Fact act training for staff identity theft red flags
1 / 27

- PowerPoint PPT Presentation

  • Uploaded on

FACT Act Training for Staff Identity Theft “Red Flags”. WHAT IS IDENTITY THEFT?. Under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Identity Theft means: “A fraud committed or attempted using the identifying information of another person without authority ”.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - ladonna-amaya

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Fact act training for staff identity theft red flags

FACT Act Training for Staff

Identity Theft “Red Flags”

What is identity theft

  • Under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Identity Theft means:

    “A fraud committed or attempted using the identifying information of another person without authority”

Identity theft statistics
Identity Theft Statistics

  • One study found that ID theft cost US businesses and consumers $56.6 billion in 2005

  • Dept. of Justice reports that ID theft is now passing up drug trafficking as the number one crime in the nation

  • In 2006, 15 million people were victims of identity theft

Identity theft statistics1
Identity Theft Statistics

  • ITRC* found in 2007 that 78% of respondents reported financial identity theft crimes

  • Check fraud and debit card fraud are increasing (based on 2007 study)

  • 50% of respondents said that personal info had been used to open a new line of credit

    *Identity Theft Resource Center

How at risk are you yes or no
How at risk are you? Yes or No?

  • I receive several offers of pre-approved credit every week.

  • I do not shred credit card offers before placing them in the trash.

  • I carry my Social Security card in my wallet.

  • I do not use “Verified by VISA” on my VISA debit and credit cards.

  • I do not have a PO Box or locked secured mailbox.

  • I use an unlocked, open box at work or at my home to drop off my outgoing mail.

  • I have not copied every item in my wallet front and back.

  • I do not have information and instructions if I become a victim of identity theft.

  • I provide my SSN whenever asked, without asking questions as to how that information will be safeguarded.

Yes or no
Yes or No?

  • I provide personal information orally without checking to see who might be listening.

  • I am required to use my SSN at work as an employee ID or at college as a student ID number.

  • I write checks to pay all my bills and/or as a method of payment at retail stores.

  • I have my SSN and/or driver’s license number printed on my personal checks.

  • I do not use a “cross cut” shredder to shred any sensitive documents or information at home.

  • My pin numbers are the last 4 digits of my house number, phone number, birth date, or Social Security number.

  • I have not ordered a copy of my credit report for at least 2 years.

  • I do not believe that people would root around in my trash for information.

If you answered yes
If you answered yes…

  • Then you could be at risk for identity theft.

  • Read more at www.privacyrights.org for information on consumer risk and more quizzes about ID theft.

  • As a financial institution, how do we respond?

Fair credit reporting act and fact act
Fair Credit Reporting Act and FACT Act

  • FACT Act amended FCRA in 2003 to require guidelines for ID Theft and address discrepancies

  • Final rules issued in November 2007

  • Mandatory compliance date: November 1, 2008

  • NCUA rules apply to federal credit unions; FTC rules apply to state-chartered credit unions

Red flags
“Red Flags”

  • “Red flags” are patterns, practices, or activities that indicate the possible existence of identity theft.

  • Examples

    • A fraud or active duty alert is included with a consumer report

    • Personal identifying information is inconsistent when compared against external sources (address does not match the address in consumer report)

    • The phone number is invalid, or is associated with a pager or answering service

    • An account is used in a manner inconsistent with established patterns (nonpayment when no history of late payments)

Examples of red flags
Examples of Red Flags

  • Photograph is inconsistent with consumer.

Examples of red flags1
Examples of Red Flags

  • Documents appear to be altered.

Examples of red flags2
Examples of Red Flags

  • Mail is returned even though transactions continue to occur on account.

Examples of red flags3
Examples of Red Flags

Multiple names associated with social security number (credit reports):

Credit report:Joe Doe DOB 2-7-67SSN: 294-12-1234

Your records indicate that you have:John Doe DOB 4-15-68

SSN: 294-12-1234


  • Written program that is designed to detect, prevent, and mitigate identity theft when opening accounts or for existing accounts

  • Risk-based program

  • Contains policies and procedures to:

    1. Identify red flags

    2. Detect incorporated red flags

    3. Respond to red flags to prevent and mitigate identity theft

    4. Update the program periodically

Identifying red flags
Identifying Red Flags

  • When identifying red flags, the following is considered:

    • Types of accounts offered and maintained

    • Methods to open accounts

    • Methods to access accounts

    • Previous experience with identity theft

  • Incorporate red flags from sources such as:

    • Incidents of identity theft experienced by the CU

    • Methods of identity theft the CU has identified that reflects changes in identity theft risk

    • Applicable supervisory guidance

  • Must consider nature of credit union’s business and types of identity theft might be subject to

Detecting red flags
Detecting Red Flags

Credit union must detect red flags that are incorporated into the program.

