nonsense.

      1. JamminJ

        No, that is a bit extreme. There’s probably a middle ground.

        Maybe these “tribe owned” companies should not be allowed to do business with non-tribe US citizens. You’ll see how fast they drop their tribal affiliation then. They should be allowed their sovereignty. But the problems arise when you allow them to exist in both worlds…. immunity from the law regarding interest caps + the ability to have any US citizen as a customer = invitation for fraud.

        If they want immunity from the law, they should not be allowed to have non-tribe customers.

        1. ObviousFakeName

          They are US citizens and do have to answer to the Feds. I worked at tribal casino in the past an there were several federal agencies that had oversight. Those federals agencies (with the exception of the FBI) were derelict in their oversight duties and I would imagine this is similar if it isn’t actually the same agencies with oversight responsibilities. The issues listed here are because they aren’t subject to state law in all cases. Although, the tribe I worked for owned a gas station too and that station did have to pay state taxes and follow relevant consumer protection laws as a “direct competitor” to non-tribal businesses in the area.

          1. JamminJ

            It wasn’t lack of oversight, it is the existence of specific exemptions “Immunity” described in the article.
            Exemption from some state taxes make sense, because the reservations often don’t utilize state funded resources.
            But immunity from a law that caps interest rates on predatory lending? That should never have happened.

        2. Hal

          Why you are generally allowed to do business with other nations, why not Indian nations?

          Its easy to say ‘stop this nonsense’ but on the other hand all the solutions to do that pretty much mean going back on agreements that were made where we already have a track record as nation of rather bad faith – see the Black Hills once someone noticed gold laying about.

          I don’t like it either but the reality the indian nations where granted a degree of sovereignty which they can only enjoy if we actually allow them to be um–sovereign its simply not justifiable sit here an dictate what their finance laws should be to them. Its similarly not justifiable to deny them access to the general US market unless you are prepared to place the same standards and restrictions on every other international entity.

          1. JamminJ

            I understand what you’re saying.
            It would not be right to just close them off and deny them access to the US market of borrowers.
            It’s a unique situation, with a very complex and terrible history.

            That said, the relationship between sovereign Indian nations and the US, is nothing like traditional international finance.
            There really is no market for businesses in foreign countries to provide payday loans for other individualized loans to US citizens.
            Sure, a borrower could go out of their way to use a lender from a foreign country. But it’s really hard for a lender to be predatory.

            It would be extremely difficult to make a profit as a foreign country trying to provide high-interest loans to US citizens. Even if there is no explicit law restricting interest rates, there are other factors that prohibited. For Indian sovereign Nations, it appears those factors are not in play.

            I don’t think this immunity from interest rate limits actually applies to every other country, I think it’s specific to Indian nations. Which is why this situation is unique, and requires unique laws.

            We could absolutely apply common-sense law without destroying their sovereignty.
            It is the abuses like this that make new laws justifiable.

      2. John Brown

        That’s ridiculous. I mean, you could just, you know, completely ban usury and give an appropriate punishment to usurers.

  13. Jim

    Tribes need to get in the 21 century & get over it.
    Undo the reservations & deed the property to the tribe & divide it up evenly between the tribe people.
    Pay taxes, just like every body else. In other words,,,, become a US citizen & do away with all this nonsense.

    1. JamminJ

      Well no, that is a bit extreme. There’s probably a middle ground.

      Maybe these “tribe owned” companies should not be allowed to do business with non-tribe US citizens. You’ll see how fast they drop their tribal affiliation then. They should be allowed their sovereignty. But the problems arise when you allow them to exist in both worlds… immunity from the law regarding interest caps + the ability to have any US citizen as a customer = invitation for fraud.

      If they want immunity from the law, they should not be allowed to have non-tribe customers

  14. Tink

    Brian, can you tell us more about LexisNexis and why they’re able to supply information if you have a credit freeze on the 3 main bureaus (I think I froze the fourth one you mentioned, too)? Should we put a freeze on LexisNexis? What’s to stop some other company from giving out our information when we have freezes in place? Does a company asking LexisNexis for a credit evaluation leave that company open to litigation if they move forward when I have a freeze at the credit bureaus?

