What can my Identity Doppelganger do with a Citi Custom Cash Mastercard in my name?

by philg

Almost time for serious Christmas shopping. Personally, I prefer to pay for everything with someone else’s credit card.

Apparently, this idea is not original because I started getting U.S. mail letters and text messages regarding a Citi Custom Cash Mastercard. This was a little confusing because I was not a Citi customer, as far as I knew.

It took about 10 phone calls and hours on hold to sort out the mystery. Citi doesn’t want to talk to anyone unless he/she/ze/they (a) enters his/her/zir/their credit card number (which I don’t have, since I never applied for a card or received one), and (b) enters his/her/zir/their Social Security Number (which I was initially unwilling to do, since I am not a customer and they shouldn’t need it, but of course I eventually had to provide it).

It requires a huge amount of diligence and time to get through to anyone at Citi to report that one’s identity has been used without authorization. The smart thing to do would have been to give up, but I managed to look at my credit report via chase.com (a much more efficient enterprise, I think!) and it showed a $9,400 credit limit card that had been opened on November 10, 2021.

The would-be smart shopper used my address and cell phone number. Presumably the physical card would have been mailed to my address, but I never got it (we’re in an apartment building with locked mailboxes so unless it was a former tenant or the management company, I don’t see how anyone could have gotten into the mailbox).

This leads to a couple of questions…

  • How did Citi create a Mastercard account without ever mailing out a physical card?
  • How did an identity thief expect to benefit from opening a credit card account if the physical card would simply be mailed to me and not him/her/zir/them?

Somehow I think that my doppelganger was able to at least attempt charges because one Citi letter says “we noticed suspicious activity on your Citi Custom Cash Mastercard account that may have been unauthorized.”

20 thoughts on “What can my Identity Doppelganger do with a Citi Custom Cash Mastercard in my name?

  1. You should have simply asked to get one of these cards? Then be told you already have one, to which you would say “no I don’t” and they might be prompted to investigate? Just a thought. Back in the early days, one of my credit card’s info. was stolen (and used), but I noticed a strange charge (for all of $2.99) and called, at which point we went through purchases and canceled the card. Best to stay on top of these things. Why they would want to be you? idk. Had they realized they would be subject to ridicule here… 😉

  2. > It took about 10 phone calls and hours on hold to sort out the mystery.

    This is the worst part. The amount of time and effort required in modern life to sort out the mistakes of others (and probably be humiliated in the process).

    In Europe only registered mail works for this sort of thing, phone customer “service” is useless.

  3. Customer service is going to get worse, much worse. If you need services from a company large enough to have a HR department expect said company to barely function, if at all.

  4. Fidelity Investments used to have great telephonic customer service, but ever since Covid started I can’t get a live person. I have to schedule a telephone conference with my local assigned rep.

  5. About fifteen years ago, I set up a credit freeze for myself with each of the three credit bureaus. It’s worked well. Must be sure to remember your log-ins and passwords if you later wish to un-freeze.

    • I’ve done this as well and periodically need to unfreeze when someone needs access to my credit report. Surprisingly, it’s not too difficult to manage. Recommended.

    • Credit freeze works but it would be better if the freeze had an option to be read-only rather than read-write access or no access.

  6. Crime was one part missing from the suburban Greenspunchussetts blog posts, but is a part of living in south Fl*rida. Not too late to move to Gainesville.

  7. How, you ask? Our postal service at it’s finest:
    https://nypost.com/2021/12/08/usps-mail-carriers-stole-credit-cards-as-part-of-huge-identity-theft-ring/
    “…swiped over 1,000 credit cards that were then used by another defendant to buy high-end goods at luxury retailers, prosecutors said.”
    Now this seems that they just stole cards being legitimately sent to customers and then figured out how to activate them. It doesn’t seem far fetched to imagine a similar scheme where the account is opened from an offer letter stolen from the mail or intercepting a card applied for and sent to an unwitting victim. All you need is consistent access to the same mail route. Pretty brazen.

    • @demetri:

      It’s very easy to get a USPS job particularly at a large SCF (sectional center facility) during the Holidays. Most of the people there tell their friends and relatives so they can pick up some extra $$$ over the holidays, I suspect sometimes in more ways than one.

  8. > How did Citi create a Mastercard account without ever mailing out a physical card?

    Capital One does this all the time, at least with secured cards. You fill out online forms and transfer the money needed to secure the card. They create the account and hold the money for at least a full month before mailing out the card. You begin to wonder if the account is real and if the card will ever be mailed out, and how you will get your money back if it isn’t. Their tracking system on the website is inaccurate and says that your card has been shipped, but it takes a long time to arrive. You call customer service and wait. Finally you speak to someone who repeats exactly what the website says. If you’re lucky, the card arrives ten days after they said it would.

    In rural areas especially, the mailboxes on the streets are very dangerous. A lot of people have their mailboxes situated literally hundreds of feet from their homes. Well, the bad guys know that, and they know you can’t see them rifling through your mail in the middle of the night. My mailbox is only 25 feet from the front door and it still happens, we get mail that has clearly been opened and we have also suspected that the local PO workers have done it on more than one occasion, because they’ve burned through a lot of new workers in the past 18 months. The “mailman” keeps changing, so either they’re quitting or getting fired.

  9. Also, Facebook is turning into a data-harvesting platform in more ways than one. If you frequent FB you’ve probably noticed a big uptick in “intriguing question” posts that are designed to game you into typing in formerly mundane and semi-secret details about your past like:

    “What was the first car you owned?”
    “What was the name of your first pet?”
    etc., etc.

    Well, of course the data goes to Facebook but thousands of people respond to those things because they’re bored, and any old data scraper who reads the comments can grab the answers. They also may be using that same information as answers to security questions. Of course, their real name is displayed next to the answers they give.

    I think Facebook isn’t just the largest data-mining operation in history, it’s also probably the seed corn for some of the largest identity theft operations in the world!

    • I once fell for one of those. The question was “Name an animal that has chased you.” I answered “butterfly” which is the password to all of my accounts.

    • @Alex, we need the government to step in an fix this madness. Philip’s microchip idea for COVIDFear is the solution. It can be used for fraud prevention and to #FlatenTheCurve. Two birds in one stone.

  11. They can use the account for card-not-present transactions like Amazon or catalog orders. They usually post a trivial charge ($1.99ish so you likely won’t notice) to verify the account works, then sell the account on to someone who slams it with big charges before you get the bill. At that point you learn how really nasty untangling it can be. The issuers are getting better (AI?) at flagging the scams on the fly.

  12. Isn’t check fraud even easier? The bank routing number and checking account number are printed on every check. Couldn’t I just use those numbers off the paper check of some dupe and use it to pay bills or make other on-line purchases. I pay my property taxes and property insurance on-line using my checking account routing number and account number. My tenant makes direct on-line deposits of the rent directly into my checking account.

  13. After putting our house up for sale – pretty much public information – I had someone place mail forwarding with the USPS to a Brooklyn, NY address. They then ordered credit card from an “offer” addressed to me by one of my banks. The only reason we noticed it right away was that my wife received the USPS notification about the forwarding and found it out of character with her slacker husband.

    Funny thing is nobody cares. USPS gives you hassle to undo the forwarding. Police has important crimes to solve.

Comments are closed.