560 likes | 780 Views
Red Flag Procedures. for the Prevention, Detection, & Mitigation of Identity Theft . Presented by Training. Objective. Know how to identify, report, and respond to ID Theft Red Flags. Agenda. Introduction Section 1: Why is this Important? Section 2: Prevention Section 3: Mitigating
E N D
Red Flag Procedures for the Prevention, Detection, & Mitigation of Identity Theft Presented by Training
Objective • Know how to identify, report, and respond to ID Theft Red Flags.
Agenda • Introduction • Section 1: Why is this Important? • Section 2: Prevention • Section 3: Mitigating • Section 3: Detecting Red Flags: Procedures • Section 4: Reporting • Summary
What’s in it for me? • Keeping current on laws helps you • Avoid risks • Avoiding Penalties • Avoid Disciplinary action • Suspension or termination if you are found non-compliant
Responding appropriately reduces risks to the CU and to you • Noncompliance Risk • Civil & Criminal • $ Penalties and fines • Reputation Risk • Penalties are public knowledge • Would you want to do business with a non-compliant institution?
Why? Why? Why? • NCUA requires • “to detect, prevent, and mitigate identity theft” • At account opening • While servicing accounts • Basically, the NCUA wants to • Keep identity theft from happening • Find it! (when it does happen) • Lessen, ease impact
Collecting Member Information • At account opening • Name, address, DOB, telephone numbers • Identifying numbers (DL #, Tax ID #, SSN) • Member requests loan • In addition to above, information related to: • Employment, income • Assets, liabilities • Credit
Maintaining / servicing accounts • Balances, OD, non-sufficient funds, • Payment history • Address changes • Credit changes • Email correspondence • See our Privacy Policy & Guidelines
What are the Threats We Face? • Counterfeit Official Checks • Robberies • Fraud and Forgery Schemes • Unauthorized banking • Phishing • ID Theft
Possible Responses to a Threat Depending on our analysis: • Issue alerts to the employees • Post info. on website
Contact members • Mail letters, brochures, or other literature • Send emails • Phone call • Review procedures & implement necessary changes • Contact law enforcement • File a SAR
Verify Identity • Opening Accounts • Before completing a transaction • Giving out information • Updating /changing account information • Address changes • Email address updates • Security Questions
For All Other Reasons • In person: Photo I.D. • Over phone: Security information • Via fax: Signed request w/ copy of photo I.D. • Via email: Security information Before you help someone, VERIFY ID!
Obtain Written Authorization • Before providing information to a 3rd Party • Mail or fax • Funds verification • Verification of Deposit • Over the phone
Faxing • Before faxing statements or account history:
Section 3:Mitigation Lessening, Easing the Impact of Identity Theft
What is the Red Flags Rule? • FI must update identity-theft prevention programs periodically • to reflect changes in risks of identity theft • to customers (members) • to the enterprise's (McCoy’s) safety and soundness
Red Flags Defined • Red Flags – Patterns, practices, or specific activities that indicate the possible existence of identity theft
6 Categories of Red Flags • Alerts, Notifications, or Warnings from a Consumer Reporting Agency • Suspicious or unusual account activity • Presentation of suspicious documents
Presentation of suspicious identifying information • Unusual use or suspicious activity related to an account • Notice of possible Identity theft in connection with account • From members • Possible ID theft victims • Law enforcement • Or others
Alerts, Notifications, or Warnings from Consumer Reporting Agency • CRA or service providers give • Alerts • Notifications • Warnings
The Red Flags: On the Credit Report • Fraud or active duty alert • Notice of credit freeze • Notice of address discrepancy
A pattern of activity inconsistent with the history and usual pattern of activity of an applicant or member, such as: • Recent & significant increase in inquiries • Unusual number of recently established credit relationships • Material change in use of credit • Especially recently established credit relationships • Account closed for cause or for abuse of account • by financial institution or creditor
Suspicious or unusual account activity • Fraud alert • Late payments without previous history of late payments • Numerous credit inquiries in a short period of time • Higher-than-usual monthly credit balances • Recent change of address together with other signs • Replacement card requests
The Red Flags: Suspicious Documents • Identification documentation appears altered or forged • Photograph or physical description on ID not consistent with appearance of applicant or member • Other information on ID not consistent with information provided by person opening account or member presenting ID
Other information on ID not consistent with readily accessible information on file • Signature card • Recent check • Application appears altered, forged, or destroyed and reassembled
The Red Flags: Suspicious Personal Identifying Information • Personal identifying information inconsistent compared to external sources used • Address does not match address in consumer report • SSN has not been issued or listed on SS Administration’s Death Master File
Personal identifying information provided by member not consistent with other personal identifying information provided by the member. • No correlation between SSN range and date of birth
Personal identifying information is associated with known fraudulent activity • Address on application = address on fraudulent application • Phone number on application = number on fraudulent application
Personal identifying information is of a type commonly associated with fraudulent activity • Address on application is • Fictitious • Mail drop • Prison • Phone number is • Invalid • Associated with pager or answering service
SSN provided = SSN submitted • by other persons opening an account • or other members • Address or telephone number = or is similar to address or telephone number submitted • by an unusually large number of other persons opening accounts • or other members.
Failure to provide all required identifying information • Person opening account or the member • On application, or in response to notification • Personal identifying information provided ≠ personal identifying information on file with the credit union.
When using challenge questions, person opening account or member cannot provide authenticating information • beyond that which would be available from wallet or consumer report
Unusual Use of orSuspicious Activity Related tothe Covered Account • Shortly following notice of a change of address, the institution or creditor receives a request for • New, additional, or replacement card • Addition of authorized users on the account.
A new revolving credit account used in a manner commonly associated with known patterns of fraud • Majority of available credit used for • Cash advances • Merchandise easily converted to cash • Electronics equipment or jewelry • Member fails to make • First payment • Makes an initial payment but no subsequent payments
Account is used in a manner not consistent with established patterns of activity • Nonpayment when no history of late or missed payments • Increase in use of available credit • Change in purchasing or spending patterns • Change in electronic fund transfer patterns in connection with a deposit account
Inactive account for a lengthy period of time is used • The address on an application is fictitious, a mail drop, or prison • Mail is returned repeatedly as undeliverable although transactions continue to be conducted
McCoy is notified that member is not receiving paper statements. • McCoy is notified of unauthorized charges or transactions in connection with account.
What’s New? • What’s the greatest impact to your job? • Now you have to report red flags
Summary • Preventing & Mitigating ID Theft • Our procedures appropriately address the Red Flags we detect • Appropriate responses may include: