Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

'Too easy' for crooks says man whose identity was stolen to open a buy now, pay later loan account

Saturday, 17 July 2021

Wellington electronics developer Neill Bryce had his identity stolen by someone who got credit in his name.
Wellington electronics developer Neill Bryce had his identity stolen by someone who got credit in his name.

Neill Bryce is shocked at how easily a crook stole his identity to take out loans in his name.

The electronics developer from Lower Hutt found out someone had opened a Humm buy now, pay later account in his name when a debt collector contacted him just over a week ago, demanding money.

Bryce checked with credit rating agencies and discovered four other applications for credit were made in his name to GEM (owned by Latitude Financial Services), Genopay, Zip, and Layby Holdings, which all spotted and blocked the attempted fraud.

When Bryce demanded answers, Australian-owned Humm, which has over 2.3 million customers in Australia and New Zealand, revealed the crook had opened the account in January using just his name, his date of birth, his address, and his driver’s licence number.

**READ MORE:

* Hacked KiwiSaver member: We're already victims

* Tracking the data breach that gave crooks my credit card details

Cybercrime is the second least-reported crime, after sexual assault, according to the Crime and Victims Survey.

* Jail for the head of massive identity theft ring

**

“It's too easy,” Bryce said. “They are not even requiring the identification document, just the driver’s licence number.”

“It's done online, and you simply type the number into a box. That's not supplying identification.”

The email and the phone number the crook gave Humm were not Bryce’s.

Purchases were made using the Humm account in his name at JB HiFi and Rebel Sport totalling $620, he says.

When Bryce called Humm, which Westpac in New Zealand has signed a deal with to provide buy now, pay later finance to its customers, he was surprised at the response.

“The first person I spoke to was really quite jovial about the whole thing. I said, ‘It seems to be quite easy to do this kind of fraud,’ and she said, ‘It happens all the time’. I didn’t know what to say.”

Humm is owned by a giant Australian sharemarket-listed company called Flexigroup.
Humm is owned by a giant Australian sharemarket-listed company called Flexigroup.

Later he became angry when Humm said it had flagged the account as fraudulent within a day of it being opened, but despite having his address, did not appear to have even sent him a letter to alert him to the fraudulent activity it had identified.

After being contacted by Stuff, Bryce was called by Humm deputy chief executive Chris Lamers​, who apologised, but was worried publicity would provide a “How to guide” for crooks wanting to defraud Humm.

In a written statement Lamers said: “Fortunately incidents of fraud are incredibly rare but when they do occur, it can be difficult for victims and for everyone involved.

“We pride ourselves on working hard to eliminate fraud and we ensure there is as little impact as possible on the victim. We will always bear the financial cost of any fraudulent activity, ensure their credit file is not impacted, and we work with them to understand how the fraud may have occurred.

“Our systems and processes mean that it is still a rare event, and over the past 12 months, only 0.03 per cent of applicants have been fraudulent.”

Lamers said it paid an external anti-money laundering company to check all applications, but it also ran them through its own fraud management platform.

Westpac’s Australian chief executive Brian Hartzer and chairman Lindsay Maxsted resigned following the launch of an investigation by Australia
Westpac’s Australian chief executive Brian Hartzer and chairman Lindsay Maxsted resigned following the launch of an investigation by Australia's financial intelligence agency - AUSTRAC - over a money laundering and child exploitation scandal.

Humm accounts must have a valid credit or debit card loaded onto them, but Bryce said the one that was used on his account was stolen, which makes him think that his identity thief was likely to have been part of an organised group able to source stolen cards as well as stolen identity information.

Humm also confirmed it would not be pursuing Bryce for the money stolen in his name, and would call off the debt collector.

Mike Stone, director for AML at DIA, said under the AML laws lenders like Humm were required to take reasonable steps to verify the identity of their customers.

“In a situation where a new customer is signed up through an online process, there must be a robust mechanism to ensure that the person being dealt with remotely is the genuine holder of the identity they are claiming to be,” he said.

New Zealand driver’s licence is often used by lenders as an identification document.
New Zealand driver’s licence is often used by lenders as an identification document.

While there have been relatively few, low-level AML prosecutions in New Zealand, in Australia, sanctions have been brutal.

In 2019, Westpac was hauled over the coals for AML failures , including a small number of payments for child exploitation, which cost the bank A$1.3 billion in fines, and Westpac chief executive Brian Hartzer his job.

In 2018, Commonwealth Bank of Australia, which owns ASB, paid an A$700m fine for AML breaches.

Humm’s owner Flexigroup's 2020 annual report for investors on the ASX sharemarket cited “Failing to establish and embed processes and tools to support customer identification and credit assessment” as one of its material risks.

Bryce does not know how the crook ended up with his driver’s licence number.

Wellington electronics developer Neill Bryce has had a new driver
Wellington electronics developer Neill Bryce has had a new driver's licence issued, and he has had an alert put on his credit file at the three credit reporting agencies.

But, he says driver’s licences are routinely used as identification documents, so it could have been a privacy breach in an organisation he has dealt with in the past.

It was only late last year that the law changed to force businesses and other organisations to tell people when a privacy breach may have exposed their information to crooks.

Already this year, Bryce had been contacted by one organisation- his dentist- which had suffered a privacy breach in which some of his private information was compromised.

Lyn McMorran, executive director of the Financial Services Federation, which represents many non-bank lenders, said identity fraud was a cost to lenders.

They had been lobbying NZTA for controlled access to its database of driver’s licence photos so they could develop systems to match photos taken of people making applications online to the photos from the database.

“We have spoken with the NZTA around the issue that a driver’s licence is not just a licence to get behind the wheel of a vehicle. It’s an important piece of identification,” McMorran said.

“Lenders should have access to their photo database,” she said.

Bryce says it’s been hard work regaining control of his identity.

He’s had to deal with each of the lenders, get a new driver’s licence issued, and get the three credit reporting bureaus to place “suppression” tags on his file, so any lender knows he has been a victim of identity fraud.

He is also working to get his credit score restored.

“My credit rating is now within the worst tenth of the population,” he says.

He's also made complaints to Police, and regulators including the Privacy Commission.

Fraud and cyber crime has been identified as the most common form of crime in the Crime and Victims Survey, but also the least reported with just 7 per cent of victims bothering to inform authorities.

Bryce suspects that's because people know no action will be taken.

Police have told him: “After carefully considering the circumstances and information available, we are unfortunately unable to take further action at this time.”