Red Flag Procedures for the Prevention Detection Mitigation

Objective 1. Know how to identify, report, and respond to ID Theft Red Flags.

Agenda • • • Introduction Section 1: Why is this Important? Section 2: Prevention

What’s in it for me? • Keeping current on laws helps you – Avoid

• Responding appropriately reduces risks to the CU and to you – Noncompliance

Why? • NCUA requires – “to detect, prevent, and mitigate identity theft” • At

Collecting Member Information • At account opening – Name, address, DOB, telephone numbers –

• Maintaining / servicing accounts – Balances, OD, non-sufficient funds, – Payment history

What are the Threats We Face? • • • Counterfeit Official Checks Robberies Fraud

Possible Responses to a Threat Depending on our analysis: • Issue alerts to the

• Contact members – Mail letters, brochures, or other literature – Send emails

Verify Identity • • Opening Accounts Before completing a transaction Giving out information Updating

For All Other Reasons • • In person: Photo I. D. Over phone: Security

Obtain Written Authorization • Before providing information to a 3 rd Party – Mail

Faxing • Before faxing statements or account history:

Section 3: Mitigation Lessening, Easing the Impact of Identity Theft

What is the Red Flags Rule? • FI must update identity-theft prevention programs periodically

Red Flags Defined • Red Flags – Patterns, practices, or specific activities that indicate

6 Categories of Red Flags 1. Alerts, Notifications, or Warnings from a Consumer Reporting

4. Presentation of suspicious identifying information 5. Unusual use or suspicious activity related to

Alerts, Notifications, or Warnings from Consumer Reporting Agency • CRA or service providers give

The Red Flags: On the Credit Report 1. Fraud or active duty alert 2.

4. A pattern of activity inconsistent with the history and usual pattern of activity

Suspicious or unusual account activity • • • Fraud alert Late payments without previous

The Red Flags: Suspicious Documents 5. Identification documentation appears altered or forged 6. Photograph

8. Other information on ID not consistent with readily accessible information on file •

The Red Flags: Suspicious Personal Identifying Information 10. Personal identifying information inconsistent compared to

11. Personal identifying information provided by member not consistent with other personal identifying information

12. Personal identifying information is associated with known fraudulent activity – Address on application

13. Personal identifying information is of a type commonly associated with fraudulent activity –

14. SSN provided = SSN submitted – by other persons opening an account –

16. Failure to provide all required identifying information – Person opening account or the

18. When using challenge questions, person opening account or member cannot provide authenticating information

Unusual Use of or Suspicious Activity Related to the Covered Account 19. Shortly following

20. A new revolving credit account used in a manner commonly associated with known

21. Account is used in a manner not consistent with established patterns of activity

22. Inactive account for a lengthy period of time is used – The address

24. Mc. Coy is notified that member is not receiving paper statements. 25. Mc.

Section 4: Reporting Red Flags & Suspicious Activities

What’s New? • What’s the greatest impact to your job? • Now you have

Summary • Preventing & Mitigating ID Theft – Our procedures appropriately address the Red

Summary • Red Flags Program in place to help you – Identify red flags

Slides: 52

Download presentation

Red Flag Procedures for the Prevention, Detection, & Mitigation of Identity Theft Presented by Training

Objective 1. Know how to identify, report, and respond to ID Theft Red Flags.

Agenda • • • Introduction Section 1: Why is this Important? Section 2: Prevention Section 3: Mitigating Section 3: Detecting Red Flags: Procedures • Section 4: Reporting • Summary

Section 1: Why is this Important?

What’s in it for me? • Keeping current on laws helps you – Avoid risks – Avoiding Penalties – Avoid Disciplinary action • Suspension or termination if you are found non-compliant

• Responding appropriately reduces risks to the CU and to you – Noncompliance Risk • Civil & Criminal • $ Penalties and fines – Reputation Risk • Penalties are public knowledge – Would you want to do business with a non-compliant institution?

Why? • NCUA requires – “to detect, prevent, and mitigate identity theft” • At account opening • While servicing accounts • Basically, the NCUA wants to – Keep identity theft from happening – Find it! (when it does happen) – Lessen, ease impact

Collecting Member Information • At account opening – Name, address, DOB, telephone numbers – Identifying numbers (DL #, Tax ID #, SSN) • Member requests loan – In addition to above, information related to: • Employment, income • Assets, liabilities • Credit

• Maintaining / servicing accounts – Balances, OD, non-sufficient funds, – Payment history – Address changes – Credit changes • Email correspondence • See our Privacy Policy & Guidelines

What are the Threats We Face? • • • Counterfeit Official Checks Robberies Fraud and Forgery Schemes Unauthorized banking Phishing ID Theft

Possible Responses to a Threat Depending on our analysis: • Issue alerts to the employees • Post info. on website

• Contact members – Mail letters, brochures, or other literature – Send emails – Phone call • Review procedures & implement necessary changes • Contact law enforcement • File a SAR

Section 2: Prevention

Verify Identity • • Opening Accounts Before completing a transaction Giving out information Updating /changing account information – Address changes – Email address updates – Security Questions

For All Other Reasons • • In person: Photo I. D. Over phone: Security information Via fax: Signed request w/ copy of photo I. D. Via email: Security information Before you help someone, VERIFY ID!

