SAN DIEGO – Audra JoliCoeur dug through a garbage bag and pulled out an assortment of papers. They contained such things as a person's full name, address, Social Security number and date of birth – everything she needed to steal a person's identity. Fortunately, JoliCoeur is a special agent with the Federal Bureau of Investigation in San Diego and the “trash” that she pulled from the bag was documents she used to show just how easy it was for someone to take over another person's identity. “Identity theft is the fastest growing financial crime in the United States,” she said, noting that more than 7 million cases were reported in the past year, a tenfold increase over a year earlier. One in every six adults will be a victim of the crime, she predicted. “No one is immune from it,” she told an educational breakout session of the California/Nevada Credit Union League. “Your members are going to have their identity stolen. It is going to happen. There is no single way to prevent it.” One day before she made her presentation, prosecutors in San Diego announced they had broken up an identity theft ring that had swindled hundreds of people throughout San Diego County as well as sailors aboard the aircraft carrier Nimitz, where one of the accused was a crew member. JoliCoeur said there were simple steps that financial institutions could take to help prevent identity theft. “Unfortunately right now financial institutions, the U.S. government and state governments aren't doing a lot to prevent identity theft,” she said. “It's easier right now for financial institutions to write off losses for identity theft than it is for them to invest the money to put in the safeguards to prevent it from happening.” She said such an approach was shortsighted. “What they don't seem to realize is that in the long run, installing those safeguards will save them money,” JoliCoeur said. The biggest problem, she said, was failing to safeguard sensitive information, particularly a member's Social Security number, date of birth and full name. As she demonstrated in a recent session at the league's 2003 annual meeting and convention, it was a simple matter for anyone to obtain that information – and more – by “dumpster diving” in a person's trash. The information was equally accessible through mail theft or even directly by a credit union employee or hacker accessing the data online, she said. Documents such as checking or savings statements, credit card bills, medical bills and loan statements typically contain all the information a person would need to steal someone else's identity, JoliCoeur said. It would then be a simple matter to advise the issuers of a change of address and request a new ATM card, new checks or a new credit card. All that is usually need for verification purposes was a member number, Social Security number and date of birth – all of which were readily available on mailed documents. JoliCoeur's advice to credit unions, as well as to other financial service providers: “Quit putting that information on documents.” “There's not a single document here that needs to have that information on it,” she insisted. Rather than using a Social Security number to identify a member, for instance, credit unions could assign random numbers, she suggested. Checking account statements could be issued without account numbers, or in cases where a member had multiple accounts, the member could assign names to each of them, she said. Credit card statements could simply list the last four digits of the account, or use no numbers at all, JoliCoeur said. She also said there was no reason why financial institutions had to send photocopied checks with a statement, providing even more information to a criminal intent on stealing someone's identity. She said it would be a simple matter for a member to call and request a printout of a check if it was needed. JoliCoeur said the FBI also receives numerous calls about how easy it is for criminals to make use of draft checks, equity loans and credit card offers, all of which are sent unsolicited through the mail. While some people may shred those documents and others before tossing them in the trash, many others simply just throw them away, making them easy pickings for someone intent on stealing another person's identity. Instead of mailing such documents, JoliCoeur suggested members be notified that such items were available upon request or could be obtained directly at the credit union. She also recommended that when a change of address request is made, that financial institutions confirm with their customers that the request is valid. Dumpster divers and mail thieves aren't the only ones gathering personal information on others. JoliCoeur said employees of financial institutions or hackers were breaking into Web sites and were gaining access to sensitive customer information. Just two days after her presentation, Wells Fargo reported that financial and personal data – including Social Security numbers – on an undisclosed number of its bank customers had been stolen from computers containing the account information. JoliCoeur said credit unions should limit the access employees have to member information and that employees should be monitored or spot checked to make sure they weren't trying to access data which they didn't need. “Even me as an FBI employee, I have access to files that I don't need to have access to,” she said. “The difference is if I start accessing those files, somebody at headquarters is not only going to call me and ask what the heck I'm doing, they're going to call my boss and ask what the heck is she doing. “Credit unions need to have that same system in place and you need to know what each employee needs to have access to in order to do their job. If they're accessing different information, you need to find out immediately why. If an employee is accessing a large volume of information different from the normal pattern, you need to know why,” she said. Officials should also monitor member accounts and verify any unusual changes in activity or spending, she advised. Members should be notified immediately of any irregular activity, she said. “In general, most victims of identity theft don't realize they have been a victim for well over a year,” JoliCoeur said, adding that they only find out when they are turned down when they apply for a home loan, a car loan or a store credit card. “That same victim, while not responsible for those losses, is going to spend the next two years on average trying to repair their credit,” she noted. One of the reasons for that long time frame is because there is no one place to go for help when identity theft occurs. The FBI and Federal Trade Commission are working to set up a clearinghouse for information, which could be operational next year. In the meantime, JoliCoeur suggested victims report ID theft to law enforcement officials and check the Web site at www.consumer.gov/idtheft or call 866-IDTHEFT for information on how to clear up credit problems. “There is no single way to prevent your members from having their identity stolen,” she said. “But there are methods you can take to minimize the risk on behalf of the credit union. There are simple steps that we can take that won't cost any money or very little money and that can be instituted immediately that will prevent a lot of theft from occurring to your members.” -
Continue Reading for Free
Register and gain access to:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.