Identity theft blues

I have been the victim of a really shoddy bit of identity theft. Let me explain. A few days ago in the post I received two statements from a mail order company, one for more than £500 worth of goods, the other for more than £300. I had never bought anything from them in my life.

I rang them up and it seems that someone had managed to slip through their anything but rigorous security checks. I'm really amazed that the company in question didn't have systems that could spot that this was a fradulent activity. They did a credit check on me to see if it was okay, but there were so many oddities in the application that it's bizarre nothing was flagged up. After all:
  • Two accounts were set up for the same address (mine) on the same day
  • One was for a Ms B Clegg, the other a Mr D Clegg, so neither matched me exactly for the credit check
  • The date of birth given was wrong - again something the credit check should have picked up
  • Two orders were place, each using up most of the credit, each going to a different delivery address, not my address. One in Middlesex one in the midlands. Not suspicious, guys?
  • The kind of order was not typical. These were orders for lots and lots of relatively low price items like T-shirts, not for big money goods
It wouldn't exactly take top flight artificial intelligence software to spot there was something strange. Don't get me wrong, the company was very good about it, assuring me that they would sort it all out - but they seem to be very casual about giving away around £1,000 of credit.

The one good thing that came out of this, apart from having a topic for a blog post, is that at the company's suggestion I did a check on myself with one of the credit checking agencies, something I've been meaning to do for ages, and it was fascinating, though it emphasized even more how much incorrect data the mail order company was ignoring. Also it's interesting that when we hear 'identity theft', we think 'internet' - but in fact this was good old fashioned basic personal information misuse that could have been done without a computer in sight.