NCUA LETTER TO CREDIT UNIONS



Similar documents
Dear Concerned Consumer,

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you.

Citi Identity Theft Solutions

IDENTITY. theft. Identity theft can happen. to anyone. Previously, criminals stole your wallet. for your cash. Now they. want your wallet to

NCUA LETTER TO CREDIT UNIONS

Identity Theft Assistance Kit A self-help guide to protecting yourself and your identity

IDENTITY THEFT RESOURCE KIT

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Information to Protect Our Customers From Identity Theft

IDENTITY THEFT BROCHURE 2 6/3/05 3:07 PM Page 1 IDENTITY THEFT PROTECT YOUR IDENTITY IT S POSSIBLE@ LEARN HOW TO PROTECT YOUR PRIVATE INFORMATION

IDENTITY THEFT PROTECT YOUR IDENTITY IT S POSSIBLE@ LEARN HOW TO PROTECT YOUR PRIVATE INFORMATION

Identity Theft Assistance: Information for Recovering Your Good Name

ID Theft Toolkit and Affidavit


Identity Theft Protection

CITY OF ROCHESTER, MINNESOTA POLICE DEPARTMENT

PROTECT YOURSELF AND YOUR IDENTITY CHASE IDENTITY THEFT TOOL KIT

What You Need to Know About Identity Theft. Identity Theft Prevention Tips

PROTECT YOURSELF AND YOUR IDENTITY. Chase Identity Theft Tool Kit

INTRODUCTION. Identity Theft Crime Victim Assistance Kit

identity theft: How To Safeguard Your Privacy and Keep Your Good Name

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft

Pasco County Sheriff's Office Economic Crime Unit. Identity Theft Guide

IDENTITY THEFT VICTIMS: IMMEDIATE STEPS

WHAT S IT ALL ABOUT?

SECURITY BREACH INCIDENT RESPONSE AND CONSUMER NOTIFICATION PLAN TABLE OF CONTENTS PROGRAM OVERVIEW... DEFINITIONS... REPORTING A SECURITY BREACH...

How To Get A Free Credit Report From A Credit Report Website

Identity Theft Victim s Packet

Identity Theft Victim s Packet

West Palm Beach Police Department s Identity Theft Victim s Packet

Identity Theft Victim Checklist

How To Get A Credit Card From A Fraudulent Account

FTC Facts. For Consumers Federal Trade Commission. Maybe you never opened that account, but. Identity Crisis... What to Do If Your Identity is Stolen

Information carelessly discarded into the trash can be stolen when a thief digs through the garbage.

MACOMB COUNTY SHERIFF S OFFICE IDENTITY THEFT VICTIM S PACKET

Investigation and Prosecution of Identity Theft

Identity Theft Victim s Packet

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft

ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia (404) (404)

Facts and Statistics

IDENTITY THEFT. Public Advisory. This Public Advisory is a publication of the Nassau County Police Department.

Identity Theft Victim Guide

Identity Theft Victim Checklist

Identity Theft Victim s Packet

York County Sheriff's Office Identity Theft Victim s Packet

Identity Theft Packet

PROTECTING YOURSELF FROM IDENTITY THEFT. The Office of the Attorney General of Maryland Identity Theft Unit

TABLE OF CONTENTS. Identity Theft Steps to take if you are a victim Page 3

Identity Theft. Prevention and Recovery Information Kit

Fraud and Identity Theft. Megan Stearns, Credit Counselor

About the Federal Reserve

Identity Theft Victim s Packet

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

U.S. Postal Inspection Service. Ensuring Confidence in the U.S. Mail

ARE YOU A VICTIM OF AN IDENTITY CRIME?

Get back your good name. Refuse to be a target of identity crime again.

Financial Crime Report

IDENTITY THEFT. A. What Do I Do First? Take the following steps as soon as you discover you have been a victim of identity theft.

