More Than Money At Stake

Mar 1, 2008 12:00 PM, BY STEPHANIE SILK

Banks and financial institutions must comply with the regulations established by U.S. federal government agencies in order to operate. These rules, designed to ensure that consumers are protected and that banks maintain safety and soundness, have recently seen an addition with new Federal Reserve Board regulations for combating identity theft. The new regulations went into effect Jan. 1, and all financial institutions must be in compliance by November 2008. Bryan Ansley, CEO of Secure Identity Systems (SIS), Brentwood, Tenn., a company that provides tools for consumers and financial institutions to thwart ID theft, fight crime and reduce fraud, talks with us about the regulations and how it will affect the industry and the user.

Q: What are the new Federal Reserve Board regulations for combating identity theft?

ANSLEY: The new regulations, being instituted by organizations that audit financial institutions or hold them accountable to comply with certain regulations, are the Red Flag Ruling. The agencies, which include Office of the Comptroller of the Currency, Treasury; Federal Deposit Insurance Corporation; Office of Thrift Supervision, Treasury; National Credit Union Administration; and the Federal Trade Commission, agreed to install several rules, one of them being that every consumer account has to have ID theft protection associated with it.

Q: How is identity theft defined by the regulations?

ANSLEY: Most people view ID theft as an incident when someone steals our mail or grabs something out of our garbage to get our credit cards in our name. However, those situations have a zero policy and are easy to fix. Those situations are not what the Feds are talking about with this ruling. Only 34 percent of all illegal use of identities are credit bureau-related. The number one use of illegal identities in America today is for illegal alien employment. Illegal aliens are eight times more likely to commit a felony and other crimes, and if a crime is committed in your name, it will not show up on the credit bureaus. The Federal Trade Commission (FTC) has said that this is what their definition of ID theft is, and federal agencies dealing with financial institutions have agreed that what's at stake is any information with our date of birth, license number, social security number and employee and tax IDs.

Q: How will these regulations affect people?

ANSLEY: Financial institutions that apply this with the right intent are going to put a dent in crime, and their customers will have a real advantage because they will have less likelihood that their IDs will be compromised. And even if they are compromised, they will be more likely to be inoperable for anyone else to use.

We can't help it that our IDs are in all these places. Even if you shred everything and you have no credit cards, you still have a doctor, a school, a courthouse with these records. We can be careful and we can be smart, but there is more of a threat that we are part of these huge databases all over the country. And we can't stop someone from hacking into a store we shopped at; we can't stop someone from stealing bank statements from the post office.

Q: What types of solutions provide better protection for people?

ANSLEY: People need to have their “Total Identities” monitored or policed. There are 49 types of ID theft, and credit is but one. It is therefore imperative that a solution monitors not only the credit bureaus but also encompass other databases such as usage of your Social Security number.

Q: How do the solutions compare to each other?

ANSLEY: Unfortunately for consumers, some of the weakest solution providers are quite good at marketing, so inadequate solutions are being chosen every day by consumers who are having only their credit monitored — or worse, paying to have fraud alerts put on their credit when it is free for them to do it themselves. Unless the provider monitors databases beyond the credit bureaus, 66 percent of ID theft usage will go undetected by the provider.

The other critical component to ID theft protection is having a solid recovery service. Again, most providers do not have a recovery service and for the most part those that do only do credit-related repair. To make matters worse, if the provider has a recovery program, it is likely to be limited recovery, which means the consumer is mailed a stack of forms and is largely on their own.

Q: What do banks and financial institutions need to know before choosing and implementing an identity fraud solution that meets these requirements?

ANSLEY: The federal regulators through the recent Red Flag Ruling are asking financial institutions to do, among other things, the following:

• Provide an ID theft solution for all consumer accounts. As the ruling uses the FTC definition of ID theft, this means the solution will have to go beyond credit bureau only solutions. They also ask that all consumer accounts be covered. This means that consumer enrollment and alerts must go beyond an Internet-only solution, as 30 percent of the American public either do not have ready-Internet access or do not check their e-mail daily. Therefore, both enrollment and alerts need to include the telephone as an option.

• Banks need to perform an initial assessment of potential red flags within the organization, and a comprehensive solution provider should be able to assist the institution with this function.

• A policy and procedures manual must be developed, and again a comprehensive solution provider will provide this as well.

• Employee training, customer training and community awareness training are all important components of being a good corporate citizen, though not all are required by the new regulations. A provider should offer onsite training on an ongoing basis in each of these areas.

Q: What are some current unmet needs in the banking industry when it comes to ID theft and fraud protection?

ANSLEY: We need better authentication. SIS went to Israel to find out what they do to ensure that people are who they say they are. Israel is lightyears ahead of us. It's life and death over there, and as a result, they take it much more seriously. SIS has negotiated and made patent rights for some technologies that are going to change security in our country.

Q: What are those technologies?

ANSLEY: We have the ability to tie cell phones to your ID. If someone is using a credit card with your name on it and your cell phone is not within 300 meters of that transaction, we can kill the transaction. We are also working on the ability to look at behavioral analysis, so we can see if things going on with ID are outside the user's normal behavior. We are also working on location-based analysis.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue