Red Flag compliance requires a concise policy and procedure for preventing and addressing breaches. This manual must include a complete List of the financial institution’s offerings and services. The manual should also Contain information regarding BSA requirements, information security, ID Theft Program and all other affected policies and procedures in place.
These policies among other things must recognize the shortcoming identified from the risk assessment and put forth a plan for “bridging those gaps”. Policies and procedures must be defined in writing and have the respective financial institution’s board approval.
An overview list of some areas that an effective Policies and Procedures Manual will cover but not be limited to the following:
-Identification of Red Flags
-Red Flag Alerts, Notification & Warnings
-Key changes after Change of Address
-Altered or Forged Identification/Detection Documents
-Prevention/Mitigation of ID Theft
-Updating the Program
-Unusual Use/Suspicious Activity
-Suspicious Documents
Saturday, September 6, 2008
Tuesday, August 26, 2008
Initial Risk Assessment
The Initial Risk Assessment looks at what is required by the FACT Act and Red Flag Ruling and assesses where there are shortcomings in the financial institution’s current strategy. The risk assessment must be updated periodically based on changes used to open accounts, methods available to access accounts, and the institution’s experience with identity theft.
The law does state that the financial institution or creditor has the choice to decide whether they need to implement this program or not. If they feel they do not need a program, it must reassess periodically the decision based on the accounts open or maintained.
Next up: a look at the Policies and Procedures Manual
The law does state that the financial institution or creditor has the choice to decide whether they need to implement this program or not. If they feel they do not need a program, it must reassess periodically the decision based on the accounts open or maintained.
Next up: a look at the Policies and Procedures Manual
Wednesday, August 20, 2008
Red Flag Compliance Checklist
The Fed is making a list and checking it twice. But, financial institutions must comply with that list well before Christmas. On Jan. 1, new regulations from the Federal Reserve Board went into effect requiring all banks and financial institutions to improve efforts to combat identity theft.
These Red Flag rules say that all financial institutions, including banks, credit unions, mortgage lenders, and more, that store consumer accounts to develop and implement identity theft prevention programs that will help combat ID theft in connection with new and existing accounts. Financial institutions must create “reasonable policies and procedures” for preventing ID theft, identify “red flag” signals of possible identity theft, and notify victims. With the compliance deadline Nov. 1, 2008, financial institutions have a mere 50 business days to fulfill seven requirements. Over the next few weeks we’ll be taking a closer look at the Red Flag rules’ seven main requirements, but for now, here’s the short list.
1. Initial Risk Assessment
2. Policies and Procedures Manual
3. New Account Authentication
4. Address Change Verification
5. Anti-Phishing Services
6. Staff Training and Program Implementation
7. Identity Theft Protection For All Consumer Accounts
These Red Flag rules say that all financial institutions, including banks, credit unions, mortgage lenders, and more, that store consumer accounts to develop and implement identity theft prevention programs that will help combat ID theft in connection with new and existing accounts. Financial institutions must create “reasonable policies and procedures” for preventing ID theft, identify “red flag” signals of possible identity theft, and notify victims. With the compliance deadline Nov. 1, 2008, financial institutions have a mere 50 business days to fulfill seven requirements. Over the next few weeks we’ll be taking a closer look at the Red Flag rules’ seven main requirements, but for now, here’s the short list.
1. Initial Risk Assessment
2. Policies and Procedures Manual
3. New Account Authentication
4. Address Change Verification
5. Anti-Phishing Services
6. Staff Training and Program Implementation
7. Identity Theft Protection For All Consumer Accounts
Tuesday, August 12, 2008
Tom Harkins offers ID protection tips to Newsday readers
Sunday's edition of Newsday included a front page article for consumers on how they can protect themselves from identity theft. The article includes advice on what to do to keep your wallet, mail, phone, computer, credit, banking, etc. safe and out of the hands of ID thieves and fraudsters. Tom Harkins, chief strategy officer of Secure Identity Systems, is quoted in the article, advising individuals to reserve a single credit card with a low credit limit for all online transactions. Doing so limits the damage that can be inflicted, should a fraudster get hold of your credit information.
Friday, August 8, 2008
Reuters TV talks to Tom Harkins about largest credit card hack ever exposed
Tom Harkins, CSO of Secure Identity Systems, spoke with Reuters TV to discuss the major identity theft ring that was the focus of much news this week.
The theft is being deemed the largest hacking and identity theft ring ever exposed. Eleven people, including a U.S. Secret Service informant, have been charged in connection with the hacking of nine major retailers and the theft and sale of more than 41 million credit and debit card numbers.
The indictment returned Tuesday by a federal grand jury in Boston alleges that the suspects hacked into the wireless computer networks of retailers including TJX Cos., BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW and set up programs that captured card numbers, passwords and account information.
You can read the press release announcing the indictment from the Department of Justice here.
Many of the hackers are still at large, according to this post in the WSJ.
