FTC tackles identify theft concerns

Internal Auditor, Feb, 2008 by R. Filipek

MORE THAN 8 MILLION U.S. RESIDENTS WERE VICTIMS of identity theft in 2005, according to the U.S. Federal Trade Commission's (FTC's) recently released 2006 Identity Theft Survey. Of the victims, 3.7 million experienced misuse of their credit card accounts and 1.8 million found that new accounts were opened or other frauds were committed using their personal identifying information. In 10 percent of the cases, thieves received at least US $6,000 worth of goods or services, and 10 percent of victims incurred substantial expenses of US $1,200 or more. "No one is immune to identity theft," says Lydia Parnes, director of the FTC's Bureau of Consumer Protection. "The important thing is that people learn how to deter identity thieves, detect suspicious activity on their financial records, and defend against the crime, should it happen."

[ILLUSTRATION OMITTED]

The FTC recently issued To Buy or Not to Buy: Identity Theft Spawns New Products and Services to Help Minimize Risks, a guide intended to inform consumers about identity theft prevention products and help them decide whether they should initiate credit freezes if they suspect they have become a victim. The commission has also teamed with the U.S. Department of the Treasury, Federal Deposit Insurance Corp., Federal Reserve System, and National Credit Union Administration to develop new rules and guidelines to push financial sector organizations to better protect consumers from identity theft. Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003 requires U.S. financial institutions and creditors to implement a written identity-theft prevention program. In addition, credit card issuers must assess the validity of change-of-address requests, and consumer report users must follow reasonable procedures to verify the subject's identity in the event of an address discrepancy notice. The rules were effective on Jan. 1, 2008, with mandatory compliance required by Nov. 1, 2008.

The guidelines outline 26 red flags that financial institutions and creditors may consider for their identity-theft prevention programs, including:

* Using documents for identification purposes that appear altered or forged or that contain a photograph or physical description that is not consistent with the appearance of the person presenting the identification.

* Providing information on identification documents that is not consistent with information given by the person opening a new account or the customer who is presenting the identification.

* Presenting an address that does not match any addresses in a consumer report.

When identifying red flags, the guidelines recommend that financial institutions consider the types of accounts they offer or maintain, the methods they provide to open an account, the way accounts are accessed, and the organization's previous experiences with identity theft. The FTC's identity theft survey, regulations, and guidelines are available at www.ftc.gov.