Philip Nicholson’s credit score plummeted from an excellent 900 to an abysmal 300 after identity thieves managed to take over his Flight Center Mastercard and went on a spending spree.
But despite filing a fraud complaint with card issuer FlexiGroup in December, the fraudulent transactions were only cleared after Thing contacted FlexiGroup, which operates many loan brands including Q Card, Farmers Card and Humm, buy now, pay loans later.
The thieves who managed to take control of Nicholson’s account went on a $5,500 spending spree in August, but because they had redirected his card statements, the Christchurch man only realized something wasn’t going until the end of the year, then his credit rating had been devastated.
“My wife told me to check your credit rating. I was absolutely stunned and we are looking to buy a house this year. There is no point in taking out a home loan now. They’ll just laugh at us at the door,” Nicholson said.
Fraud and cybercrime are the most under-reported crimes according to the Crime and Victims Survey.
* Identity thief victim ‘Mr Mucky’ asks lenders like Humm to beef up defenses
* ‘Too easy’ for scammers, says man whose identity has been stolen to open a buy-now-pay-later loan account
* Australian man allegedly stole identities of more than 80 people to pocket NZ$11.5million
FlexiGroup filed a fraud complaint in mid-December, but Nicholson heard nothing.
“There was no communication. It’s always me who tries to call them. You’re put on hold, and when you reach someone, they say, “We’ll pass on your details,” and you say, “Can I speak to a manager?” and they say: ‘There is no manager in place today’. Really?”
On Wednesday, Chris Lamers, a director of FlexiGroup, called Nicholson to apologize and tell him that the fraudulent transactions had been erased. But on Thursday, he received another demand for immediate payment of the fraudulent debts.
FlexiGroup blamed a “process error” for not acting within the 28 days it originally told Nicholson to expect.
Spokeswoman Emma Rackley said the company believed it was likely Nicholson had been the victim of a “cybersecurity breach” in which his data was stolen.
“We can confirm that all fraudulent transactions, interest and fees incurred as a result of the fraudulent transactions have now been refunded and the customer’s credit file is being restored,” she said.
Nicholson was skeptical, but said Lamers denied the fraud was an “inside job”, telling him that FlexiGroup carefully screened all job applicants.
Nicholson pulled out his Flight Center Mastercard to pay for flights to Europe, although he could have paid right away because they were offered an interest-free deal for two years.
“A few weeks later we received the credit card, we hid it in the bedside drawer because we didn’t need to use it,” he said.
He made the required repayments, without thinking about it, until he realized that the statements had stopped coming in late last year.
He called the Flight Center Mastercard call center and found that the security questions had been changed, as had his account contact address, email address and phone number.
“She said we had an address in Auckland. I’ve never lived in Auckland,” he says.
“I can’t fathom anyone being able to change all my details in the system,” says Nicholson.
FlexiGroup failed to pick up on the sudden burst of 22 unusual transactions at Caltex stores and gas stations, leading Nicholson to suspect a clone was made from his card.
In August, there were four major transactions at The Warehouse at Sylvia Park and Botany, ranging from $147 to $899.
There were also three large transactions at Countdown supermarkets in Auckland, the largest of which exceeded $1,000.
While many aspects of financial services are now heavily regulated, there are no regulations setting minimum standards and deadlines for lenders like FlexiGroup governing how they handle fraud.
Nicholson said that at a minimum, lenders like FlexiGroup should do their best to contact any customer they suspect may have been the victim of identity theft, immediately quarantine disputed payments and contact the offices of credit to ensure that people’s credit ratings were preserved.
Trade and Consumer Affairs Minister David Clark, who plans to buy now and pay later lenders like Humm under loan laws governing other lenders, does not appear to have any intention of regulating the treatment victims of identity theft by lenders.
But, Clark said officials from the Department for Business, Innovation and Jobs, the Department of Justice and the Home Office were working through a number of buy it now and pay later issues. .
“Several BNPL suppliers have indicated that they will commit to verifying customer identities and conducting initial and ongoing checks as part of any industry code,” he said.
But verifying customers’ identities was a legal requirement under the Anti-Money Laundering and Anti-Terrorist Financing Act using reliable, independent data, documents or information, Clark said.
“There needs to be a robust mechanism to ensure that the person being remotely processed is the true holder of the identity they claim to be,” Clark said.
The Digital Identity Services Trust Framework Bill was going through select committee stage.
“Its proposed legal framework is designed to help individuals prove who they are online in a safe, secure and reliable way. This, in turn, will provide another identity fraud prevention tool,” he said.