    1. BB

      Great questions. I’m hoping Brian can provide more guidance to us specific to LexisNexis.

      1. G.Scott H.

        Credit freezes are per company. You must initiate a freeze with each company. Up until today I only had mine frozen with Experian, Equifax, Transunion, and Innovis. I just requested a freeze with Lexis Nexis today. When the Fair Credit Reporting Act (FCRA) was passed Innovis was not in existence, or not relevant. So for years credit reporting referred to “the big three”. There are actually a lot of companies which trade in consumer information, but only consumer credit information is covered by the FCRA.

        A credit freeze does not mean you want no credit, it means you do not want your information released. Lenders generally do not loan if they cannot assess the risk due to a credit freeze. A lender is not legally bound to refuse credit due to a credit freeze.

  15. Jeff

    Wonder if there is legal recourse he could initiate? Either to legally force them to remove the account (and provide proof) or lawsuit for the damages he’s occurred / time spent.
    Not a fan of suing just cause you can & it certainly would be a pain to go this route but we should have recourse when stuff happens to us!

    1. Joe Barry

      The allegations would lead one to believe it’s more like a conspiracy by multiple crooks to defraud.

  16. Joe Barry

    Defendants in the Virginia action: Scott Asner (“Asner”) and Joshua Landy (“Landy”) and Sherry Treppa, Tracey Treppa, Kathleen Treppa, Iris Picton, Sam Icay, Aimee Jackson-Penn and Amber Jackson (collectively, the “Tribal Officials,” and, together with Asner and Landy, “Defendants”), alleging that Defendants issued usurious loans to Plaintiffs in the name of Golden Valley Lending, Inc. (“Golden Valley”), Silver Cloud Financial, Inc. (“Silver Cloud”), Mountain Summit Financial, Inc. (“Mountain Summit”), and Majestic Lake Financial, Inc. (“Majestic Lake”) (collectively, the “Tribal Lending Entities”) — four entities formed under the laws of the Habematolel Pomo of Upper Lake (the “Tribe”), a federally recognized Native American tribe.

  17. usps tracking

    I do not think it is useful to describe Jim as a victim of “identity theft”. The term “identity theft” was created to blame the customer (or, in this case, non-customer). Nothing was stolen from Jim. It is MSF that was robbed.

  18. B

    Correct me if I’m wrong, but one thing some readers are missing is that the loan was taken out in Jim’s name and SSN. So yes, he was defrauded, and would have initially been on the hook for the unpaid loan. This could happen to anyone. I’m assuming the thief used his SSN to originally show interest in a loan. Profile was created under his SSN. Company did not close the account as requested by Jim. Thief hacked into the system and pushed thru loans that bypassed any sort of approvals.

  19. Ron B

    I’d like to see an article regarding many services, especially financial related ones, not verifying email addresses. PayPal doesn’t. One can create an account there and even actively use it without verifying the email address. Seems a huge security hole.

  20. Dennis

    All these security freezes are useless. Don’t complicate your life with them. They will only bite you when you apply for a legitimate loan, or they may (silently) raise your insurance premium because your insurer is unable to pull your credit record. And as this article shows, they do nothing to protect against fraudsters. The only way to fix this issues is with legislation when companies are held financially accountable for security breaches or for issuing a fraudulent loans under someone’s name. But this will never happen because of the huge amounts of money involved in the Equifax-alike companies making on selling our data, or in that payday loan business.

  21. im24podcast

    This could be a huge problem for anyone. Your data can leak from any database listed online without any of your fault and still you end up with a huge problem just to clear things out. This could happen to anyone.

  22. Harry Rimshot

    I have just deleted my Yahoo email address because I found that it had been compromised in multiple data breaches
    by going here https://haveibeenpwned.com/
    I found the link to delete it here https://www.businessinsider.com/delete-yahoo-account
    Even though I found out about my stolen Yahoo email years ago, this story spurred me to delete it. I’ve had it for over 20
    years, but this proactive step should (?) be a deterrent. I say this because if a loan company sends an email to my closed
    Yahoo account, it will be instantly be rejected as undeliverable “Address not found”. And yes, I already tested it.
    I got a Google email address a couple of years ago, and it has not been in a data breach yet, per Have I Been Pwned. I hate Google yes, but very little to no phishing emails get through to me. Unlike the Thunderbird desktop app with my Yahoo email. Hope this helps you.

