- advertisement -

Fed to banks: Take basic steps to stop identity theft

You usually don't turn to government paperwork for white-knuckle reading, but get a load of the latest from the Federal Reserve.

The Fed's supervisory letter on identity theft and pretext calling recommends what banks should do to combat identity theft and invasions of privacy. The document makes you wonder just how much common sense bank employees have.

If the supervisory letter were a baby manual, it would suggest that parents feed an infant who is hungry, and hint that maybe it would be a good idea to change the diaper when baby poops.

The Fed's intentions are laudable. Identity theft, in which impostors take out loans and open accounts using innocent victims' names and Social Security numbers, has become an increasingly common crime. An estimated half-million people were victimized in 2000.

Many impostors get what they want by "pretext calling" -- talking a customer-service person into giving out privileged information such as account balances, passwords and PINs, account numbers, mothers' maiden names, even Social Security numbers.

Many identity thieves use pretext calling to change the address of their victims' bank and credit card accounts. That way, their victims don't get account statements in the mail, so they remain ignorant of their victimhood.

- advertisement -

Fly your fraud flag
Federal regulators recognized that banks need some guidelines for fighting identity theft and pretext calling. Here are some of the Fed's recommendations:

  • Banks should take "appropriate" steps to ensure the accuracy and truthfulness of information on application forms. For example, a bank could check to see if a ZIP code and area code match.
  • Banks "should verify customer information before executing an address change" and send confirmation of an address change to the old address and new address.
  • If a customer orders a new credit card or box of checks and at the same time makes an address change, the bank "should verify the request with the customer."
  • Banks shouldn't give out sensitive customer information over the phone unless the caller knows a password or can answer a question that an impostor shouldn't be able to answer.
  • Some victims of identity theft put a "fraud alert" on their credit records, asking that someone make a confirming phone call whenever someone tries to open an account in that person's name. The Fed's letter asks banks to make that phone call.

Think about that for a sec. You put a fraud flag on your credit report, asking to be notified whenever someone tries to open an account in your name -- and regulators are asking (not telling) banks to follow your instructions. Would the Fed issue this suggestion if banks were complying with consumers' wishes?

"Believe it or not, I do think it's necessary for the regulators to tell banks to take these precautions," says Beth Givens, director of the Privacy Rights Clearinghouse. "Many credit grantors are sloppy with their applicant verification procedures. It is quite easy to get credit in somebody else's name if you just have a minimum of personal information about them and know how to manipulate the system."

Check 'Other'
When a bank detects questionable activity, such as money laundering or embezzlement, it has to file a document called a Suspicious Activity Report and send it to federal regulators. The SAR has 20 checkboxes that correspond to different types of suspicious activity -- from violations of the Bank Secrecy Act to wire transfer fraud. There's even a box for "mysterious disappearance" of employees.

But identity theft and pretext calling don't make the grade. They don't have checkboxes. So in the supervisory letter, the Fed asks banks to check the box styled "Other," and to fill in the adjoining blank to denote identity theft or pretext calling. Besides betraying a possible lack of concern about the problem, the lack of a checkbox denoting identity theft and pretext calling will make it more difficult to track cases. When the feds want to know how many SARs were filed concerning wire transfer fraud, they'll know because all they'll have to do is count how many times that box was checked. But identity theft will just be listed under "Other."

The Fed's letter goes on to say that banks should give their customers information about how to prevent identity theft and what to do if they fall victim to identity theft. It says banks can start by referring their customers to the identity theft section of the Federal Trade Commission's Web site.

The letter adds that banks should have trained employees who know how to handle identity theft problems.

Another source of advice, not mentioned in the Fed's letter, is the Identity Theft Resource Center, affiliated with Privacy Rights Clearinghouse.

-- Posted: May 15, 2001


top of page
See Also
More banking stories


CDs and Investments
Compare today's rates
1 yr CD 1.02%
2 yr CD 1.16%
5 yr CD 1.66%

  How long will your savings last  
  How to reach a savings goal -- with scheduled payments  
  Watch your savings grow with regular deposits  
CDs and Investing Basics
Set your goals with an investing plan.
Develop a savings plan
Every kind of CD explained
Treasury bonds and more
Pros and cons of annuities
All about IRAs
Bank or credit union?
Best rates for CDs, more

CD rates in your area  
Bankrate's Top Tier Award for best quarterly CD and MMA performers  
Track the prime rate, other leading rates  
Savings basics

- advertisement -
- advertisement -