Robert Korinke was home having an early Christmas dinner with his family on Dec. 23 when there was an unexpected knock at the front door. It was a delivery service with an urgent package -- but this was no holiday gift. It was notice they were being sued by Homecomings Financial Network Inc. for $75,000, plus attorney's fees. The retired California couple's offense? They had been victims of identity theft three years earlier.
The Korinkes' story has a typical beginning. In April 2001, as the couple applied to refinance their home mortgage, they noticed disturbing entries on their credit report. There was some $75,000 in unsettled debts on a line of credit they once held with Homecomings. But the couple had settled its debt, and closed the account, the year before.
After some frantic phone calls and a lot of paperwork, the matter had apparently been cleaned up. An imposter had managed to gain control of the line of credit, and switched the address on the account to Houston, Texas -- so the Korinkes never received notice of the outstanding bills.
By July 2001, the Korinkes held paperwork from Homecomings indicating they weren't responsible for the debt, and they moved on with this lives, believing the episode was over.
That is, until Christmas 2003, when the messenger arrived with a lawsuit, filed in Texas.
Homecomings, a subsidiary of GMAC Financial Services that originated $18 billion in residential mortgages last year, claimed the Korinkes had been negligent. The Korinkes were slow to discover and report the identity theft, and that "caused the injury to Homecomings," according to the lawsuit. "As such, Korinke is liable for any and all sums attributed to his negligence."
Korninke's first thought: "This is unbelievable," he recalled. "I'm the injured party."
The company's attorney, J. Allan Smith, said the firm would not talk about the lawsuit.
Through a friend, the Korinkes found lawyer and identity theft victim specialist Mari Frank, who agreed to take their case.
"They called me, and I was just shocked. I thought, 'What is this?' This is the financial industry victimizing victims," Frank said.
Frank convinced Homecomings to drop the lawsuit in January -- albeit without prejudice, meaning the firm could resurrect the case, Frank said. The possibility of future incidents with the company has made both Korinkes worried and restless.
"They are thinking, 'When will we be hit again? We thought it was over before,'" Frank said.
Not always an easy road to recovery
Much has been written about the frustrating paths identity theft victims must take to clean their records of the fraud, but generally, it's been accepted that few victims ultimately lose money to the theives.
After all, credit cards offer zero liability, meaning fraud victims don't pay the bills incurred by their imposters. And in many well-publicized identity thefts, magnanimous financial institutions — acting above and beyond their federally-mandated responsibilities — refund the money lost by patrons to crooks.
But not always. Other victims are finding out the hard way that consumers really can lose their money to imposters, and that to get it back they must square off against financial institutions that can take a hard line.
In fact, banks often put up a "damn good argument," said Linda Foley, founder of the Identity Theft Resource Center in San Diego, Calif. "And how does Joe Consumer fight a big bank? If you come out whole, you should consider yourself really lucky."
John Watson, of Santa Clara, Calif., found himself embroiled in just such a case last year with Bank of America and PayPal, the online payment tool used by many eBay.com auction buyers and sellers. Watson discovered $7,600 was missing from his Bank of America account; an imposter had apparently opened a PayPal.com account in his name, and pulled money into the account from Watson's bank funds.
The withdrawals actually occured in July and August of 2002, but because he was traveling, Watson didn't notice the money was missing until January 2003. When he called the bank, he was told he was out of luck.
"They said I didn't inform them within 60 days, and there was nothing they could do," he said.
By then, all but $2,100 of the money had been spent from the PayPal account. PayPal eventually gave Watson that sum back, but refused to help with the rest of the missing $5,500.
Undeterred, Watson sued both firms in Santa Clara small claims court.
"It only cost $38," he said. "I had to try something."
Consumer protections limited
Watson learned the hard way about "Regulation E," the FDIC's consumer protection rule governing electronic funds transfers and debit cards.
Consumers are generally aware that credit cards come with generous protections -- their liability for theft is limited to $50, and even that sum is now waived by most banks. But no such broad protections are afforded to debit cards and other electronic cash-based transactions, such as funds transfers between a checking account and PayPal.com.
According to Regulation E, consumers must report a electronic funds transfer problem within two days to insulate themselves from liability, and even then are still on the hook for $50. Consumers who report a problem within 60 days have their liability capped at $500. But after that, there are no federally-mandated consumer protections -- and like Watson, consumers may end up losing all their money. Legally, victims in this situation are on very shaky footing when they try to fight their bank.
The other problem with money that's been stolen directly from a checking account, Foley said, is that it's already gone — a very different situation than a credit card takeover, where consumers can simply refuse to pay the bill.
"There's always an immediacy issue when your money has been drained from your checking account," she said.
That's what happened to Mary Hale of Seattle, an elderly woman who fell for a telemarketing scam last year, and surrendered her checking account information to an alleged con artist over the telephone. Some $800 was taken out of her checking account, leaving her with a $300 negative balance. When her December Social Security check arrived, Bank of America took $300 from it to cover its losses.
Hale, who appeared at a Federal Trade Commission press conference in January as an example of a typical fraud victim, was left with barely enough money to pay her rent and eat.
"I didn't have any Christmas," she said.
In early February, some of the money was returned to Hale, said Bank of America spokesman Harvey Radin, and the company is still working with her.
"We are trying to determine what happened," he said, declining to discuss additional details of her case.
Often, Radin said, the bank provides what it calls "provisional credits," for victims of identity theft, so they do not have to live without their money while an investigation takes place. And even though federal laws don't mandate it, the bank will often return lost money to victims after it completes an investigation, he said.
"Generally, we will refund the amount," he said. "We do what we can to make customers whole."
Small claims court victory
Bank of America wasn't so generous with Watson, the man who took the financial institution to small claims court. But his story does have a happy ending.
In November, Watson pled his case before a judge in Santa Clara, Calif., saying PayPal should have notified him immediately upon discovering the fraud. Bank of America argued that it was the consumer's responsibiltiy to regularly check bank statements for errors, Watson said.
"I said, I really don't think that's fair. Sometimes details are buried within the bank records."
Watson, 44, said he had never before been inside a courtroom.
"It was kind of scary going up there in front of the judge," Watson said. "I didn't think I was going to win."
But on Jan. 7, he received notice that the judge had ruled in his favor. Soon after, he recieved checks from PayPal and Bank of America for about $2,500 each. He was still out about $500 -- small claims court cases are limited to $5,000 in Santa Clara, he said -- but after a year without the money, he was glad to have it back.
"I couldn't believe that I'd actually won," he said.
Bank of America's Radin couldn't provide additional details about Watson's case. PayPal spokeswoman Amanda Pires said her company "regrets very much that this incident happened with Mr. Watson," adding that the firm recommends customers check their accounts at least monthly."
Not everyone wins
But Frank, the identity theft attorney, is worried that victims who don't have the means to find a good lawyer, or to pursue their own case, may be losing out in battles with financial institutions. The Korinkes, for example, found her only because she is a friend of a friend -- and because they are both retired professionals, they knew what questions to ask.
"How many other victims will be as bright as them?" Frank said. She knows of one case where a debit card fraud victim lost $30,000 that was never returned, she said.
Foley has heard victims facing similar fates. One of the victims her hotline is currently helping is now in deep in a battle with a large bank, and still out thousands of dollars while the investigation continues.
"She brought in her driver's license and passport, but they sent her home to get utility bills to prove she was who she said she was. When they were done they had looked at eight pieces of information," Foley said. "She argued and argued. She's still arguing with them and it's months later."