Avondale Police Department Identity Theft / Fraud / Forgery Victim's Packet

How To Get A Credit Card From A Credit Union

Identity Theft: It CAN Happen to You

Chapter 6 Appendix A

Identity Theft Victim s Packet

Identity Theft. Emergency Repair Kit

DAVE COGDILL. California Legislature Assembly

Lake County Sheriff s Office Identity Theft/Fraud Packet

Identity Theft and Fraud

I dentity theft occurs

What is Identity Theft?

BATTLE CREEK POLICE DEPARTMENT IDENTITY THEFT VICTIM S PACKET

DAVE COGDILL ASSEMBLYMAN, 25TH DISTRICT. It also describes what steps to take if someone steals your identity.

T E X A S Y O U N G L A W Y E R S A S S O C I A T I O N A N D S T A T E B A R O F T E X A S I D E N T I T Y T H E F T G U I D E

Identity Theft/Credit Fraud Kit

Identity Theft: Your Good Name Gone Bad!

Methods of Preventing Identity Theft

Plymouth Township Police Department s Identity Theft Victim s Packet

IDENTITY THEFT VICTIM S PACKET

the first ACNB Bank transactionss in ACNB Bank will work number. Information on Thank you

SECURITY FREEZE INFORMATION FOR KENTUCKY RESIDENTS

Identity Theft Repair Kit

Information copied from Federal Trade Commission Website (

Credit Card Identity Theft Prevention Tips

Crime Prevention Tips

INFORMATION FOR VICTIMS OF FRAUD CRIMES SCHERTZ POLICE DEPARTMENT

Identity Theft and Fraud Prevention

The Attorney General s Office established the Identity Theft Unit in response to increased identity theft incidents reported by Indiana citizens and

IDENTITY THEFT PREVENTION PROGRAM

Milford Police Department

According to the Federal Trade Commission (FTC): The FTC is a government agency that promotes consumer protection

Reclaiming your identity

It Could Happen To You! Attorney General Tom Reilly s. Guide to Protecting Yourself and Your Credit

Dear Consumer, What's in this packet: Identity Theft Victim Checklist Identity Theft Victim Worksheet Sample Letters

Florida's Identity Theft Victim Kit

Corona Police Department

Protecting Yourself from Identity Theft

Identity Theft Victim Checklist

Identity Theft - 10 Steps to Prevent It

Preventing Identity Theft National City Bank. How to protect your identity

Identity Theft Information

Protecting Yourself from Identity Theft

Transcription:

NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA DATE: September 2001 LETTER NO.: 01-CU-09 TO: SUBJ: Federally Insured Credit Unions Identity Theft and Pretext Calling ENCL: (1) Guidance on Identity Theft and Pretext Calling (2) Appendix (3) Identity Theft Brochure The Gramm-Leach-Bliley Act (GLBA) requires the NCUA to provide guidance to credit unions concerning the unauthorized disclosure of financial information. In response to this requirement, the NCUA has developed the enclosed, Guidance on Identity Theft and Pretext Calling, to address how credit unions should protect member information against these two areas of consumer fraud. The Guidance: summarizes federal laws that pertain to identity theft and pretext calling; discusses measures credit unions can take to protect member information; informs credit unions how they should report suspected criminal activity; highlights the importance of consumer education to prevent fraud and assist victims of fraud; and provides references for additional assistance and previous NCUA publications regarding or relating to identity theft and pretext calling. Also enclosed you will find NCUA s member pamphlet, How to Avoid Becoming a Victim of Identity Theft. This pamphlet is available for download from NCUA s website (www.ncua.gov).

