ID Theft Red Flags Background Check

21  Download (0)

Full text

(1)

ID

 

Theft

 

Red

 

Flags

 

Update

Stacy Shelley– Product Marketing

Audio dial-in number:

1-866-516-5393

International:

1-617-213-4221

Passcode:

(2)

Before we get started…

1. Archive of this webcast: available at www.secureworks.com within 48 hours 2. Q&A: Submit your questions your questions at any time using the GoToWebinar GoToWebinar interface

(3)

Agenda

• ID Theft Red Flags background • Impact on banks

• What's being done? • Q&AQ

(4)

ID Theft Red Flags Rule

Timeline

FACTA signed into law 12/3/2003

Compliance deadline 11/1/2008

Red Flags rule Proposed 7/18/2006

Final rule issued 11/8/2007

2003 2004 2005 2006 2007 2008

law 12/3/2003 Proposed 7/18/2006 11/8/2007

FACTA goes into effect 12/1/2004

Comment period closed 9/18/2006

Final rule go into effect 1/1/2008

(5)

Why Red Flags? Regulation Evolution

stication ack Sophi s Att a Attack Frequency Attack Frequency

(6)

Why Red Flags? Regulation Evolution

Maximum Protection stication

RISK

ack Sophi s Regulations Att a Attack Frequency Attack Frequency

(7)

ID Theft Red Flags Background

Overview

• Jointly proposed: OCC, FRB, FDIC, OTS, NCUA, and FTC • Regulations located at Section 114 and 315 of Fair and

Accurate Credit Transactions Act of 2003 (FACT Act) • “…Guidelines for financial institutions and creditors

identifying patterns, practices, and specific forms of activity, that indicate the possible existence of identity theft.”

• “…Provide guidance regarding reasonable policies and g g g p

procedures that a user of consumer reports must employ when such a user receives a notice of address discrepancy from a consumer reporting agency.”

(8)

ID Theft Red Flags Background

Who does it apply to? • Covered

"any person or business who arranges for the extension, renewal, or continuation of credit" credit • Specifically Named Fi i l I tit ti ƒ Financial Institutions ƒ Utility Companies ƒ Car Dealers T l i ti C i ƒ Telecommunications Companies ƒ Health Care Companies

ƒ Debt Collectors • Exempted

(9)

ID Theft Red Flags

ID Theft Prevention Program

Staff Fraud Staff Training Fraud Mgmt Verify Identities

ID Theft

Prevention

Detect Red Flags Mitigate ID Theft

Program

Assess Board Oversight Vendor Oversight Assess Red Flags

(10)

ID Theft Red Flags

Example Red Flags: Supplement A to Appendix A

From a Consumer

Reporting Agency SuspiciousDocuments Suspicious PII Suspicious Account Activity Notice from Persons Involved

Fraud or active duty alert ID alteration / forgery Inconsistent with

external info Request for new card or users after change of Notification of identity theft by customer victim external info users after change of

address notice

theft by customer, victim of ID theft, law

enforcement or others Credit freeze Inconsistent photo PII not consistent with

other PII New revolving credit account used in manner common to fraud Address discrepancy Inconsistent ID info PII is associated with Account activity that is Address discrepancy Inconsistent ID info PII is associated with

known fraud Account activity that is inconsistent with established patterns Unusual applicant activity ID info inconsistent with

info on file PII type is commonly associated with fraud Account activity after lengthy period of no use Application alteration /

f

SSN is the same as other Mail returned as d li bl l h h forgery customers undeliverable although

transactions continue Same address or phone

number submitted for unusually large number of others

Customer no longer receives paper account statements

Applicant fails to provide

all required PII Notification of unauthorized account changes

PII provided not

consistent with PII on file Incorrect answers to Incorrect answers to challenge questions

(11)

ID Theft Red Flags

Estimated Work Hours to Become Compliant • Developing program: 25

• Preparing annual report: 4 • Training: 2

• Developing policies and procedures to assess validity of changes of address: 4

• Developing policies and procedures to respond to notices of address discrepancy: 4

• Key assumptions:

ƒ “…Most of the covered entities already employ a variety of measures to detect and address identity theft…to minimize y losses due to fraud”

ƒ “…Many financial institutions and creditors already have

implemented some of the requirements as a result of having

t l ith th i ti l ti d id ”

(12)

ID Theft Red Flags

Enforcement

• For financial institutions already under FFIEC: ƒ FDIC, OTS, OCC, FRB, NCUA

(13)

ID Theft Red Flags

Enforcement

• Will be incorporated into existing examinations

ƒ Reports of FDIC Exam procedures being released soon • Same approach as new regulations in the past?

ƒ Based on realistic expectations and continous improvement ƒ More specific requirements and exam procedures as agencies

(14)

ID Theft Red Flags

What banks are doing

Gap

Analysis E t d i ti •Review Red Flag

requirements •Map to customer

channels •Compare requirements to current state •Identify gaps

Analysis •Extend existing capabilities? •Buy/build new technology? •Modify/Add Policies and Procedures? Implement Controls Identify

(15)

ID Theft Red Flags

What banks are doing

Gap

Analysis E t d i ti •Review Red Flag

requirements •Map to customer

channels •Compare requirements to current state •Identify gaps

Analysis •Extend existing capabilities? •Buy/build new technology? •Modify/Add Policies and Procedures? Implement Controls Identify

(16)

ID Theft Red Flags

With less than 4 months to go…

• Over half believe they will be compliant by Nov. 1 ƒ 60% according to Gartner (May 2008)

53% di t B ki f it (J l 2007)

(17)

ID Theft Red Flags

(18)

ID Theft Red Flags

Commercial Products

• Many vendors have stepped forward with "Red Flags" products W lt Kl ƒ Wolters Kluwer ƒ Compliance Coach ƒ Zoot Enterprises Ad itO S it ƒ AdmitOne Security

• Many developed for anti-fraud, not specifically red flags

• Still can be viable point solutions for pain pointsStill can be viable point solutions for pain points

ƒ Lots of organizations spending money on technology for Red Flags

(19)

Best Practices

With 4 months before the deadline… • Don't panic

ƒ Still time to get it right

• Leverage existing efforts where possible ƒ Anti-fraud, employee training, etc.

(20)

Best Practices

Continued

• Ask your examiner for advice ƒ Be proactive

• Pay attention to agency updates ƒ Exam procedures

• Use Red Flags Rule as an opportunity to improve • Remember that it's an ongoing process

(21)

Questions?

Thank you

for attending this

SecureWorks

webcast.

Webcast

Archive

:

www SecureWorks com

www.SecureWorks.com

within 48 hours

Contact

SecureWorks:

877 905 6661

877-905-6661

or

info@secureworks.com

Figure

Updating...

References

Related subjects : Red Flags