Identity Fraud Prevention 1 Copyright Identity Management Institute

  • Slides: 21
Download presentation
Identity Fraud Prevention 1 Copyright Identity Management Institute®

Identity Fraud Prevention 1 Copyright Identity Management Institute®

Presentation Overview �Course Objective � 2013 Data Breaches � 2013 Identity Fraud Data �Identity

Presentation Overview �Course Objective � 2013 Data Breaches � 2013 Identity Fraud Data �Identity Fraud Prevention Techniques �Audit Considerations �Quiz �Certified Red Flag Specialist (CRFS) ® �Raffle �Questions 2 Copyright Identity Management Institute®

Course Objective The main topic of this session is to discuss: � Identity fraud

Course Objective The main topic of this session is to discuss: � Identity fraud prevention techniques (and more) **This session excludes information security controls. The Key points to remember are: � Personal information continues to be stolen despite our efforts � Identity fraud is rising � Regulations and focus will increase because consequences include: � Consumers are impacted in large numbers � Expectation for government assistance is high � Business losses justify prevention. (Lower margins, bad publicity, lawsuits, fines and penalties, lost customers, and lower revenues) 3 Copyright Identity Management Institute®

2013 Data Breaches � 2164 separate incidents, 822 million records lost or stolen (double

2013 Data Breaches � 2164 separate incidents, 822 million records lost or stolen (double since 2011) �Hacking accounted for 60% of all cases �Just a few cases accounted for most damage: o Target, Adobe, JP Morgan Chase, Facebook, IRS �US leads the way - 48. 7% of total incidents, and 66. 5% of all lost records o UK was 2 nd and South Korea 3 rd with just one massive incident (credit bureau employee stole and sold 20 million customer card information) 4 Copyright Identity Management Institute®

2013 Identity Fraud Data Stolen personal records lead to: � More than 12 million

2013 Identity Fraud Data Stolen personal records lead to: � More than 12 million victims of identity fraud annually � Over $50 billion in identity fraud losses � Increased need for resources: Ø IRS employing 3000 employees to just work on identity theft cases who: o Detected 14 million suspicious tax returns o Prevented $50 billion in fraudulent refunds 5 Copyright Identity Management Institute®

Red Flag Categories There are 5 Red Flag categories to which we must pay

Red Flag Categories There are 5 Red Flag categories to which we must pay attention: 1. Alerts received from consumer reporting agencies or service providers. 2. The presentation of suspicious documents. 3. The presentation of suspicious personal information. 4. Unusual and suspicious activity. 5. Notices from customers, law enforcement authorities, or other persons regarding possible identity theft. 6 Copyright Identity Management Institute®

Consumer Reporting Agency Alerts Consumer reporting agency alerts and reports often include information which

Consumer Reporting Agency Alerts Consumer reporting agency alerts and reports often include information which can be used to detect identity theft. 1. Fraud alert placed by consumers. 2. Notice of credit freeze in response to a request for a consumer report. 3. Notice of address discrepancy. 4. Unusual pattern of activity such as: a. b. c. d. 7 A recent and significant increase in the volume of inquiries; An unusual number of new accounts; A material change in the use of credit, especially with respect to recently established credit relationships; or An account that was closed for cause or identified for abuse of account privileges by a financial institution or creditor. Copyright Identity Management Institute®

Suspicious Documents 1. 2. 3. 4. 8 Identification documents or applications appear to have

Suspicious Documents 1. 2. 3. 4. 8 Identification documents or applications appear to have been altered, forged or reassembled. The photograph or physical description on the identification is not consistent with the appearance of the applicant. Information on the identification is not consistent with information provided by the person. Information on the identification is not consistent with readily accessible information that is on file such as a signature card or a recent check. Copyright Identity Management Institute®

Suspicious Information Personal identifying information provided is inconsistent. For example: a. SSN is other

Suspicious Information Personal identifying information provided is inconsistent. For example: a. SSN is other than 9 digits b. Zip code does not match the address location 2. Personal identifying information provided by the customer is not valid. For example: a. Phone number, address or SSN do not exist b. SSN is listed on the Social Security Administration's Death Master File 3. Personal identifying information provided is associated with known fraudulent activity. For example: a. The address or phone number on an application is the same as the information provided on a fraudulent application. 1. 9 Copyright Identity Management Institute®

Suspicious Information – Cont. Duplicate SSN, phone number or address provided are the same

