“Paper trails, though, are terrifying to regulated institutions. Your bank’s customer support representatives are taught to evaluate whether someone looks like they’re competent and collecting a paper trail. If they are, the CS rep is supposed to stop touching the case immediately and instead escalate them to a supervisor or to the legal department.
The legal department (or an analogous group – it is different at every bank) is not scored on cases resolved per week. They are scored on regulatory incidents per quarter, and their target for success is likely zero. Shockingly senior people will be involved to avert regulatory incidents.
What causes a regulatory incident? Bad behavior on the part of the bank? No. Banks screw up all the time; the screwups are literally forecast and budgeted for. Do regulators cause regulatory incidents? Generally no; they’re understaffed and underfunded, and they don’t go on fishing expeditions. The thing which causes regulatory incidents is well-organized people taking paper trails to regulators which allow a regulator to trivially follow up with an investigatory letter. Accordingly, anyone who sounds like a well-organized professional with a paper trail is a problem to be swiftly addressed.”
—Patrick McKenzie. “Identity Theft, Credit Reports, and You.” Kalzumeus.com. September 9, 2017.
Useful addition to addressing identity theft beyond How I Learned to Stop Worrying and Embrace the Security Freeze — Krebs on Security, and Graham Cluley’s more consise summary of Kreb’s recent advice, which includes a freeze on your ChexSystems data.