Preemptive federal "red flag" regulations, designed to strike at identity theft in its earliest stages, rolls out next year.
Beginning Jan. 1, 2008, with all federally regulated financial institutions ordered to be in full compliance by Nov. 1, 2008, the so-called "Red Flag" provisions of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), requires that financial institutions and creditors develop and deploy an Identity Theft Prevention Program for combating ID theft on new and existing accounts.
The Red Flag regulations are included in the same massive regulatory overhaul of the Fair Credit Reporting Act (FCRA) that gave consumers free credit reports and a host of additional protections.
Under Red Flag provisions, each institution must develop a program that will:
- Identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible ID theft.
- Include a mechanism to detect red flags identified by the program.
- Quickly respond to detected red flags in a way to both prevent and mitigate ID theft.
- Be updated regularly to reflect changes in real world risks from ID theft.
If you are the victim of ID theft, you don't actually lose your identity and wander aimlessly like an amnesiac Jane or John Doe.
ID theft occurs when someone steals your personal identifying information and uses it in a crime. With your Social Security number, driver's license number, credit account numbers, passwords or other information in hand, thieves can masquerade as you to access your financial accounts, withdraw cash, make credit purchases, and open additional accounts in your name.
The newest identity theft data reveals greater awareness, new consumer protections and industry actions have already begun to stem the tide of ID theft.
The number of victims of ID thefts decreased from 10.1 million in 2003 to 8.4 million in 2007. From 2006 to 2007, the total amount lost to ID fraud decreased from $55.7 billion to $49.3 billion; per victim losses decreased from $6,278 to $5,720 and resolution hours per victim fell from 40 hours to 25 hours, according to Javelin Strategy & Research's 2007 Identity Fraud Survey Report.
Federal regulatory efforts should take a bigger bite out of the crime.
The final rules especially target the incidence of requests for changes of address followed closely by a request for an additional or replacement card as a common ID theft method of operation to watch. The rules also include an additional two dozen guidelines to help institutions root out other suspicious activity that warrants attention.
The guidelines say actions institutions should be on the lookout for include ID theft alerts from fraud detection services, customers, law enforcement agencies and others; a credit bureau's notice of credit freeze provided to an institution along with the institution's requested consumer credit report; an increase in credit report inquiries or other unusual patterns on a credit report; the appearance of doctored or forged documents; inconsistent information; identifying information associated with known fraudulent activity; use of a single Social Security Number or other identifying number used to open accounts under different names; applicants failing to provide all required identifying information; information supplied that is not consistent with existing information on file; a new revolving credit account used in a manner commonly associated with fraud patterns; an account used in a manner not consistent with established patterns of activity on the account and mail sent to the customer's on file address repeatedly returned as undeliverable among others.
The website features a host of entertaining, game-like approaches to learning about Internet fraud, computer security, and personal information protection.