The theft is being deemed the largest hacking and identity theft ring ever exposed. Eleven people, including a U.S. Secret Service informant, have been charged in connection with the hacking of nine major retailers and the theft and sale of more than 41 million credit and debit card numbers.
The indictment returned Tuesday by a federal grand jury in Boston alleges that the suspects hacked into the wireless computer networks of retailers including TJX Cos., BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW and set up programs that captured card numbers, passwords and account information.
You can read the press release announcing the indictment from the Department of Justice here.
Many of the hackers are still at large, according to this post in the WSJ.
Wednesday, August 6, 2008
What are Banks doing for Anti-Phishing?
We have all heard about phishing websites where hackers try to get you to reveal personal information, or emails when it says, for conformation please give us...etc. Here at Secure Identity Systems we are offering banks and financial institutions a world class phishing detection and take down service. This is important to banks because if a phising website has the fake "First National Bank" logo on it, the bank could get a bad reputation. The following is a press release SIS sent out to describe how banks can take care of this problem.
Phishing attacks aren't causing problems for just consumers. They're also destroying the integrity of financial institution brands online.
But now with new anti-phishing services from Secure Identity Systems (SIS), financial institutions gain control of their brand integrity online, while protecting consumers from phishing attacks. Most important, these services enable financial institutions to fulfill Section 114 of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act (FACTA), which requires them to implement "reasonable policies and procedures" for identifying, thwarting, and preventing red flag activities-including phishing attacks-by Nov. 1.
"Phishing attacks continue to compromise consumers' identities, and undermine their trust in online commerce-that includes online banking," says Bryan Ansley, CEO of Secure Identity Systems. "By integrating world-class phishing detection and take-down services into our comprehensive services offering, we're giving our financial institution clients a complete solution for protecting their customers' interests, and complying with federal ID protection mandates."Available now through SIS, the anti-phishing services enable banks, credit unions, and other financial organizations to track the occurrence of their name, brands, trademarks, and slogans on the Internet. The service identifies phishing attacks, where e-mails and Web sites that display the financial institution's brand are used to trick unwary consumers into providing account and logon information. SIS customers will be protected by a technology that is detecting and blocking as many as 5,000 phishing attacks daily around the world.
The technology uses extensive Internet surveying, which works by comparing the authentic Web site with a continuously updated database that includes over 172 million Web sites and domain names, SSL certificates, and feeds of phishing data from multiple sources. That's only the beginning: after a phishing site is detected, countermeasures are launched to take down the phishing site. First, access to the site is restricted in popular browsers and security products, reducing its ability to lure and entrap consumers. The service then contacts the site owner, the ISP responsible for hosting the site, the domain registrar, upstream provider, and law enforcement to have the phishing site taken down. Once a site is taken down, the service will continue to monitor the site from various monitoring points around the world.
Phishing attacks aren't causing problems for just consumers. They're also destroying the integrity of financial institution brands online.
But now with new anti-phishing services from Secure Identity Systems (SIS), financial institutions gain control of their brand integrity online, while protecting consumers from phishing attacks. Most important, these services enable financial institutions to fulfill Section 114 of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act (FACTA), which requires them to implement "reasonable policies and procedures" for identifying, thwarting, and preventing red flag activities-including phishing attacks-by Nov. 1.
"Phishing attacks continue to compromise consumers' identities, and undermine their trust in online commerce-that includes online banking," says Bryan Ansley, CEO of Secure Identity Systems. "By integrating world-class phishing detection and take-down services into our comprehensive services offering, we're giving our financial institution clients a complete solution for protecting their customers' interests, and complying with federal ID protection mandates."Available now through SIS, the anti-phishing services enable banks, credit unions, and other financial organizations to track the occurrence of their name, brands, trademarks, and slogans on the Internet. The service identifies phishing attacks, where e-mails and Web sites that display the financial institution's brand are used to trick unwary consumers into providing account and logon information. SIS customers will be protected by a technology that is detecting and blocking as many as 5,000 phishing attacks daily around the world.
The technology uses extensive Internet surveying, which works by comparing the authentic Web site with a continuously updated database that includes over 172 million Web sites and domain names, SSL certificates, and feeds of phishing data from multiple sources. That's only the beginning: after a phishing site is detected, countermeasures are launched to take down the phishing site. First, access to the site is restricted in popular browsers and security products, reducing its ability to lure and entrap consumers. The service then contacts the site owner, the ISP responsible for hosting the site, the domain registrar, upstream provider, and law enforcement to have the phishing site taken down. Once a site is taken down, the service will continue to monitor the site from various monitoring points around the world.
Source: Secure Identity Systems
Monday, July 28, 2008
Why don't all banks do this?
Why are Financial Institutions not doing more to protect our identities? It seems every day I read About personal information being lost. American National Bank in Colorado recognized the problem and is doing something about it. Identity theft is an ongoing concern and as a student it seems I am more vulnerable than anyone. Here is an article ran in the Bank Systems & Technology website where American National Bank teams with Secure Identity Systems to provide their customers the protection thats needed.
Subscribe to:
Posts (Atom)