The following is an article reprinted with permission from the upcoming Summer 2008 edition of The WWR Letter:
New Developments in Identity Theft
By: David Wolfe, Esquire
Identity theft is the fastest-growing crime in the United States and topped the list of consumer fraud complaints filed with the Federal Trade Commission (“FTC”) for seven years in a row through 2007. In an FTC report issued in February 2008, credit card fraud was the most common form of reported identity theft at 23%, with utilities fraud at 18%, followed by bank fraud at 14%. To combat this growing trend, federal agencies enacted the Fair and Accurate Credit Transactions Act (“FACTA”) Red Flag guidelines requiring financial institutions and creditors to develop and implement a preventative program to mitigate the risk of identity theft for both new and existing accounts.
FACTA imposes serious responsibilities on these businesses to develop and adopt a written Identity Theft Prevention Program (“Program”) to detect, prevent and mitigate identity theft with the opening or existence of a covered account. A covered account is defined as an account used primarily for personal, family or household purposes; or any other account for which there is a reasonably foreseeable risk to the customer or the safety and soundness of the financial institution from identity theft. The Program must address four basic elements:
• Identify relevant patterns, practices and specific forms of activity that are “red flags” signaling possible identity theft and incorporate those red flags into the plan;
• Detect those red flags that have been incorporated into the plan;
• Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
• Ensure the plan is updated periodically to reflect changes in risks from identity theft.
This Program must include reasonable policies and procedures to identify certain signals of actual or attempted identity theft. Supplement A to the guidelines contains a list of 26 “red flags” that financial institutions and creditors may consider incorporating into their Program, including:
• Alerts, notifications, or other warnings received from consumer reporting agencies or service providers;
• Unusual patterns in the consumer’s use of credit, such as a recent increase in inquiries or new credit accounts, changes in the use of credit, or accounts closed;
• Suspicious documents that appear to be forged or reassembled, or those documents that contain information that is inconsistent with the person applying for credit;
FACTA includes additional special rules for debit and credit card issuers to develop policies and procedures to assess the validity of a request for a change of address that is followed closely by a request for an additional or replacement card. The rules prohibit the issuance of the additional or replacement card until the change of address is verified with the cardholder.
The regulation and guidelines were effective on January 1, 2008 and FACTA’s mandatory compliance date of November 1, 2008 is fast approaching. This new rule/guideline requires significant continued administration and oversight of the Program and requires each financial institution or creditor to:
• Obtain approval of its written Program from either its Board of Directors or an appropriate committee of the Board of Directors;
• Involve the Board of Directors or the appropriate committee, or a designated senior-management-level employee in the oversight, development, implementation and administration of the Program; and
• Train staff to effectively implement the Program.
With roughly four months before the deadline, many financial institutions and creditors may already have compliant policies and procedures in place as many are spending more on fraud prevention, and for most it will be a matter of training staff on how to spot and respond to a red flag.
David A. Wolfe is an Associate in the Bankruptcy and Legal Action Recovery departments of the Detroit office. He can be reached at (248) 362-6142 or firstname.lastname@example.org.