The banker at Wells Fargo looked across her desk at me with the pained expression of somebody who wants to sell you something but can’t.
“I see you already have several accounts with us, Mr. Armstrong,” she said. “Are you sure you're a new customer?”
I was and I wasn’t. I had accounts everywhere, and most of them weren’t mine. This wasn’t the first time, and I was sure it wouldn’t be the last.
Between 2013, when my identity was stolen, and this May, I tried to prove to credit bureaus and banks that I was me and not the thief. The fake accounts he created shut me out of crucial parts of the consumer finance economy. I was denied credit cards, got harassed by collection agencies, and was told not to bother putting my name on a mortgage application for a house my wife and I were trying to buy.
The other me was living it up. Back in August 2013, wielding a driver’s license with my name and his picture, he opened accounts at four banks in two days and got a credit card with Bank of America. He hit the exclusive Delano Hotel in Miami Beach. He shopped at Whole Foods. He sold an RV to some Texans online, didn’t deliver it, then sent their $39,000 to Russia. There’s footage of him at a Wells Fargo branch, according to an indictment filed by prosecutors. He sits there posing as me, opening accounts.Drew Armstrong. No, really.Photographer: Bloomberg
I got the first call from the police two months later. It would take more than three years for them to bring the case to its conclusion. In the meantime, our lives kept intersecting while the cops and the FBI followed me. Him.
And it wasn’t just banks. Flying to London for work, I was waiting in the business class lounge when I heard my name called over the intercom. There were two men there with badges.
“Are you carrying any monetary instruments?” one of them asked as they went through my bags. They pulled out my credit cards and money clip. There was a single, tattered dollar the texture of suede.
“One dollar, cash,” the border agent wrote down on a scrap of paper.
Every time I entered or left the U.S., I'd be pulled aside, my bags searched, and let go up to an hour later. Once it happened on the jetway as I was boarding. More often it was in a back room full of other detainees. In Atlanta, on the way back from a wedding in Brazil, I saw two customs agents looking over somebody’s open Tupperware container. “It's a rat,” one of them said. It was, in fact, a dried rat.
Eventually I explained my situation to the TSA. After I got a letter with a “redress number,” I traveled with it clutched in my hands like the promise of safe passage in Casablanca. I was never searched again.
Mine wasn’t the only life my impostor was living, and it didn’t always go so well for him. He had at least one other fake ID, which raised a flag with at least one bank manager. When the manager went to make a copy, the guy ran out of the branch and jumped into a getaway vehicle, according to an affidavit filed by the FBI agent investigating the case.
It’s a nightmare Americans go through every year. There’s another you out there, living it up while you wander among the financial and bureaucratic wreckage they’ve left in their wake. More people are likely to be victimized after the massive hack of 143 million Americans that Equifax Inc. announced last week. In that breach, thieves took Social Security numbers, addresses, driver’s license data, and birth dates.
Those are “the keys to the kingdom,” said Bo Holland, CEO of AllClear ID, an identity-monitoring service. “Once you have somebody's name, social, birth date, and address, you can go and open new accounts.”
Which is exactly what my guy did, according to the financial records. He had used the bureaucracy to become me, and I would have to use it to detach us.
“At the front end, it was so easy for the thief to get in there like a tornado, and you’re left doing the cleanup,” said Eva Velasquez, CEO of the Identity Theft Resource Center, a nonprofit that helps people dealing with ID fraud.
There’s a logic to the maze you have to run to expose fraudulent financial accounts. In an economic system where U.S. consumers carry $12.73 trillion in household debt, you shouldn’t be able to just call up, say “it wasn't me,” and leave thousands of dollars in obligations by the wayside.
But do they have to make it so hard?
“You have to get the language right, you have to be sure you’re talking to the right department of the right agency in the right organization,” Velasquez said. “You have to get the right forms. At least a couple of them, you’re going to have to repeat those steps, because somebody didn’t get the right note or it got lost.”
I spent hours on the phone with Bank of America, being passed around from department to department. I explained to one (very helpful!) representative that I’d never had a Bank of America credit card.
“Thank you for being a Bank of America customer,” she said toward the end of our call.
I started to say something but stopped.
Here’s what I sent them, in the end: a signed statement saying I was me and that the accounts were fraudulent, an affidavit I’d filed with the Federal Trade Commission swearing I’d had my identity stolen, copies of my driver’s license, passport, and Social Security card, a lease, two phone bills, a letter from the Justice Department, the criminal complaint filed by the prosecutors, and Bank of America’s own credit card records.
It occurred to me that if anyone got their hands on that, they’d have everything.
BofA sent me things, too. I got a 1099-C tax form. My impostor ran up credit card bills, which the bank had written off. That counted as income, and I’d need to consider it in my taxes.
They also mailed me checks. They had overcharged the fake me $105.37 in fees, so they issued a refund to the real me. The checks are still in a file. I never cashed them, afraid I might re-entangle my life with my fraudster’s.
We are buying the house after all (my wife and I, not the guy and I), but I’m not to participate in the financing process or include my assets or wages in the application. That can mean a higher rate on the loan, one credit expert told me.
“Resolving identity theft issues is a complicated process,” said Betty Reiss, a Bank of America spokeswoman. “We make every effort to work with victims and help resolve their situation as quickly as possible.”
There are ways to protect yourself, if you know about them, which I didn’t in 2013. Consumers can set up fraud alerts with the credit bureaus, telling financial institutions to take extra care before they allow a new account. They can also ask for a credit freeze for stronger protection.
“Fraud alerts are free, and they alert all three bureaus and every creditor in the country,” said AllClear’s Holland. “But unfortunately not many people take the steps to use them.”
Part of the problem, said both Holland and Velazquez, is that we make it too easy in the U.S. to access important information or open new accounts.
“We demand convenience over security,” Velasquez said. “When you have an experience like you’ve had, convenience becomes less of a priority.” Both suggested more use of two-factor authentication, like a password and a code sent to your cellphone, instead of easily circumvented authentication questions like confirming a high school mascot or a mother’s maiden name.
I got security questions very much like those when I went to the website of one of the three major rating agencies to get a copy of my credit report and entered my Social Security number and date of birth. One showed me a list of addresses and asked which I’d lived at recently. There was an address in Florida and several others I didn’t recognize.
None of the above, I clicked. And promptly was locked out.
The man who can answer that question is in prison. Yet the mess he created is probably still out there, waiting for me to walk into a new bank and find out he’s been there first.