Another timing hint: Did you take your tax return to a Kinko's or other public duplication service? I've heard of the internal hard drives/scanners being nicked from faxes and high-speed copiers in those places, for the same reason.

But your bank theory sounds most likely.

Oh, and why keep old bank statements under lock and key? Why isn't shredding secure enough?

I find it fascinating that the police are not particularly interested in this. Five-figure theft, fraud, and more - isn't this the kind of stuff they're supposed to track down?

And Bank of America - does their publicity department know about this?

BofA sucks rocks. I kept getting spam that was supposedly from BofA; I knew it was spam because I don't have an account with them. I called a local branch and told them about the spam email, and asked if they had a security policy about spam and if I should send them a copy of it. And the guy said, no, don't bother, there's too many of them! I'm so glad I don't have any accounts with BofA. It's as if they care nothing for their customers.

I was going to suggest that it was an inside job. Something similar happened to me at Commerce Bank (in NJ) years back. Not only did Commerce not really seem to care, they showed no interest in investigation. (I got the impression this had happened before.)

Did you find out if the "update" to your driver's license info is a standard procedure? If not, that may provide a direct link to your thief.

I recieved a letter from a collection agancy a few years ago about a delinquent account my DH had at JC Penneys. He's never opened an account there, but someone sure had. I filed a police report, and a detective actually did some work on it, but said JC Penny's wasn't helpful or concerned. Guess where I'll never shop?

I've got a fraud alert on both our credits, not sure if that's like a freeze, but it means no one can open credit in our name until the credit bureau talks to us at our home number on file with them. So, no instant credit for us, but not for anyone else either, in theory.

I am not some conspiracy freak, but I give some thought to the concept of living off the grid-no credit cards or bank accounts. You can get your house set up for solar/wind power (better for the environment anyway!) for less then $10,000, and have no utility acounts either, if you dug a water well too. My drs office has all computerized medical records, which means they could be hacked too. I'm pretty sure the internet will crash at some point, and then we're all in trouble with our whole lives disappearing into the nether.

Yeah, that "update" business sounds very suspicious. I've never had a bank ask me that. In fact, the times I've moved, it's been like pulling teeth to get institutions to update my address and phone number.

Some years ago, Central Bank of Alabama (since bought out) had a deal where they were providing customers' credit card numbers and account information to "affiliated" telemarketers, without the customers' knowlegde or consent. A telemarketer called the house one day, identified themselves as being a bank employee (they weren't) and said that they were offering a new health insurance plan and was I interested in receving some information. Since I was self-employed at the time, I said yes. They took the tape of me saying "yes" and editing that into another tape of a different person asking if I consented to a policy being charged to my credit card. But they screwed up... they didn't dummy up me giving them the card number! My wife talked to a bank employee and got them to admit, in writing, that they had provided the account info to the telemarketer, and that it was standard procedure.

We contacted the Alabama Attorney General's office and provided them with the info. They launched an investigation. The wheels ground slowly, but they did grind: several years later, we saw a newspaper article stating that the AG's office had compelled the bank to sign a consent decree and pay a rather large fine.

How do you freeze your credit? I was thinking about doing that.

My dad had his identity stolen about ten years ago before it was the "big thing." It really screwed him over for a long time. He still gets crap when he's dealing w/ banks.

Put on those high heels and click on the "43 states" link above...

I find myself using cash more and more since reading this story --- a grocery store had its card reader replaced with a unit that kept the passcodes and card numbers, allowing the thieves to clear a quarter million bucks from their customers' accounts:

http://www.insidebayarea.com/sanmateocountytimes/ci_9313009

Thanks for the info, Amy. I'm putting that freeze on right away though my credit's so bad, my credit so low, that I doubt I have enough of an identity to steal. (Yes, I'm blushing with embarrassment as I type that.) However, it would be just my luck that a thief could get credit in my name anyway. Better safe than sorry.

Oh, and Gog's post reminds me. I just learned the hard way about the debit card usage. I prefer cash but sometimes when I haven't got it out I'd use it on the weekends. Our local supermarket chain was breached and, of course, mine was indicated and had to be replaced by my bank and all. News said the other day that there's going to be a class action suit but I don't see much sense in that since I didn't actually suffer any losses. Just a real pain in the neck.

Someone broke into my office a couple years ago and stole my computer. The one I did my taxes on. I called and asked to have my credit frozen, but as far as I can tell, it never happened. I applied for and received 2 credit cards (applied as a test!) during the time it was supposedly frozen. I'd suggest getting a copy of your credit report every month. It's the only way to know for sure if your getting screwed with!

A similar thing happened at some grocery stores in Desoto County, near where I live. Thieves were able to steal numerous credit and debit card numbers. Here's the kicker, the company that owned the card readers knew they were vulnerable and had posted the "confidential" memo about how to steal the numbers on their website! Then it took them over two weeks after this happened for them to finally remove the memo.

Also, our local news this morning had a story on technology making it easy to pickpocket your info. Those credit/debit cards that have the quick pass technology so you don't have to sign can be tapped from your wallet. Don't use or carry them. God knows how long before the other can be also. Cash is the way to go as much as possible anyway.

Did you take your tax return to a Kinko's or other public duplication service?

I'm a person who doesn't use checks or a debit card, and I'm going to hand my tax return over to some stranger?

This woman had my bank account number plus a fake copy of my license.

Fortuitous timing.

