• Suzanne Tyrell and Tammy Wu
  • Published: 09 October 2023


Fraudsters continue to plague the retail energy space. We explore the scope of the challenge and offer advice on how providers can combat it.

Identity theft has been one of the most common crimes in America, soaring over 584% in the last 20 years according to an article published by Consumer Affairs.1 In 2022, over one million identity theft complaints were filed in the US, with Texas ranking in the top 10 of all cases filed.2 And in 2023, it is more common than ever across various industries, including retail electricity markets. 

Many retail electricity providers (REPs) across Texas are facing an increase in fraudulent enrollments with bad debt estimated to be more than $150 million. Going back to 2020, Pulse Power worked with law enforcement on an investigation into the theft of electric services resulting from stolen identities.3 In 2021, KPRC, an NBC TV affiliate in Houston, reported that a man discovered his identity was stolen and used to open seven fraudulent electricity accounts across multiple REPs, racking up more than $4,400 in charges under his name that eventually impacted his credit rating.4

How does this happen?

Similar to most industries, it looks very much like organized crime. The fraud rings are smart and target specific communities or customer demographics while setting themselves up to act like a REP or retail electricity broker to lure customers with the promise of cheap electricity with no deposit or credit checks. All of this is done through social media engagement, cheap advertisements, or crude websites using temporary phone numbers to interact with customers. The targeted demographics are typically those without service, with a poor credit history, have prior bad debt associated with their address or identity, or currently under an ERCOT (Electric Reliability Council of Texas) switch-hold.

How does it typically work?

The fraudsters know how to bypass ERCOT rules and figure out – by trial and error and most likely machine learning – how to poke holes in internal controls, blocks, checks, and business rules established by the REP’s enrollment channels, including using stolen credit card information to pay deposits. In comparing notes with multiple REPs, including Rhythm Energy:

  • When the customer reaches out to the criminal organization, they are typically charged an upfront fee or ’prepayment’ for their services.
  • The fraudsters will then ’shop’ the address using robotic process automation (RPA) cycling through retailers directly on their website or marketplace websites using stolen identities until the address is on flow.
  • Once service is turned on, they will notify the customer to call them back once they receive a disconnection notice so they can find new service.
  • Upon receiving the disconnection notice, the customer will reach out to their contact at the fraud REP again and notify them about the disconnection notice.
  • They will charge the customer another service fee to transfer the customer’s service using same-day move-ins to another retailer, so their service won’t be interrupted.

As soon as the holes are closed, the rule is stale because the fraudsters are already figuring out where the next weakness is, essentially becoming a game of ’whack-a-mole’.

What is the benefit for the fraudulent REP?

As a result of REPs fraudulent schemes, they profit from thousands – if not millions – of dollars in “service fees” while the legitimate REPs are left with the bad debt incurred from the utility and supply charges. To add on to this, during the summer months or extreme winter conditions, ERCOT may call a moratorium on disconnection for non-payment of services, and the customers with fraudulent accounts will receive additional days of service, which increases the REPs’ bad debt and risk exposure. The criminal organization will continue to move the customer’s service around to different REPs, and with more than 100 registered REPs in Texas, the statute of limitations on bad debt and collections may expire before a customer has moved through them all using stolen identities. 

What is being done to combat this issue?

Unfortunately, not much is being done at this point as ERCOT, the Public Utility Commission of Texas (PUCT), and other legislators have not raised or passed any legislation to stop these criminals, leaving all REPs at risk. A good starting point could be as simple as changing the rules on tampering switch holds. According to Jen Schmitt, who is the Senior Director of Operations at Rhythm Energy, customer protection rules should be modified to allow REPs to place electronic service identifier IDs (ESIIDs) on switch holds for financial fraud reasons, which is similar to existing switch hold functionality and rules used by the utilities for meter tampering and other utility fraud. This may not help the REP in the heat of the moment, but it could help stop the ESIID and fake customers from committing future fraud if used broadly by all REPs. 

How do we move forward?

Instead of waiting until the appropriate legislation is in place, or the PUCT responds to the impact this threat has on the ERCOT market, REPs should take immediate action to harden their defenses against fraud. Capco can help REPs identify weaknesses, fraudulent enrollments, and prevent additional risk exposure by analyzing your enrollment channels, business rules, internal controls, credit policy, credit and identity check processes, and data analytics. Additionally, we can help you implement process improvements with your current tools, vendors and control framework to maximize your profitability by minimizing your bad debt exposure. Let Capco help you create a balance between maximum acquisition and an appropriate level of risk management to stop the ongoing game of ‘whack-a-mole’.