Identity theft is one of the fastest growing crimes in America, and one of the hardest to recover from. Each of us have only one identity, and once it's been stolen, it's a long and arduous battle back to good credit.
Indeed, the past three years have seen identity theft losses hover around $50 billion per year. In 2007, individuals recovering from fraud spent an average $550 in out-of-pocket expenses and 116 hours repairing damage done to an existing account, according to the U.S. Department of Justice. The average loss in goods and services to businesses was nearly $49,000.
Fortunately, technology has come a long way in preventing fraud in the past 20 years. Before the evolution of advanced antitheft technology, fraud experts manually reviewed statements for unusual transactions. However, the customer was often the first to spot counterfeit or fraudulent transactions.
Recommended For You
Two key antitheft technologies developed in the early 1990s transformed the fraud-prevention scene: rules-based systems and neural networks. Rules-based systems are founded on common fraud attributes. When those behaviors are found, it signals the account should be reviewed and the activity verified. Neural networks understand and recognize individual cardholders' patterns of behavior. When a deviation from that pattern is noted, the next credit or debit transaction is flagged and reviewed for possible fraud.
Now investigators and fraud analysts have reliable tools at their disposal to assist in the prevention and recognition of fraud as it occurs and to stop full-blown identity theft before it happens.
Cyberthieves have also turned to technology, and the instances of identity theft have moved in lockstep. Data breach reports are up 69% so far in 2008, compared with the same time period in 2007, according to the Identity Theft Resource Center. Reports from financial institutions, which accounted for 10% of all reports issued between Jan. 1 and June 27, are also on the rise.
In the past year, cases such as TJX Co. have made national headlines. In the two years TJX's encryption software was breached, 95 million customers' identities were compromised. That's almost one in three American adults. This major breach also affected virtually every credit union in the U.S.
To fight back, large credit unions have invested millions of dollars in preventative risk management systems, such as neural networks and sophisticated monitoring programs. As a result, experienced cyber thieves are looking for new ways to penetrate these anti-theft programs.
One emerging threat called vishing has already affected thousands of people in the Midwest. In these cases, criminals use the power of Voice over Internet Protocol to spoof caller IDs and prey on unsuspecting credit union members. Believing the information displayed on their caller IDs is accurate, members are willing to share their private personal and financial information with the caller who is not, as their caller ID claims, a credit union employee.
It's my belief that criminals will turn their attention to the small and mid-tier credit unions. In the past, these smaller institutions knew their customers. But today's scenario is different. Marketing pressures and demographic shifts have resulted in a flow of new members opening accounts with credit unions without previous relations.
Unfortunately, that means these customers are most often only known as ID numbers. This results in increased risk and liability, and the need to strengthen verification and authentication services. The good news is there are tools readily available and at a cost every credit union can afford.
For example, address change verification and authentication tools are available that validate an account holder's identity in mere seconds. Should an individual attempt to change an address or open a new account, whether online or at a brick-and-mortar location, these tools compare the supplied information with hundreds of databases and either permit the transaction or flag it as fraudulent. The chance of a criminal obtaining access to a member's personal finances is significantly reduced.
Of course, credit monitoring is also an available and valuable tool. But some services take monitoring to a new level, and monitor the total identity. By constantly watching thousands of databases, such as utilities, DMV records, medical records and others that use Social Security numbers, identity monitoring can catch any noncredit related instances of fraud that would not normally be detected by credit monitoring.
Credit unions can also protect their customers from identity theft by:
Protecting customer data through encryption, adherence to privacy policies and a robust authentication method to open new accounts.
Shredding all customer personal information. Even better, sponsor a community shred day, where the community can bring information to be shredded.
Employing anti-phishing solutions to ensure a cybercrook doesn't set up a Web site that resembles your site. Many customer pins and passwords have been stolen this way.
Limiting employee access to customers' sensitive information.
Monitoring accounts for suspicious activity that doesn't fit the normal customer pattern. Exception reports are a key ingredient in preventing catastrophic losses. They are readily available and easily implemented.
Educating, training and empowering your employees to take action when they suspect fraud. Make sure your policies and procedures are up to date and written copies are readily available to all employees.
Take the steps to beat fraud. Ironclad identity theft protection is the difference between a secure credit union and a crowded marketplace. In today's fragile financial times, it'll help you retain members, attract new ones and keep cybercrooks out in the cold.
Tom Harkins is the chief strategy officer for Secure Identity Systems.
He can be reached at 615-515-0900 [email protected]
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more inforrmation visit Asset & Logo Licensing.