Will new rules stem identity theft?

Who opposes the rules?

The rules give businesses the flexibility to design programs that work best with their respective business models and available resources.

However, some creditors and financial institutions aren't too happy about what they see as the added financial and bureaucratic burden of being required to comply with the rules.

Some smaller institutions have complained that the rules place an unnecessary financial and operational burden on them that they cannot afford. Many may have to hire a third-party company to ensure compliance.

While financial giants may have legions of in-house staffers dedicated to fraud prevention, your local community bank may opt to use a third-party vendor.

The National Automobile Dealers Association supports the government's goal of trying to protect consumers from identity theft, but it also believes the red-flag rules will hurt smaller dealers with limited financial resources.

"We anticipate most dealers will find it challenging to develop and implement a comprehensive identity theft program as required by the red-flag rules," says Paul Metrey, the director of regulatory affairs for the auto dealers group.

Metrey says the program will demand significant time and attention from managers and service providers. He says many provisions of the rules have already been addressed in prior laws, such as the FTC Safeguards Rule and the FTC Privacy Rule.

Not surprisingly, lobbyists for the banking industry also rejected the rules as heavy-handed.

The Illinois Bankers Association, in a statement to the FDIC, called the rules "excessive and overly burdensome."

There may be some reluctance to accept red-flag rules as a best-practice measure, Grover says, but she adds that many businesses will eventually come around when they see the benefits of protecting their customers, as well as a decrease in fraud losses.

The red-flag triggers

The rules are designed to fill the cracks in the system through which identity thieves could fraudulently pilfer the identities of other people for their personal gain.

Six agencies were involved in drafting the rules: the Treasury Department's Office of Thrift Supervision, the Office of Comptroller of the Currency, the FDIC, the FTC, the National Credit Union Administration and the Federal Reserve System. They came up with the following guidelines as examples of red flags. These were gleaned from the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003:

• A fraud alert included with a consumer report.

• A notice of a credit freeze in response to a request for a consumer report.

• A consumer reporting agency providing a notice of address discrepancy.

• Unusual credit activity, such as an increased number of accounts or inquiries.

• Documents provided for identification appearing altered or forged.

• A photograph on ID inconsistent with appearance of customer.

• Information on ID inconsistent with information provided by person opening account.

• Information on ID, such as signature, inconsistent with information on file at financial institution.

• An application appearing forged or altered or destroyed and reassembled.

• Information on ID not matching any address in the consumer report.

• A Social Security number has not been issued or appears on the Social Security Administration's Death Master File, a file of information associated with Social Security numbers of those who are deceased.

• A lack of correlation between the Social Security number range and the date of birth.

• Personal identifying information associated with known fraud activity.

• Suspicious addresses supplied, such as a mail drop or prison, or phone numbers associated with pagers or an answering service.

• A Social Security number provided matching that submitted by another person opening an account or other customers.

• An address or phone number matching that supplied by a large number of applicants.

• The person opening the account unable to supply identifying information in response to notification that the application is incomplete.

• Personal information inconsistent with information already on file at a financial institution or creditor.

• Person opening account or customer unable to correctly answer challenge questions.

• Shortly after a change of address, creditor receiving request for additional users of account.

• Most of available credit used for cash advances, jewelry or electronics, plus customer fails to make first payment.

• A drastic change in payment patterns, use of available credit or spending patterns.

• An account that has been inactive for a lengthy time suddenly exhibiting unusual activity.

• Mail sent to customer repeatedly returned as undeliverable despite continuing transactions on an active account.

• A financial institution or creditor notified that customer is not receiving paper account statements.

• A financial institution or creditor notified of unauthorized charges or transactions on customer's account.

• A financial institution or creditor notified that it has opened a fraudulent account for a person engaged in identity theft.

This story was reported and written by Steve Santiago for Bankrate.com.

Published Sept. 3, 2008

< previous |  1 | 2 |