Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Risk Management FREE Briefings Record Retention

   

















    Site Map

    Our Sponsors

    Home


Lending Gurus
Operations Gurus
Security Gurus
Marketing Gurus
Technology Gurus
eBanking Gurus

Print Friendly! Email This Article! Discuss NOW!


Identity Theft: Strategies for Protecting Customers and Avoiding Losses

by Lex Sheets, Product Manager, Primary Payment Systems, Inc.

The FBI reports that identity theft is the fastest growing crime in the United States. Identity theft is a common topic of conversation among consumers and has received extensive media attention across the country.

Consumers not only look to financial institutions (FIs) to protect their monetary assets and identities, but also to protect the organization's own assets and reputation. Identity theft, at a minimum, creates a financial burden on both the FI and the consumer, but it can also damage the reputation of the FI in the consumers' eyes.

Before moving forward, it is important that we properly define identity fraud, identity theft and account takeover (also see "Identity Fraud: The Need for a Common Lexicon" by Julie Conroy McNelley, vice president, identity solutions, Primary Payment Systems, Inc.).
  1. Identity Fraud - Identity fraud takes place when a fraudster creates a fictitious identity or manipulates an existing identity to evade detection.
  2. Identity Theft - Identity theft, a subset of identity fraud, occurs when someone wholly takes over another individual's identifying information.
  3. Account Takeover - Account takeover occurs when a fraudster obtains an individual's personal information (account and social security numbers usually suffice) and uses it to change that individual's mailing address with the FI. Once this is accomplished, the fraudster has a window of opportunity to perform transactions without the victim's knowledge. Use of a fictitious name to commit identity fraud can result in a financial loss for the FI, but generally does not impact a specific consumer. Identity theft, and the account takeover that may result, has a direct affect on the consumer, who may have an expectation that the FI should have prevented the account takeover.
The FI has a responsibility to protect the security of its consumers' identity information. Data security has received a great deal of national attention, as several recent stories in the media have highlighted the potential for database intrusion and the resulting damage - both financially and to the organizations' reputations.

Prevention is still the best cure. An FI has the opportunity to proactively coach consumers on how to avoid identity theft and what to do if they think they may be a victim. The FI benefits from both the avoidance of a potential loss and the enhancement of its reputation.

But what if an identity theft occurs outside the FI or as a result of the consumer's oversight?. Consumers will still expect the FI to detect fraudulent use of their identity and any attempt to take over their account.

One of the key aspects of account takeover is the desire of the identity thief to avoid triggering an inquiry by the consumer. Generally, the mailing address will be the first thing the identity thief will change so that notices, statements and potential follow-up questions and suspicions will not reach the thief's targeted consumer. The address change and subsequent suspicious activities are key to catching the identity thief.

One of the most common tools for protecting consumers is to mail an address change notice to both the old and new addresses. While this is costly, the notice should reach the consumer at the old address - if the address change was fraudulent - so the illegal activity can be detected and stopped before damage is done. Unfortunately, many consumers do not read the notice and lump it in with credit card offers, mortgage re-finance solicitations and other "junk" mail.

Another tool is to compare the new address to a list of known "mail drop" addresses. A mail drop is any location that will accept mail on behalf of someone else. While mail drop addresses have many legitimate uses, it is a red flag that gives your organization an opportunity to investigate further - perhaps by calling the consumer at their home or work phone to make sure that the phone number has also not been recently changed.

A comparison of the old and new address may also cause a red flag if the demographics of the specific areas of the addresses are significantly different. Income levels for very small areas, based on census information, can give an indication of a major change in lifestyle. Once again, there may be a legitimate explanation for the address change, but the red flag is an opportunity to contact your consumer to verify the accuracy of the address and perhaps present additional products that may be useful to your consumer.

Finally, events that occur after an address change can raise suspicions. Any activity that results in a funds withdrawal, access to funds or providing information about an account or consumer is suspicious. These suspicious activities may include:
  • A call or letter requesting a cashier's check be mailed to the address of the account (especially if payable to someone other than the consumer)
  • A request for new checks or a replacement debit or credit card (especially a rush order)
  • A request for a new on-line or bank-by-phone user ID and password
  • A request for a duplicate account statement.
If any of these events occur within 90 days of an address change, the FI should follow up with the consumer.

One other precaution is useful if a fraud ring attempts to take over multiple accounts. Watching for multiple address changes to the same new address can be a red flag for fraudulent activity. Exceptions include old addresses that are also the same (one consumer with multiple accounts) and/or the last names of the account holders are the same (family members moving to the same address).

The FACT Act (Fair and Accurate Credit Transactions Act of 2003) mandates the issuance of "red flag" regulations applicable to card issuers to ensure that address changes followed by a request for replacement card are validated. Regulators have not provided additional red flag guidelines at this time.

The requirement for compliance with the FACT Act is certainly an important reason to implement identity theft address change monitoring procedures. Protecting the assets of the consumer and the FI and protecting the reputation of the FI are equally important. For smaller organizations, many of the steps can be manually implemented. For larger organizations, implementing new technologies that will automatically monitor address changes and associated events will provide additional security and prove to be a sound investment.




Early Warning Systems Boilerplate (formerly PPS) For over a decade, Early Warning Services, LLC (formerly Primary Payment Systems) has been an industry pioneer by facilitating cooperation and information sharing among financial services organizations as a best-practice means to help prevent fraud losses and safeguard the financial assets of those organizations and the consumers they serve. A suite of services delivers this intelligence to where it is needed most resulting in billions of dollars in loss avoidance each year. For more information, please visit www.early-warning.com.

First published on BankersOnline.com 5/30/05




Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.