COLUMBIA, S.C. – The focus on identity fraud expanded from a consumer problem to one of national security after Sept. 11, but despite the passage of new laws and development of new technologies, the challenge remains large. That's the take from Ariana-Michele Moore, an analyst for Boston-based Celent Communications, who says, "Identity theft has graduated from a nuisance fraud to a threat to our national security, and it is now the fastest-growing white-collar crime in the U.S." And it's apparently fairly easy to commit, with consumer information widely available in databases and seemingly everywhere else, and people and processes struggling to keep up in the combat against evildoers. "The lack of robust security measures and consumer awareness coupled with the fast pace of technological development, has created a hotbed of fraud," Moore says in new report titled "ID Theft: Protecting the Consumer – Protecting the Institution." "We expect the number of identity theft cases to grow for the next several years until these issues are adequately addressed," she says. Consumer awareness has increased since the Sept. 11 attacks, with revelations of money laundering and identity theft by potential terrorists coming to light, and Congress passing laws such as the U.S. Patriot Act that increase the pressure on banks, credit unions and credit bureaus to know who's who and doing what. "The ball actually started rolling on this in 1998, when identity theft became an official crime," Moore told Credit Union Times, "but consumer awareness has really increased since Sept. 11. That's one thing that's been really noticeable." Costs to institutions also are increasing. "Already financial institutions spend over $500 million a year in indirect costs. Legislation will undoubtedly pressure financial institutions, including credit unions, to deploy technologies to detect and prevent identity theft," Moore says, predicting that spending figure to grow to close to $2.5 billion a year by 2006. "The dramatic increase in spending will be driven by increased staff, increased numbers of customer-service call centers to address situations, and expenses incurred in legal costs and working with law enforcement agencies," the analyst says. The great majority (72% by her calculations) of identity fraud is credit card abuse, Moore says, with demand-deposit account fraud following far behind. But the online world is particularly vulnerable, Moore observes, and the increase in online account opening services could make that area more susceptible to fraud as well. "Less than 5% of identity theft cases originated from online information in 1998. By 2006, we expect that over 25% of cases will result on account of the Internet," the Celent analyst says. Credit unions, of course, are hardly immune, and organizations such as NAFCU and CUNA have gotten involved. NAFCU, for instance, has sold more than 400,000 copies of a statement insert about identity fraud that credit unions now are distributing to members. The organization also is addressing the topic in an Oct. 2 audio conference titled "Identity Theft: What to do when Bad Things Happen to Your Member's Good Name." Presenters will include experts from the Federal Trade Commission, U.S. Public Interest Research Group, NAFCU and Congress. "Despite the passage of the Identity Theft and Assumption Deterrence Act of 1998, identity theft has skyrocketed," says NAFCU spokesman John Zimmerman. "With 30,000 complaints in 2000 and 86,000 in 2001, complaints are on a pace to double again in 2002. "How do identity thieves succeed? What can you do to protect yourself, your credit union and your members?" "There are obviously a whole slew of critical operation and regulatory issues credit unions must be abreast of that we fit into our education programs, and that includes identity theft," Zimmerman says. Consumer education is one weapon in the fight. But credit unions also need to educate themselves more about what they can do in their internal operations, experts say. "I deal mostly with the technology that deals with protecting credit unions, and what I find is that many are not doing nearly enough to protect their systems and members from potential attacks," says Kevin Prince, an Internet security specialist with CUNA Network Services. "Security technology is now quite inexpensive and it doesn't take much to get a CU where they need to be from a security perspective," he says. "Certainly since 9/11, there has been a greater awareness of security issues, although not to the extent that I would have thought," Prince adds. "There is still such a lack of understanding and awareness of Internet security issues that could lead to identity fraud that it's a little scary." Many credit unions that lack internal expertise turn to their Internet service providers for the final word on online security, and what they hear "may or may not be true," the CUNA Network Services specialist says. "Credit unions need to enlist the help of a partner who is security savvy and understands the regulatory issues as well as their specific environment," he says. Identity fraud is indeed a complicated, ongoing problem that must be addressed on several fronts, Larry Jones would agree. "We have taken several steps involving all the areas you mentioned," said the vice president of marketing and electronic services at ORNL Federal Credit Union in Oak Ridge, Tenn."For instance, we employ fraud-detection software on our credit and debit cards. Videotape from our ATMs is searched regularly to identify unauthorized users of cards, and we have made efforts to educate our members," Jones says, such as distributing the NAFCU statement insert and stories in newsletters that go to the $630 million CU's 78,000 members. Member education also has been a major tool at Coastal FCU, a $1.1 billion, 112,000-member institution in Raleigh, N.C. As a result of such things as newsletter articles, a dedicated area on its Web page and statement inserts, "we run into a lot of members who think they're in a good position to be victims of identity fraud," says Carlton Howard, Coastal's vice president of marketing and product development. "We're not alarmists, we just want to be in a position to help members," Howard says, adding that Coastal hears "probably from about eight members a month who think they've been victimized. Usually they've just lost something or had something else unusual happen." He adds that teller training and the efforts "of the two ready, knowledgeable gentlemen we have in risk management" also are making a difference and that "I definitely think improving technology could help in this area. We're definitely using it at Coastal." They're not alone. Core processors, the primary technology partner for many credit unions, also are involved. "One of the most significant changes we've seen among our client base since Sept. 11 has been an increased desire to utilize technology in the protection of member data," says Diana Arnold, executive vice president for client services at re:Member Data Services in Indianapolis. "Credit unions are looking to technology as a means of escalating fraud-prevention initiatives," Arnold says. "Practices such as storing member photos and signatures as a standard part of the member record within the core processing system are becoming more prevalent," she says. George McGourty sees the same emphasis among his company's clients. "Credit unions were early adopters of electronic delivery channels such as Internet banking, so well before 9/11, credit union executives were cognizant of their responsibility," says the senior vice president of business development at Florida-based Aurum Technology. "Since 9/11, our credit union customers have expanded their IT security requirements to include ID authentication, expanded OFAC screening and other countermeasures to help protect their assets and comply with strict new government regulations," McGourty says. As for the combination of technology and regulation that Moore, the Celent Communications analysts, prescribes as an elixir for the problem of identity fraud, Jones, the ORNL vice president, observes: "I would agree that more robust technology, particularly new personal identification technology, would go a long way in helping to prevent identity theft and fraud against the consumer and financial institution. "I'm more hesitant to agree with the need for additional legislative measures, which usually result mainly in increased costs for us and, at best, marginal benefit to either the consumer or us." -

[email protected]