Last Tuesday, the Denver Post thought it would be a good idea to put up an online database of all Colorado state employee’s salary information. The database contains full name, agency, annual salary, position, and date of hire. At least they didn’t include SSN and home address.

I’ll start the freeze on my credit now.

I shop at hannaford, a regional supermarket chain that recently had cc #s stolen. there was a story in the newspaper about a month ago about the class action lawsuit involving the store. the woman who started the suit shopped there but paid in cash and had no info compromised! she claimed undue stress over the situation.

Consider who processes information, too, that you enter into a document...who enters it into other areas, other documents. This is a disaster waiting to happen in a lot of people's lives.

shit happens

it'll be resolved

Imagine our relief.

(Damn try number two)
First in the last Twenty years or two credit card secuity has changed very little. As long as I can remember PIN numbers have not changed. 20 years ago 4 digits Now still 4 bloody digits. Ohhhh some have six digits. What if I want 10 digits with alphanumeric. Want to change your PIN. 90 percents of banks will say sorry can not do - easily. The only really big security changes I remember is some banks used to put pictures of the cc owners face on the card. Yet the has faded into irrelevancy. Found out that BoA still does it but you have to ask for it. Why not make it mandatory. Picuture on Credit card is a white woman and the user is a black woman hmmm something is off here.

What happened to biometrics. God this was to be the age of fingerprint scanners and retina readers. That is what the movies told me. Lying studios (sob). Nope Credit cards still do not use it. We have the tech. We can shove 10,000 photos on little memory card and you can not get a credit card to hold 12 photos (10 fingers and 2 eyes). Heck one photo. Right hand thumb.

What is the biggest security we have for Credit Cards - signatures and those are a joke - literally. http://www.zug.com/pranks/credit/
Most cashiers do not check signatures. Heck we have those little computer pen stands at some stores and yet those can not be used to verify a signature. People start training you chasiers. Do not leave until they at the least check the signature to the receiept. Heck big purchases ask them for you to show another piece of ID.

But the biggest lapse of security of this whole hassle for Amy is LOGIC. We live in the age of Data Mining and Data profiling. Ask google about me and they now more about me then my Sister does. They could tell me - What books I read. Where I will likely shop, What kind of clothes I will wear? If I like to screw women, men, sheep or all together. Next vacation heck they could nail it down pat. Yet banks do not use that logic and computing power. From my basic observation of Amy aka reading her articles and blog. That she will likely take money out in LA area, New York, Paris and some major cities in the US. But if she was to use her card in a BANK to take out 1000 dollars in buttcrack TEXAS that something is off and to verifiy who she is. Banks should have computer programs running 24/7. Looking for patterns and flagging those that are off. I bet those computers could be paid for in 1 month of the money lost in credit card fraud.

Some good books to check out
Art of the Steal by Frank Abagnale of Catch Me If You Can movie fame.
How to Be Invisible by JJ Luna

All great points. The most minimal due diligence was not done.

Oh, and by the way, the woman didn't have a BofA card -- just a fake license in my name and my account number.

I came in late to class... How did she get your account number

One more tip, don't sign the back of your credit cards. Instead write ASK FOR I.D. That way, even if your entire wallet is stolen, the thief can't start using your credit cards right away, as the picture on the ID won't match, and it buys you some time to report the theft. I always thank the sales clerks who ask for my idea when I hand over the credit card.

"idea" = "ID"

I've heard that idea a lot, but credit cards are actually pretty safe unless somebody opens up a new account in your name, and that's when you're fucked. Credit card companies monitor weird purchases and will shut down your card or call you right away.

I came in late to class... How did she get your account number

My speculation, because I consider checks risky instruments, and write them only to my landlord, my French teacher, my cleaning lady, and my masseuse, with very few exceptions (insurance and the DWP), and that she had my driver's license number too, which I believe only BofA has along with my auto insurance company and the DMV...the combo of info she had (account # plus driver's license number, plus birthdate)...plus the fact that this started just days after I went into BofA to deposit money in my IRA, and gave them updated driver's license info...leads me to believe that the info came from BofA, and that somebody within the bank or at a data entry company they use stole or sold the information.

I'm all over them on this, and will not let them get away with this. Awaiting word back from a few people at BofA.

They let this happen SEVEN times, in places I never go (Garland, Texas; Dixon City, CA) and let the woman withdraw large sums of cash ($2500, $1500, at a shot, going from teller to teller in two instances), says that this is not a fluke or an accident but business as usual at BofA.

OMG, Amy, this is a nightmare, but I admire your complete composure and financial acumen...will any of this saga make it into the book?

Unfortunately, I don't live in one of the 43 states with credit freezing, and I can't pull more than one set of credit reports from each of the three monitoring agencies more than once a year without incurring some significant fees. Hell, until recently, the Virginia DMV routinely (and stupidly) used SSN's as driver's license numbers, unless a driver specifically requested another number. Clearly some states remain woefully, or willfully, ignorant about the issue of identity theft and credit fraud.

I've learned to make the best of the one-year rule by pulling one report every four months (ahh, Trans Union is lovely in June!). That method provides a reasonable degree of monitoring. Also a big fan of my trusty, cross-cut shredder. It's never met a credit-card offer that it couldn't chew up in five seconds.

It sucks that you're having to deal with credit crap that BofA could have prevented with even minimal due diligence. Fortunately, you have tenacity in spades!