If, after reviewing the enclosed documents, you have any questions or concerns, please contact your NCUA Regional Office or State Supervisory Authority. Enclosures Sincerely, /s/ Dennis Dollar Chairman

GUIDANCE ON IDENTITY THEFT AND PRETEXT CALLING The Gramm-Leach-Bliley Act (GLBA) directs the NCUA and the other agencies for federal financial institutions agencies to review their regulations and guidelines to ensure that financial institutions have policies, procedures, and controls in place to prevent the unauthorized disclosure of member financial information and to deter and detect fraudulent access to such information. Consistent with section 525 of the GLBA (15 U.S.C. 6825), the NCUA has developed the following guidance to address how credit unions should protect member information against identity theft. Guidance is also included on completing Suspicious Activity Reports (SARs) to report offenses associated with identity theft and pretext calling, i.e., posing as a member or someone authorized to have member information in order to obtain confidential member data. Several federal criminal statutes address illegal conduct associated with identity theft and pretext calling. These include: The Federal Criminal Code (18 U.S.C. 1028), which makes it a crime to knowingly use, without lawful authority, a means of identification (such as an individual's Social Security number or date of birth) of another person with the intent to commit a crime. Sections 521 and 523 of the GLBA (15 U.S.C. 6821, 6823), which make it a crime to obtain member information by means of false or fraudulent statements to an officer, employee, agent, or member of a financial institution. Sections 521 and 523 of the GLBA, which also make it a crime to request a third party to obtain member information from a credit union or other financial institution, if the requester knows the information will be obtained through fraudulent methods. (This generally means a credit union using member information obtained by pretext calling could be subject to criminal sanctions if the credit union knew how the information was obtained.) Protecting Member Information Credit unions should take various steps to safeguard member information and reduce the risk of loss from identity theft. These include: (1) establishing procedures to verify the identity of individuals applying for financial products; (2) establishing procedures to prevent fraudulent activities related to member information; and (3) maintaining a member information security program. 1. Verification Procedures. Verification procedures for new accounts should include, as appropriate, steps to ensure the accuracy and veracity of application information. These could involve using independent sources to confirm information submitted by a member; calling a member to confirm the member has opened a credit card or checking

account; using an independently verified telephone number; or verifying information through an employer identified on an application form. A credit union can also independently verify the zip code and telephone area code provided on an application are from the same geographical area. 2. Fraud Prevention. To prevent fraudulent address changes, credit unions should verify member information before executing an address change and send a confirmation of the address change to both the new address and the address of record. If a credit union gets a request for a new credit card or new checks in conjunction with a change of address notification, it should verify the request with the member. When opening a new account, a credit union should, where possible, check to ensure information provided on an application has not previously been associated with fraudulent activity. For example, if a credit union uses a consumer report to process a new account application and the report is issued with a fraud alert, the credit union's system for credit approval should flag the application and ensure the individual is contacted before it is processed. In addition, fraud alerts should be shared across the credit union's various lines of business. 3. Information Security. In February 2001, the NCUA revised the NCUA Rules and Regulations, Part 748 and issued guidance (Guidelines for the Safeguarding Member Information) on the security of member information. The regulation requires credit unions to implement a comprehensive information security program that includes appropriate administrative, technical, and physical safeguards for member information. To prevent pretext callers from using pieces of personal information to impersonate account holders in order to gain access to their account information, the regulation requires credit unions to establish written policies and procedures to control access to member information. Other measures that may reduce the incidence of pretext calling include limiting the circumstances under which member information may be disclosed by telephone. For example, a credit union may not permit employees to release information over the telephone unless the requesting individual provides a proper authorization code (other than a commonly used identifier). Credit unions can also use Caller ID or a request for a call-back number as tools to verify the authenticity of a request. Credit unions should train employees to recognize and report possible indicators of attempted pretext calling. They should also implement testing to determine the effectiveness of controls designed to thwart pretext callers, and may consider using independent staff or third parties to conduct unscheduled pretext phone calls to various departments.

