Someone applied for a credit card online, with Santander Cards. They gave my name and address, and a phone number that wasn't mine, and an email address that wasn't mine. They gave my correct birth date.
Given all that, Santander sent out a credit card, to my address. I was quite surprised; it isn't exactly difficult to get my name and address (phone book, voter registration). And I don't know where they'd have got my birth date, but that's never been a big secret (however, I've just changed my birth date on Facebook to 01/01/1905).
I know about this because Santander smelled a rat (they didn't tell me how, of course, but I suspect the same fraudster applied for cards in other names at the same time) and I got a phone call from them, asking me if I'd just applied for a credit card. I told them that I hadn't.
The card is already in the post to me; the fraudster presumably has some plan to either use it on the internet (it's fairly easy to guess the expiry date, it's usually two years, but if that doesn't work, you could try other dates) and a lot of web sites don't require the security number on the signature strip. The Santander people didn't know this, and thought that the plan would be to intercept the card in the post. Which I feel is less likely than my idea. But hey, they're the great security experts, who am I to disagree?
Santander have already blocked the card, and put a note on my credit file advising of the attempted fraud, warning other banks to be careful about granting credit on such a flimsy evidence of identity. That should show up in a few days.
But I don't see why the fraudster would have applied for just one credit card. I'd guess that other companies will have had a similar application. So now I have to look at my credit reference.
Because it isn't just credit card companies that give credit. There's also phone companies, for example.