May an Identity Theft Victim Sue the Lender that Allowed the Thief to Open the Account?

Suppose an identity thief takes out a loan in your name with a lender, defaults, and so blemishes your credit record. Do you have a claim against the lender for opening the account ? (The question of what the lender's obligations in its role as a furnisher of information is dealt with by the FCRA in § 1681s-2 and I won't address that in this post.) Up to now, the answer has usually been no. If you could show that the lender had obtained your credit report and that it lacked a reason to believe that the imposter was in fact you, then under FCRA § 1681b the lender would have obtained your credit report without a proper purpose, and it would be liable. See Andrews v. TRW, Inc., 225 F.3d 1063 (9th Cir. 2000), rev'd on other grounds sub nom. TRW Inc. v. Andrews, 534 U.S. 19 (2001). But often the lender will indeed have a reason to think that you are the person applying for credit. Many common law claims are preempted by FCRA § 1681h(e) and courts have generally rebuffed consumers arguing for creation of a new claim, such as negligent enablement of imposter fraud. See, e.g., Polzer v. TRW, 256 A.D.2d 248, 682 N.Y.S.2d 194 (1st Dept. 1998). But a new case offers more hope to identity theft victims. In Wolfe v. MBNA America Bank, 485 F.Supp.2d 874 (W.D.Tn. 2007), plaintiff alleged that the defendant had issued a credit card to an identity thief using the plaintiff’s name without verifying the accuracy of the information in the identity thief’s application.The court refused to dismiss plaintiff’s negligence claim, saying:

With the alarming increase in identity theft in recent years, commercial banks and credit card issuers have become the first, and often last, line of defense in preventing the devastating damage that identity theft inflicts. Because the injury resulting from the negligent issuance of a credit card is foreseeable and preventable, the Court finds that under Tennessee negligence law, Defendant has a duty to verify the authenticity and accuracy of a credit account application before issuing a credit card. The Court, however, emphasizes that this duty to verify does not impose upon Defendant a duty to prevent all identity theft. The Court recognizes that despite banks utilizing the most reasonable and vigilant verification methods, some criminals will still be able to obtain enough personal information to secure a credit card with a stolen identity. Rather, this duty to verify merely requires Defendant to implement reasonable and cost-effective verification methods that can prevent criminals, in some instances, from obtaining a credit card with a stolen identity. Whether Defendant complied with this duty before issuing a credit card in Plaintiff's name is an issue for the trier of fact. Accordingly, Defendant's motion to dismiss Plaintiff's negligence and gross negligence claims in the first factual context is DENIED.

The court also found that plaintiff’s allegations stated a claim under the Tennessee UDAP statute and were not preempted by the FCRA.