While the media focuses its attention on helping consumers avoid becoming victims of identity fraud, little attention is given to helping businesses and financial institutions prevent identity fraud. Credit unions, for example, share the responsibility of safeguarding their customers from becoming identity fraud victims. It is not only important for customers, but for the credit unions' bottom lines.

Treat Customer Data Like Diamonds

Precious stones represent significant value in very small, very portable and easily concealable packages. And since they are valuable, special care is taken to safeguard them.

By the same token, credit unions should treat customers' data like diamonds. This data is valuable to the credit union and should be stored and safeguarded carefully from unscrupulous or careless eyes. Holding this data also creates a trust between the credit union and its customers or potential customers. Some tips on how to protect data include:

1. Limiting access to online systems containing customer data to people who need the system

to do their jobs.

2. Limiting the distribution of reports containing individually identifiable customer data. Cross-shred these reports when they are no longer useful.

3. Safeguarding and limiting access to any files containing customer data. This includes spreadsheets, Word documents, etc. Delete these files when they are no longer being used.

4. Avoiding storing customer data on laptops. According to a 2006 data breach study from the Ponemon Institute, lost or stolen laptops are the leading source of data leaks, accounting for approximately 45% of all incidents.

Safeguarding your data is essential to preventing identity theft. Improper handling or protection of non-public information can also lead to legal consequences that would be detrimental to any company.

Know Thy Customer

The best way for credit unions to prevent identity fraud is by verifying a customer's identity when beginning a relationship. Validating a potential customer's identity helps avoid doing business with individuals who might have stolen or manufactured an identity. A number of technology solutions exist to validate identities against an external reference base. Some technologies also provide a score that helps validate the information the applicant supplies. Here are some examples of how to validate identities:

1. For applicants that apply in person:

a. Insist on a government issued photo ID for verification. Genuine IDs will have some form of authentication such as a hologram.

b. Have the applicant provide proof of residency, such as utility or cable bills.

2. For applicants applying through the Internet, use verification techniques that quiz the applicant based upon information only they are likely to know. Such algorithms are available through the credit bureaus and can be attached to your company's Web site.

3. Use available fraud databases. A number of government agencies (including the Federal Trade Commission) and private companies provide access to name repositories used in various types of fraud including identity fraud.

4. Pay attention to credit bureau alerts. In many cases, identity fraud victims will place an alert on their account with the credit bureaus. If an alert exists, process the application using extra caution.

5. Use available heuristic solutions and fraud scoring tools. Many companies have developed identity fraud solutions based on large pools of data and the experience

of many fraud experts. These solutions typically include heuristic rules developed through the fraud experts' experience, and are designed to highlight inconsistencies in the applicant's information. Scoring solutions

use statistical methods to predict when an applicant might be using someone else's identity.

Stay On Guard

Even the best applicant processes can't catch all the fraudsters. That is why setting up monitoring processes is extremely important to stop identity thieves before they strike. Following these two ways of monitoring customer data gives credit unions the best defense.

1. Regularly screen against an external fraud reference database. Screening customer bases against one or more fraud databases regularly heightens awareness of potentially fraudulent identities in a credit union customer base. Names are always being added to these external fraud databases.

2. Transaction monitoring. There are many customer-behavior indicators that might cause concern. These indicators vary from very simple to very complex behaviors. As stated above, many commercially available systems exist that utilize heuristically developed rules and/or statistically derived scorecards to flag accounts with suspicious behavior.

When credit unions are concerned about an account, they should act quickly. The first step is to contact the customer and validate account activity and revalidate identity information. If a validation can't be made, take steps to limit exposure of the customer account.

Identity fraud isn't going away. If anything, the Internet is fueling fraudsters' ability to commit theft and fraud. Hence, it is vital for all credit unions that deal with customer information to increase their awareness, and take steps to combat this growing crime. It's the best way to protect customers and credit union assets.