We allow customers to apply for accounts using an online application. To assist in identifying the applicant, we match the information provided by the customer with information obtained from Equifax. We have had some cases when the Equifax report indicates that the name and/or ss# was previously used in furtherance of identity fraud. When combined with other information inconsistencies (i.e address doesn't compare, DL# not validated), we typically decline the application (can't reasonably confirm applicant's identity). However, in these extreme cases it "feels" as if we were just confronted with a case of someone using stolen id information in an attempt to open an account.

Other than declining the application, are we required to report this event? If so how and to whom?

Thanks