We are looking at possibly developing an "Incident Report" form that can be used when an employee encounters evidence of identity theft activity for a customer. The form could be used to document the customer file and a copy would be forwarded to the Identity Theft Prevention Officer for use in compiling annual reports to the Board.

Is anyone using a form similar to this that I could adapt for use in our bank? Any responses are appreciated.

KYAuditor....

I am using a log... you are welcomed to it...very basic!

Would you consider sharing your form with BOL to post in the Tools section?

We have modified our suspicious activity transaction reporting (SAR) to include the ID Theft incidences. This way we have only one process for reporting incidences to our Security risk department.

Lori

I am reviving this thread because like Compliance 4521, we too have modified our front line SAI ("suspicious activity information" form)to include reporting incidences of ID theft. I wondered what kinds of reports are being documented by other Banks for identity theft. Since the definition of identity theft is broad, I am struggling with what kinds of things are truely reportable. For example, on Veterans Day our Call Center documented numerous customers who lost everything from DL, SS, Debit Card, Checks, Safe Deposit Key, Savings Acct #. You name it, they lost it in connection with one of the BIG two items. One lady had her pay stub stolen with her SS # written on it.
I understand that the annual report to the Board should contain significant incidents of identity theft. I am just trying to get my arms around what is significant and making sure that we are not wasting time filing unnecessary reports.
I would appreciate any guidance for this issue.

I would not report your scenerio as a "incidence" of ID Theft, as ID theft has not occured unless someone actually uses the stolen information at your bank.

However, we do have a red flag that would go into place to prevent ID theft from occurring. Our Security Department would be put on notice and they have a process to capture this information.

[quote=Our Security Department would be put on notice and they have a process to capture this information.[/quote]

So, the purpose of capturing the information is to respond to the red flag and not to be able to produce the information for an annual report to the board?

I agree w/ Compliance4521 With the incident of the pay stub a loss or theft occurred but it not ID theft (at this point). If we have a customer who lost a check book we would flag the account to be alert for unusual activity but not record it as an incident for the ID Board report. Now if someone comes in and tries to use the lady's SS# to open an account - then it may have become ID theft.

KYAuditor,

I am attaching a very simple Identity Theft Incident Report form I made for use within our program. As you mentioned it is to help monitor the effectiveness of the program, discover new methods being used to steal someones ID, discover new Red Flags, learn from our mistakes (and successes) to develop new/additional responses to various Red Flags, and to aid in
our annual report to the Board.

(I see that the formatting may be changed a little bit when you receive this - but should be fairly easy to see how it should appear as a printed form. This is a two page (or duplex)form. One page is instructions on completing the next page is the actual form.)

Hambone


VANTAGE WEST CREDIT UNION
IDENTITY THEFT INCIDENT REPORT

PLEASE USE THIS FORM TO REPORT INCIDENTS OF IDENTITY THEFT, OR ATTEMPTED INCIDENTS. THIS INFORMATION WILL BE USED IN A REQUIRED ANNUAL REPORT TO THE BOARD OF DIRECTORS ON OUR IDENTITY THEFT RED FLAG PROGRAM.


THE FOLLOWING INFORMATION SHOULD BE PROVIDED


Name and Account Number on which ID Theft fraud or attempted ID Theft fraud occurred

Date of Occurrence.

Type of Covered Account (Savings-Checking-Visa-etc).

What Happened?

Was it discovered before or after the attempt or fraud?

How was this discovered?

If prevented – What actions did we take?

If not prevented – What could have been done to prevent it? Were there any clues (red flags)?

Suggestions to prevent future occurrences.

Employee Name(s) and User Number(s).


FORWARD COMPLETED REPORT TO THE COMPLIANCE DEPARTMENT








VANTAGE WEST CREDIT UNION
IDENTITY THEFT INCIDENT REPORT

__________________________________________ _________________________________
Name/Account Number Date of Occurrence

Type of Account: ____________________________

What Happened: _______________________________________________________________________
(Please Print or Type)

________________________________________________________________________________________________________


________________________________________________________________________________________________________


________________________________________________________________________________________________________


________________________________________________
(Was this discovered before or after the attempt or fraud?)

________________________________________________________________________________________________________
(How was this discovered?)

________________________________________________________________________________________________________


________________________________________________________________________________________________________


________________________________________________________________________________________________________
(If Prevented – What actions did we take to prevent it?)

________________________________________________________________________________________________________


________________________________________________________________________________________________________
(If not prevented – What could have been done to prevent it? Were there any clues (red flags)?


________________________________________________________________________________________________________


________________________________________________________________________________________________________
(Suggestions to prevent future occurrences)

________________________________________________________________________________________________________


________________________________________________________________________________________________________
(Employee Name(s) and User Number(s) PLEASE ATTACH ADDITIONAL PAGES IF NEEDED
09/16/08 FORWARD COMPLETED REPORT TO THE COMPLIANCE DEPARTMENT