Obtain Written Authorization • Before providing information to a 3 rd Party – Mail or fax – Funds verification – Verification of Deposit – Over the phone

Mailing

Faxing • Before faxing statements or account history:

Address Changes

Security Questions

Section 3: Mitigation Lessening, Easing the Impact of Identity Theft

Procedures: A Potential Victim

Procedures: An Actual Victim 1

Procedures: A non-member Victim

Section 4: Detection

What is the Red Flags Rule? • FI must update identity-theft prevention programs periodically – to reflect changes in risks of identity theft • to customers (members) • to the enterprise's (Mc. Coy’s) safety and soundness

Red Flags Defined • Red Flags – Patterns, practices, or specific activities that indicate the possible existence of identity theft

6 Categories of Red Flags 1. Alerts, Notifications, or Warnings from a Consumer Reporting Agency 2. Suspicious or unusual account activity 3. Presentation of suspicious documents

4. Presentation of suspicious identifying information 5. Unusual use or suspicious activity related to an account 6. Notice of possible Identity theft in connection with account – – From members Possible ID theft victims Law enforcement Or others

Alerts, Notifications, or Warnings from Consumer Reporting Agency • CRA or service providers give – Alerts – Notifications – Warnings

The Red Flags: On the Credit Report 1. Fraud or active duty alert 2. Notice of credit freeze 3. Notice of address discrepancy

4. A pattern of activity inconsistent with the history and usual pattern of activity of an applicant or member, such as: – Recent & significant increase in inquiries – Unusual number of recently established credit relationships – Material change in use of credit • Especially recently established credit relationships – Account closed for cause or for abuse of account • by financial institution or creditor

Suspicious or unusual account activity • • • Fraud alert Late payments without previous history of late payments Numerous credit inquiries in a short period of time Higher-than-usual monthly credit balances Recent change of address together with other signs – Replacement card requests

The Red Flags: Suspicious Documents 5. Identification documentation appears altered or forged 6. Photograph or physical description on ID not consistent with appearance of applicant or member 7. Other information on ID not consistent with information provided by person opening account or member presenting ID

8. Other information on ID not consistent with readily accessible information on file • • Signature card Recent check 9. Application appears altered, forged, or destroyed and reassembled

The Red Flags: Suspicious Personal Identifying Information 10. Personal identifying information inconsistent compared to external sources used • • Address does not match address in consumer report SSN has not been issued or listed on SS Administration’s Death Master File

11. Personal identifying information provided by member not consistent with other personal identifying information provided by the member. • No correlation between SSN range and date of birth

12. Personal identifying information is associated with known fraudulent activity – Address on application = address on fraudulent application – Phone number on application = number on fraudulent application

13. Personal identifying information is of a type commonly associated with fraudulent activity – Address on application is • • • Fictitious Mail drop Prison – Phone number is • • Invalid Associated with pager or answering service

14. SSN provided = SSN submitted – by other persons opening an account – or other members 15. Address or telephone number = or is similar to address or telephone number submitted – by an unusually large number of other persons opening accounts – or other members.

16. Failure to provide all required identifying information – Person opening account or the member – On application, or in response to notification 17. Personal identifying information provided ≠ personal identifying information on file with the credit union.

18. When using challenge questions, person opening account or member cannot provide authenticating information – beyond that which would be available from wallet or consumer report

Unusual Use of or Suspicious Activity Related to the Covered Account 19. Shortly following notice of a change of address, the institution or creditor receives a request for – New, additional, or replacement card – Addition of authorized users on the account.

20. A new revolving credit account used in a manner commonly associated with known patterns of fraud – Majority of available credit used for • • Cash advances Merchandise easily converted to cash – Electronics equipment or jewelry – Member fails to make • • First payment Makes an initial payment but no subsequent payments

21. Account is used in a manner not consistent with established patterns of activity – Nonpayment when no history of late or missed payments – Increase in use of available credit – Change in purchasing or spending patterns – Change in electronic fund transfer patterns in connection with a deposit account

22. Inactive account for a lengthy period of time is used – The address on an application is fictitious, a mail drop, or prison 23. Mail is returned repeatedly as undeliverable although transactions continue to be conducted

24. Mc. Coy is notified that member is not receiving paper statements. 25. Mc. Coy is notified of unauthorized charges or transactions in connection with account.

Section 4: Reporting Red Flags & Suspicious Activities

What’s New? • What’s the greatest impact to your job? • Now you have to report red flags

Summary • Preventing & Mitigating ID Theft – Our procedures appropriately address the Red Flags we detect – Appropriate responses may include:

– Other responses could be:

Summary • Red Flags Program in place to help you – Identify red flags – Detect red flags indicating possible ID Theft • Patterns • Practices • Activities – Respond appropriately