ID Theft Red Flags: Institutions Found Lacking in Awareness, Vendor Management

ID Theft Red Flags: Institutions Found Lacking in Awareness, Vendor Management
FDIC Examiners Find 'Substantial Compliance' with New Reg, But Also See Common Challenges
March 31, 2009 - Linda McGlasson, Managing Editor

In the five months since the compliance deadline for the Identity Theft Red Flags Rule, banking institutions generally are compliant. But examiners are finding issues with security awareness and vendor management.

This is the initial report from the Federal Deposit Insurance Corporation (FDIC), the largest U.S. bank regulator. The FDIC and other regulators have been testing Red Flags compliance at financial institutions since Nov. 1.

The good news, says Michael Jackson, spokesperson for the FDIC's regulatory compliance division, is that examiners have found "substantial compliance with the Red Flags regulations."

Still, there are three common issues that have arisen among banks that have been examined:

Covered Accounts - Some banks are misidentifying their covered accounts. Small business accounts are not automatically covered under the Red Flags regulation, Jackson says, but some should be included if the risk for identity theft is reasonably foreseeable. Some banks have had small business accounts that were victims of identity theft, but were not included among covered accounts.

Security Training - Some banks have not put together employee training, which is required, Jackson says. "By the regulation, they may have talked about it or assigned it to someone, but they need to have an actual program in place and have their employees trained on it." He says it would look better to examiners if institutions already had moved forward in training. "While banks may at this time be more focused on other things -- they may have [training] scheduled for sometime in the future -- but it is something they do need to work on a little more."

Vendor Management - Another area where examiners are interested in is in the area of third-party service providers (TSPs), says Jackson. "Banks are not adequately overseeing the oversight of their third party service providers' (TSP) compliance with red flags regulation," he says. "Even though they are not directly answerable to the regulation, these TSPs that hold information on these covered accounts or process transactions for these covered accounts need to be taking appropriate steps to prevent and mitigate ID theft."
(Full text at www.bankinfosecurity.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com