By Kimberly Bohannon
Last year, identity theft was the Federal Trade Commission’s (FTC) No. 1 consumer complaint category. About 1.3 million people were victims of the crime, accounting for 21% of total complaints.
Identity thieves are hard at work finding new ways to use members’ personal information to open new accounts and misuse existing accounts. It’s a crime that wreaks havoc for members and credit unions.
The Fair and Accurate Credit Transactions Act (FACT Act), enacted in 2003, created new regulations and guidelines regarding identity theft detection, prevention, and mitigation. The identity theft “red flags” rules became effective in 2008 for federal credit unions and some state-chartered credit unions. All state charters must comply by December 2010. (Check with your compliance liaison if you're unsure about your specific compliance timeline.)
The red flags rules apply to “financial institutions” and “creditors” with “covered accounts.” Covered accounts include those used mostly for personal, family, or household purposes, and that involve multiple payments or transactions. Examples are credit card accounts, mortgage loans, automobile loans, checking accounts, and savings accounts. Other covered accounts are small-business or sole-proprietorship accounts.
Encourage staff to be aware of and vigilant for red flags of identity theft, including:
The FTC identified 26 possible red flags of identity theft your credit union should review in its training program. It’s also a good idea to include specific incidents of identity theft that your credit union has experienced. For example, if the credit union had an incidence of wire transfer fraud, red flags training could include this scenario.
Encourage staff to be alert to red flags that might have indicated possible identity theft that led to a specific incidence of fraud. And review security measures the credit union has in place to prevent further fraud.
In addition to the red flags, regularly review and update your credit union’s policies, practices, and previous experiences with identity theft and fraud cases.
For more information on the FTC’s red flags rules, visit ftc.gov.