Reporting Suspected Identity Theft and Pretext Calling Credit unions are required by regulation to report all known or suspected criminal violations to law enforcement and regulatory agencies on Suspicious Activity Reports (SARs). Criminal activity related to identity theft or pretext calling has historically manifested itself as credit or debit card fraud, loan or mortgage fraud, or false statements to the institution, among other things. As a means of better identifying and tracking known or suspected criminal violations related to identity theft and pretext calling, a credit union should, in addition to reporting the underlying fraud (such as credit card or loan fraud) on a SAR, also indicate within the SAR that such a known or suspected violation is the result of identity theft or pretext calling. Specifically, when identity theft or pretext calling is believed to be the underlying cause of the known or suspected criminal activity, the reporting credit union should, consistent with the existing SAR instructions, complete a SAR in the following manner: In Part III, Box 35, of the SAR, check all appropriate boxes that indicate the type of known or suspected violation being reported and, in addition, in the "Other" category, write in "identity theft" or "pretext calling," as appropriate. In Part V of the SAR, in the space provided for the narrative explanation of what is being reported, include the grounds for suspecting identity theft or pretext calling in addition to the other violation being reported. In the event the only known or suspected criminal violation detected is the identity theft or pretext calling, then write in "identity theft" or "pretext calling," as appropriate, in the "Other" category in Part III, Box 35, and provide a description of the activity in Part V of the SAR. Consumer Education The Federal Trade Commission (FTC) developed a consumer education pamphlet entitled "ID Theft: When Bad Things Happen To Your Good Name" which credit unions may use to provide information and assistance to their members. The Appendix to this Letter provides a complete listing of NCUA publications relating to these topics and instructions on how to obtain them. Also, the NCUA s Web site, www.ncua.gov, is periodically updated to contain the latest information on these topics. Another excellent source of information for consumers is the U.S. Government's central Web site for information about identity theft maintained by the FTC, www.consumer.gov/idtheft. Credit unions may wish to make available to their members information about how to prevent identity theft and necessary steps to take in the event a member becomes a victim of identity theft. Credit unions should assist their members who are victims of identity theft and fraud by having trained personnel to respond to member inquiries; by determining whether an account should be closed immediately after a report of unauthorized use; and by prompt

issuance of new checks or new credit, debit or ATM cards. If a member has multiple accounts with the credit union, the credit union should assess whether any other account has been the subject of potential fraud.

APPENDIX List Of Agency Issuances Regarding Information Security Below is a list of NCUA publications regarding, or related to, identity theft and pretext calling. These documents may be accessed at the NCUA Web site (www.ncua.gov) or ordered from NCUA s Publications Office, 1775 Duke Street, Alexandria, VA 22314-3428 (703-518-6340). Credit unions are encouraged to familiarize themselves with the contents of each issuance. NCUA Rules and Regulations, Part 748 and Appendix. NCUA Rules and Regulations, Part 716 Privacy of Consumer Financial Information and Appendix. Letter to Credit Unions #01-CU-02 Privacy of Consumer Financial Information. Letter to Credit Unions #00-CU-02 Identity Theft Prevention. Letter to Credit Unions #99-CU-05 Interagency Statement on Retail On-line PC Banking. Regulatory Alert #99-RA-3 Pretext Phone Calling by Account Information Brokers. Other Relevant Publications Identity Theft: What to Do if it Happens to You Available at: www.pirg.org. Identity Theft: When Bad Things Happen to Your Good Name Available at: www.consumer.gov/idtheft. Websites That Provide Further Guidance and Information Federal Trade Commission - www.consumer.gov/idtheft and www.ftc.gov U.S. PIRG and CALPIRG - www.pirg.org Privacy Rights Clearing House www.privacyrights.org Identity Theft Survival Kit www.identitytheft.org Better Business Bureau www.bbbonline.org

