Download - Red Flag Procedures
Red Flag Procedures
for the Prevention, Detection, & Mitigation of Identity Theft
Presented by Training
Objective
1. Know how to identify, report, and respond to ID Theft Red Flags.
Agenda
• Introduction• Section 1: Why is this Important?• Section 2: Prevention• Section 3: Mitigating• Section 3: Detecting Red Flags:
Procedures• Section 4: Reporting• Summary
Section 1:
Why is this Important?
What’s in it for me?
• Keeping current on laws helps you– Avoid risks– Avoiding Penalties– Avoid Disciplinary action
• Suspension or termination if you are found non-compliant
• Responding appropriately reduces risks to the CU and to you– Noncompliance Risk
• Civil & Criminal• $ Penalties and fines
– Reputation Risk• Penalties are public knowledge
– Would you want to do business with a non-compliant institution?
Why? Why? Why?
• NCUA requires – “to detect, prevent, and mitigate identity theft”
• At account opening • While servicing accounts
• Basically, the NCUA wants to– Keep identity theft from happening– Find it! (when it does happen)– Lessen, ease impact
Collecting Member Information
• At account opening– Name, address, DOB, telephone numbers– Identifying numbers (DL #, Tax ID #, SSN)
• Member requests loan– In addition to above, information related to:
• Employment, income• Assets, liabilities• Credit
• Maintaining / servicing accounts– Balances, OD, non-sufficient funds, – Payment history – Address changes– Credit changes
• Email correspondence
• See our Privacy Policy & Guidelines
What are the Threats We Face?
• Counterfeit Official Checks• Robberies• Fraud and Forgery Schemes• Unauthorized banking• Phishing• ID Theft
Possible Responses to a Threat
Depending on our analysis:
• Issue alerts to the employees• Post info. on website
• Contact members– Mail letters, brochures, or other literature– Send emails – Phone call
• Review procedures & implement necessary changes
• Contact law enforcement• File a SAR
Section 2:
Prevention
Verify Identity
• Opening Accounts • Before completing a transaction• Giving out information• Updating /changing account information
– Address changes– Email address updates– Security Questions
For All Other Reasons
• In person: Photo I.D. • Over phone: Security information• Via fax: Signed request w/ copy of photo I.D. • Via email: Security information
Before you help someone, VERIFY ID!
Obtain Written Authorization
• Before providing information to a 3rd Party– Mail or fax– Funds verification– Verification of Deposit – Over the phone
Mailing
Faxing
• Before faxing statements or account history:
Address Changes
Security Questions
Section 3:Mitigation
Lessening, Easing the Impact of Identity Theft
Procedures: A Potential Victim
Procedures: An Actual Victim
1
Procedures: A non-member Victim
Section 4:
Detection
What is the Red Flags Rule?
• FI must update identity-theft prevention programs periodically – to reflect changes in risks of identity theft
• to customers (members)• to the enterprise's (McCoy’s) safety and soundness
Red Flags Defined
• Red Flags – Patterns, practices, or specific
activities that indicate the possible existence of identity theft
6 Categories of Red Flags
1. Alerts, Notifications, or Warnings from a Consumer Reporting Agency
2. Suspicious or unusual account activity
3. Presentation of suspicious documents
4. Presentation of suspicious identifying information
5. Unusual use or suspicious activity related to an account
6. Notice of possible Identity theft in connection with account
– From members– Possible ID theft victims– Law enforcement– Or others
Alerts, Notifications, or Warnings from Consumer Reporting Agency
• CRA or service providers give– Alerts– Notifications– Warnings
The Red Flags: On the Credit Report
1. Fraud or active duty alert 2. Notice of credit freeze 3. Notice of address discrepancy
4. A pattern of activity inconsistent with the history and usual pattern of activity of an applicant or member, such as:
– Recent & significant increase in inquiries – Unusual number of recently established
credit relationships– Material change in use of credit
• Especially recently established credit relationships
– Account closed for cause or for abuse of account • by financial institution or creditor
Suspicious or unusual account activity
• Fraud alert • Late payments without previous history of late
payments• Numerous credit inquiries in a short period of
time• Higher-than-usual monthly
credit balances• Recent change of address
together with other signs– Replacement card requests
The Red Flags: Suspicious Documents
5. Identification documentation appears altered or forged
6. Photograph or physical description on ID not consistent with appearance of applicant or member
7. Other information on ID not consistent with information provided by person opening account or member presenting ID
8. Other information on ID not consistent with readily accessible information on file
• Signature card • Recent check
9. Application appears altered, forged, or destroyed and reassembled
The Red Flags: Suspicious Personal Identifying Information
10.Personal identifying information inconsistent compared to external sources used
• Address does not match address in consumer report
• SSN has not been issued or listed on SS Administration’s Death Master File
11. Personal identifying information provided by member not consistent with other personal identifying information provided by the member.
• No correlation between SSN range and date of birth
12. Personal identifying information is associated with known fraudulent activity
– Address on application = address on fraudulent application
– Phone number on application = number on fraudulent application
13.Personal identifying information is of a type commonly associated with fraudulent activity
– Address on application is• Fictitious• Mail drop• Prison
– Phone number is • Invalid• Associated with pager or
answering service
14. SSN provided = SSN submitted – by other persons opening an account– or other members
15.Address or telephone number = or is similar to address or telephone number submitted
– by an unusually large number of other persons opening accounts
– or other members.
16.Failure to provide all required identifying information
– Person opening account or the member – On application, or in response to notification
17. Personal identifying information provided ≠ personal identifying information on file with the credit union.
18. When using challenge questions, person opening account or member cannot provide authenticating information
– beyond that which would be available from wallet or consumer report
Unusual Use of orSuspicious Activity Related tothe Covered Account
19.Shortly following notice of a change of address, the institution or creditor receives a request for
– New, additional, or replacement card – Addition of authorized users on the account.
20.A new revolving credit account used in a manner commonly associated with known patterns of fraud
– Majority of available credit used for• Cash advances • Merchandise easily converted to cash
– Electronics equipment or jewelry
– Member fails to make• First payment • Makes an initial payment
but no subsequent payments
21.Account is used in a manner not consistent with established patterns of activity
– Nonpayment when no history of late or missed payments
– Increase in use of available credit – Change in purchasing or spending patterns– Change in electronic fund transfer patterns in
connection with a deposit account
22. Inactive account for a lengthy period of time is used
– The address on an application is fictitious, a mail drop, or prison
23.Mail is returned repeatedly as undeliverable although transactions continue to be conducted
24.McCoy is notified that member is not receiving paper statements.
25.McCoy is notified of unauthorized charges or transactions in connection with account.
Section 4:
Reporting Red Flags &
Suspicious Activities
What’s New?
• What’s the greatest impact to your job?
• Now you have to report red flags
Summary
• Preventing & Mitigating ID Theft – Our procedures appropriately address the
Red Flags we detect– Appropriate responses may include:
– Other responses could be:
Summary
• Red Flags Program in place to help you– Identify red flags– Detect red flags indicating possible ID Theft
• Patterns• Practices• Activities
– Respond appropriately