  • Opening new accounts: look to CIP rules that CU already has in place-verify identity of person opening account

  • Existing accounts: authenticate customers, monitor transactions, and verify change of address requests

Bhfcu credit union s detection procedures
BHFCU Credit Union’s Detection Procedures

  • BHFCU Credit union utilizes account checklists to detect red flags at account opening

  • A separate checklist is available for credit cards, loans and lines of credit, and deposit accounts

  • Staff should complete the checklist when any possible red flag is detected

  • If any red flags are indicated on the checklist, staff should refer to the Red Flag Procedures to determine the credit union’s response

  • The Training Coordinator shall receive a completed copy of the checklist when a red flag has been detected

Responding to red flags
Responding to Red Flags

  • Policies and procedures to respond to red flags to prevent and mitigate identity theft

  • Response is based on risk

  • Procedures for response include:

    • Assessment of whether red flags detected evidence a risk of identity theft; document reasonable basis for conclusion

    • Consideration of aggravating factors that may heighten the risk of identity theft

Bhfcu s responses
BHFCU’s Responses

  • BHFCU’s Red Flag Procedures detail responses for red flags

  • The response will depend on the circumstances

  • Management should be contacted if the staff member concludes that the account should not be opened based on the red flag

  • If staff is unsure how to respond to the red flag, the Training Coordinator shall be contacted

Response to a significant incident
Response to a Significant Incident

  • A significant incident and the credit union’s response shall be documented in the designated logbook.

  • The credit union Training Coordinator shall determine when the incident warrants documentation in the logbook.

  • The logbook should only contain incidents that are likely to or did have a major effect on the credit union or the member.

  • The logbook should provide the Board with a meaningful compilation of significant red flag incidents.

Updating the program
Updating the Program

  • The credit union will update the program periodically depending on:

    • The experiences of the CU with identity theft

    • Changes in methods of identity theft

    • Changes in methods to detect, prevent, and mitigate identity theft

    • Changes in the types of accounts offered

    • Changes in the structure of the CU, including mergers or service provider arrangements

Change of address
Change of Address

  • The credit union may not issue an additional or replacement debit or credit card if a request is received during at least the first 30 days after receiving notification of a change of address for that account, unless the credit union assesses the validity of the change of address request.

  • Working on a warning in Symitar and a letter in Connections to help with this.

Validating change of address request
Validating Change of Address Request

  • To determine the validity of the request, the credit union must:

    • Notify the cardholder of the request at the cardholder’s former address or by any other means of communication previously agreed to, and provide the cardholder with a means to promptly report an incorrect address; or

    • Use other means of evaluating the validity of the address change, in accordance with the credit union’s policies and procedures outlined in its Red Flag Program.

  • Any written or electronic notice must be clear and conspicuous and provided separately from the CU’s regular correspondence with the cardholder

Consumer reports address discrepancies
Consumer Reports Address Discrepancies

  • If the credit union receives a notice of address discrepancy, it must form a reasonable belief that the consumer report relates to the person for whom it was requested

  • Can form reasonable belief by comparing CRA information with

    • CIP information

    • Information in application, change of address notification, account record or retained CIP documentation

    • Information from 3rd party sources

    • The consumer

  • If can’t form reasonable belief, don’t use the report

Address policy changes
Address Policy Changes

  • We will no longer accept post office returns for address changes

  • If a card request is received in the first 30 days after an address change on the account, we must assess the validity of the change before ordering the card.

  • Members will be receiving a generated letter stating that there has been an address change on the account and to contact the CU if they didn’t request the change.

Thank you
Thank you!

  • We can help secure our members’ identities by doing these steps.

  • Questions? Contact me anytime.