If You Become a Victim of Identity Theft If you believe that someone has stolen your identity, you should: Contact the fraud department of each of the three major credit bureaus to report the identity theft and request that the credit bureaus place a fraud alert and a victim s statement in your file. The fraud alert puts creditors on notice that you have been the victim of fraud, and the victim s statement asks them not to open additional accounts without first contacting you. The following are the telephone numbers for the fraud departments of the three national credit bureaus: Trans Union: 1-800-680-7289 Equifax: 1-800-525-6285 Experian: 1-888-397-3742 You may request a free copy of your credit report. Credit bureaus must provide a free copy of your report, if you have reason to believe the report is inaccurate because of fraud and you submit a request in writing. Review your report to make sure no additional fraudulent accounts have been opened in your name, or unauthorized changes made to your existing accounts. Also, check the section of your report that lists inquiries and request that any inquiries from companies that opened the fraudulent accounts be removed. Contact any credit union or other creditor where you have an account that you think may be the subject of identity theft. Advise them of the identity theft. Request that they restrict access to your account, change your account password, or close your account, if there is evidence that your account has been the target of criminal activity. If your credit union closes your account, ask them to issue you a new credit card, ATM card, debit card, or share drafts, as appropriate. File a report with your local police department. Contact the FTC s Identity Theft Hotline toll-free at 1-877-ID-THEFT (438-4338). The FTC puts the information into a secure consumer fraud database and shares it with local, state, and federal law enforcement agencies. National Credit Union Administration

What is Identify Theft? Here are a few basic steps you can take to avoid becoming a victim of identity theft and pretext calling: Identity theft is the fraudulent use of a person s personal identifying information. Often, identity thieves will use another person s personal information, such as a social security number, mother s maiden name, date of birth, or account number to open fraudulent new credit card accounts, charge existing credit card accounts, write share drafts, open share accounts, or obtain new loans. They may obtain this information by: Stealing wallets that contain personal identification information and credit cards. Stealing credit union statements from the mail. Diverting mail from its intended recipients by submitting a change of address form. Rummaging through trash for personal data. Stealing personal identification information from workplace records. Intercepting or otherwise obtaining information transmitted electronically. Pretext calling is a fraudulent means of obtaining a person s personal information. Pretext callers may contact credit union employees, posing as members, to access members personal account information. Information obtained from pretext calling may be sold to debt collection services, attorneys, and private investigators to use in court proceedings. Identity thieves may also engage in pretext calling to obtain personal information to create fraudulent accounts. Do not give personal information, such as account numbers or social security numbers, over the telephone, through the mail, or over the Internet, unless you initiated the contact or know with whom you are dealing. Store personal information in a safe place and tear up old credit card receipts, ATM receipts, old account statements, and unused credit card offers before throwing them away. Protect your PINs and other passwords. Avoid using easily available information such as your mother s maiden name, your birth date, the last four digits of your social security number, your phone number, etc. Carry only the minimum amount of identifying information and number of credit cards that you need. Pay attention to billing cycles and statements. Inquire of the credit union, if you do not receive a monthly bill. It may mean that the bill has been diverted by an identity thief. Check account statements carefully to ensure all charges, share drafts, or withdrawals were authorized. Guard your mail from theft. If you have the type of mailbox with a flag to signal that the box contains mail, do not leave bill payment envelopes in your mailbox with the flag up. Instead, deposit them in a post office collection box or at the local post office. Promptly remove incoming mail. Order copies of your credit report from each of the three major credit bureaus once a year to ensure that they are accurate. The law permits the credit bureaus to charge $8.50 for a copy of the report (unless you live in a state that requires the credit bureaus to provide you with one free copy of your report annually). If you prefer not to receive pre-approved offers of credit, you can opt out of such offers by calling (888) 5 OPT OUT. If you want to remove your name from many national direct mail lists, send your name and address to: DMA Mail Preference Service P.O. Box 9008 Farmingdale, NY 11735-9008 If you want to reduce the number of telephone solicitations from many national marketers, send your name, address, and telephone number to: DMA Telephone Preference Service P.O. Box 9014 Farmingdale, NY 11735-9014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information