Suspicious Information – Cont. Duplicate SSN, phone number or address provided are the same as that submitted by other persons opening an account or existing customers. 5. The person opening the account or the customer fails to provide all required personal identifying information on an application or in response to notification that the application is incomplete. 6. The person opening the account or the customer cannot provide authenticating information beyond that which generally would be available from a wallet or consumer report. (Crook on the phone) 4. 10 Copyright Identity Management Institute®

Suspicious Account Activity � Shortly following the notice of a change of address, the

Suspicious Account Activity � Shortly following the notice of a change of address, the institution receives a request for a new, additional, or replacement card, cell phone, and/or users on the account. Company must validate within 30 days. � A new revolving credit account is used in a manner commonly associated with known patterns of fraud patterns. For example: � � � 11 The majority of credit available for cash is used The majority of available credit is used to purchase merchandise that is easily convertible to cash (e. g. , electronics equipment or jewelry); or The customer fails to make the first payment or makes an initial payment but no subsequent payments. Copyright Identity Management Institute®

Suspicious Account Activity – Cont. An account usage is inconsistent with established patterns of

Suspicious Account Activity – Cont. An account usage is inconsistent with established patterns of activity: a. Nonpayment when there is no history of late or missed payments, b. A material increase in the use of available credit or cell phone account, c. A material change in purchasing or spending patterns, d. A material change in electronic fund transfer patterns in connection with a deposit account. � A covered account that has been inactive for a reasonably lengthy period of time is used. � Mail sent to the customer is returned repeatedly as undeliverable and transactions are occurring. � The company is notified that the customer is not receiving paper account statements. � **The company is notified of unauthorized transactions. � 12 Copyright Identity Management Institute®

Don’t Forget Service Providers � The company remains responsible for preventing fraud even if

Don’t Forget Service Providers � The company remains responsible for preventing fraud even if it outsources operations to a third party service provider. � The written agreement between the company and the third party service providers must require third parties to: a) b) c) 13 Have reasonable policies and procedures designed to identify, detect and respond to identity theft red flags. Share its identity theft prevention program at the request of the company. Communicate major incidents and/or control deficiencies which may adversely affect the company and its customers. Copyright Identity Management Institute®

Identification & Authentication Key controls include: �Obtain and verify customer identification �Authenticate customers in

Identification & Authentication Key controls include: �Obtain and verify customer identification �Authenticate customers in person, by phone, mail, and online Ø Consider FFIEC guidelines for online multi-factor authentication �Monitor transactions �Follow up on alerts and notices �Validate change of address requests 14 Copyright Identity Management Institute®

Audit Considerations �Written and updated Identity Theft Prevention Program �Oversight body approval initially and

Audit Considerations �Written and updated Identity Theft Prevention Program �Oversight body approval initially and for updates �Periodic risk assessments �Policies and procedures �Annual compliance report �Employee training �Address discrepancy notices received from credit reporting agencies. �Keep an eye on service providers 15 Copyright Identity Management Institute®

Regulation In response to record breaking identity theft cases and consumer impact, the US

Regulation In response to record breaking identity theft cases and consumer impact, the US Federal government introduced the Red Flags Rule to require the implementation of an identity theft prevention program in companies where consumers may be adversely affected by identity theft. 16 Copyright Identity Management Institute®

Professional Certification The Certified Red Flag Specialist (CRFS) ® designation is a registered trademark

Professional Certification The Certified Red Flag Specialist (CRFS) ® designation is a registered trademark of Identity Management Institute ® and is the leading identity theft prevention training and certification program which is closely aligned with the Red Flags Rule. Visit the IMI website to learn more: www. theimi. org 17 Copyright Identity Management Institute®

Quiz 1 Which of the following is considered a “Red Flag” which may indicate

Quiz 1 Which of the following is considered a “Red Flag” which may indicate the possibility of identity theft? □ High volume of customer service calls □ Credit line increase request □ High volume of inquiries in the credit report 18 Copyright Identity Management Institute®

Quiz 2 The identity theft prevention program must be: □ □ 19 Approved annually

Quiz 2 The identity theft prevention program must be: □ □ 19 Approved annually In writing Updated annually All of the above Copyright Identity Management Institute®

Raffle Send an email to info@theimi. org with name, company and title by Friday

Raffle Send an email to info@theimi. org with name, company and title by Friday 4/4/14. Write “IIA Raffle” in the subject line. 2 persons will be selected in April 2014 to waive the membership and CRFS application fees. 20 Copyright Identity Management Institute®

Questions Thank you for your participation. 21 Copyright Identity Management Institute®

Questions Thank you for your participation. 21 Copyright Identity Management Institute®