    1. Ray

      Unless the fraudster re-created the email address and now has authentication via the email on file.

      1. JamminJ

        Yeah, you really have to look at (and trust) the email provider’s policy on keeping deleted email addresses from being reissued.

        1. Harry Rimshot

          “This email address is not available for sign up, try something else” is what I got when I tried to sign up
          with it.

          1. nobody

            yahoo can recycle your old yahoo email address to be used by anyone. although yahoo has flip flopped on recycling old yahoo email address, i personally do not trust what they say. therefore you gotta assume they will eventually recycle your yahoo email. and the crooks will wait until they are able to freely claim it.

            1. Harry Rimshot

              I read somewhere online that Yahoo would delete the email address 6 months and then 2 months for every year the account was opened. In my case that’s 20 years x 2 months = 4 more years.
              Today I emailed Yahoo Support and asked them that question. Hopefully I’ll
              get an answer tomorrow.
              “…the crooks will wait until they are able to freely claim it.” Uhuh, like they
              don’t have anything better to do than waste their time waiting or checking back again and again.

  23. P.D.

    Tangential, but relevant:

    “…have you wondered why credit card companies can ignore your state’s usury law, which limits the amount of interest that can be charged on a loan, and charge whatever rate they want?”


    …andSouth Dakota is on the list of the worst Usury offenders, as they HAVE NO LIMIT.

    What we REALLY need is a national set of Usury laws that MEAN something. 50 years ago, anything over 12% interest was considered an outrage. A car loan back then was about 7% for someone with average credit.

    But, the “Loan Industry” (read: vampire’s blood bank) has gradually taken over both houses, and both parties, until they’re primarily doing what they damned well please, and this only aids and abets crooks like the ones mentioned in this article.

    There needs to be a _national law_ setting non-Usurious rates for _all_ types of loans: rates would go back to a reasonable level, and these “payday loan” outfits (which are nothing more than loan sharks) and “rent-a-bank” schemes would wither and disappear.

    Not to mention banks and credit card companies working hand in glove…look at it right now; They barely pay you any interest on your savings, and yet get to loan it out at over 20% a year?

    I cut my credit cards years ago, and never felt better.

    Pay cash or go without. Starve these bastards.

    1. Ray

      PD, Better yet, use the credit cards to insure products you buy in the event of fraud you. An call your credit card company to dispute. Pay in full each month which means you pay zero interest. Collect the cash reward at the end of the month. You now have the credit card company paying you each month for using their credit card. Been doing it for years and wouldn’t do it any other way.

  24. cinema hd

    Legally, yes. In practice, debt collectors (which originators of debt of all sorts will quickly dump unpaid debt onto, even medical providers who don’t want to wait for patients to cough up the funds due) will take advantage of unsophisticated/financially illiterate citizens to coerce payment, even if there is no obligation to pay. The fix is straightforward: require evidence of the debt upfront, and if you’re attempting to collect on debt you can’t verify was agreed to by the person you’re pursuing, damages are substantial (say, $1M per occurance). Make reporting of violations via the CFPB frictionless. You will see debt originators rapidly standing up robust identity proofing systems (having customers come into a branch with their IDs), and asking Congress to legislate their implementation (Login.gov and similar for private enterprise, with the end game being a usable national ID system such that Estonia has [1]). Tangentially, current risk management in this space between identity and finance sucks. I worked with someone to get liens off their Lexis Nexis Risk Solutions report (which mortgage originators use for compliance purposes with conventional mortgage underwriting guidelines as it relates to foreclosures and real estate fraud) that were on their report for almost 8 years in error. It took a CFPB complaint for Lexis Nexis to remove them with citations from an attorney to state statute, and this data isn’t classified as consumer reporting, so it’s almost impossible to obtain financial recourse/damages for these occurrences.

  25. Scammed

    The most common identity theft scam going around in Australia is to steal an identity, use it to buy an expensive mobile phone, fence the phone gor cash and never pay the bill. The first the victim ever hears of it is from the debt collector. So long as unscrupulous and unaccountable data brokers exist, it is an easy and cheap scam.

Comments are closed.