A number of identity theft regulations were signed into law as part of the Fair and Accurate Credit Transactions Act (FACT Act), which required financial institutions and creditors to develop, and implement, written identity theft programs by November 1, 2008.
In this article, we're going to review some of the regulations and guidelines appearing in Section 114 of the Fair and Accurate Credit Transactions Act. That review will include the required elements of an identity theft program such as Red Flags. During this review, we'll explain how these programs can affect consumers, as well as the forms of identification a consumer may be asked to produce.
Mitigating Identity Theft
Additional Resources |
Identity Theft Statistics Credit Reports and Identity Theft Reporting Identity Theft Fighting Identity Theft Freezing Credit ReportsCredit Report Monitoring |
The final rules of FACT Act require creditors and financial institutions to develop reasonable procedures to detect, prevent, and mitigate identity theft in connection with the opening or the maintenance of certain accounts. The accounts covered by this legislation include those involving, or those designed to permit, multiple payments or transactions.
Examples include credit card accounts, mortgages, automobile loans, margin accounts, cell phone, utility, checking, and / or savings accounts. In addition, accounts where there is "reasonable foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft" are also covered by these regulations.
Program Requirements
FACT Act outlined several mandatory elements of a financial institution's program including:
Identifying the accounts that are at risk
Outlining processes or methods used to open new accounts
Outlining processes or methods used to access existing account information
Prior experience with identity theft
Evaluating changes in risk over time such as those that might be introduced via new technology
Providing the program with the appropriate regulatory, supervisory, and / or legal support
Using the above criteria, these financial institutions and creditors are required to conduct a risk assessment of their operations.
Red Flags
One of the cornerstones of these assessments is "Red Flags," which is defined as a pattern, practice, or activity that indicates the possible existence of identity theft. In the same way that a company may have responded to an incident in the past, a company needs to monitor the following indicators:
Alerts, warnings, or notifications from a Consumer Reporting Agency
Suspicious looking documentation received from a customer
Suspicious persons providing identifying information
Unusual or suspicious account activity
Notices received from customers, victims, law enforcement officials, or other persons regarding possible cases of identity theft
Identification Procedures
Companies are required to integrate a Customer Identification Program, or CIP, as part of their identification and verification process or procedure. CIPs were first required by the PATRIOT Act, and applied to companies that fall under the broadly defined term "financial institution."
Here again, companies needed to establish, and follow, written procedures that help to ensure the correct identification of customers. These laws recognize that companies of various sizes fall under the definition of financial institution, therefore the exact procedure followed will vary from one company to another.
Proof of Identity
To prevent identity theft, companies are required to collect the following four pieces of information on all new accounts:
Accountholder Name
Date of Birth (Individuals)
Home Address
Identification Number
If the customer is a citizen of the United States, the identification number must be a taxpayer identification number such as a Social Security or an employee identification number. Non-U.S. citizens must provide an alien identification number, or any other government-issued document providing evidence of nationality that includes a photograph.
In addition to the above, companies may also require the customer to provide proof of identity using a:
Social Security Card
Driver's License
Military Identification Card
County Identification Card
Birth Certificate
Current Auto Insurance Card or Policy
Utility Bill or Invoice
Credit Card Bill or Statement
Social Security Numbers as Identification
From the above, it's clear that companies will continue to ask consumers to produce their Social Security Number / Card as proof of identity. However, the government recognizes the original purpose of SSNs was not as the primary means of identifying an individual.
Until emerging technologies such as biometrics become an industry standard, Social Security Numbers will remain one of the most reliable forms of identification. Credit scores, credit history, and reported information on debt payment behavior require an accurate means of aggregating consumer information. Ironically, the same information that people safeguard as a way of protecting themselves from identity theft is also used as proof of a stolen identity.
About the Author - Identity Theft Regulations