“You shouldn’t have to do it alone.”
Identity Safeguards (IDS)—Tualatin, OR. The national leader in providing identity theft solutions to businesses and individuals with a focus on identity recovery & damage mitigation. Service Provider hand selected by Tri-PAC. Capacity to handle large volume with a proven history of establishing the best in practices industry standards for others to follow.
THE FACTS: Information crimes such as identity theft are the leading concern to businesses and individuals.
Identity Theft, the “Fastest Growing Crime in America,” can cause financial and emotional devastation to its victims.
• 1 in 5,000 will be a victim of a violent crime in their lifetime (raped, murdered, robbed) • 1 in 3,000 will develop heart disease • 1 in 32 will be involved in an auto accident • 1 in 27 of your customers & employees are currently dealing with an identity theft situation
A recent survey determined over 40% are interested in Identity Theft Protection.
Identity Theft victims suffer from inaccurate or derogatory entries on credit reports, public records, criminal records, medical records or educational transcripts FACT: 17.8% of victims attempting to restore their own identity & credit profile were unsuccessful and gave up due to the frustration involved in the process!* *Source: Article “The aftermath of Identity Theft“
1. Victims will lose work productivity over time due to distractions created by the recovery process, often attempted alone. 2. In another survey, over half of the victims said they spent more than 175 hours repairing the damages of identity theft. 3. During recovery, victims may by denied job opportunities, tuition assistance, housing & automobile loans. 4. Many victims have been arrested for crimes they did not commit. 5. Medical identity theft cases have increased in number and can result in lethal consequences. 6. Illegal immigrants use legitimate social security numbers to obtain employment.
Identity Theft 101: What is identity Theft?
Identity Theft (definition): The unauthorized use of a person’s non-
public personal information such as a social security number, DOB, or bank account number to:
Commit Fraud or Identity Theft
Mortgage Fraud, Bank Fraud, or Internet Scam
Obtain Illegal employment
Obtain insurance benefits
Medical/Health benefit plans or Auto Insurance
“Street criminals have little risk of being caught and do not have to reveal their identity to cash in BIG! - Case Example: Arrowhead Stadium; Lindsey Smith
Identity Theft: An American Crisis
• • • Customers: Over 10 million Americans were victims in 2005. Consumers/Retailers: Costing over 50 billion a year to the retail industry. Business: Tangible and intangible costs are unknown with some businesses losing over 40% of their customers due to lack of trust after a security breach involving loss of customer’s personal data. Government: Identity Theft Task Force appointed by President Busch to develop ways to control identity theft; Major Government Security Failures such as the Dept. of Veteran Affairs laptop incident. Mortgage Industry Profits: An industry loses BIG profits due to the number of loans involving fraudulent appraisals and identity theft. Many homeowners are living in houses worth far less than they owe. B/C Lenders reports record foreclosure rates / customers can’t qualify for refinanced value. Identity Theft Funds Terrorism: It isn’t just a Nigerian black letter scam or Canadian Lottery scam. (i.e.) case example: New Guinea Church Mission in Overland Park, KS. -- Detective K. Duncan (Ret) 2005.
3 Types of Identity Theft
“It goes beyond your credit score.”
1. Financial Identity Theft: Using someone’s information for financial gain. 2. Medical Identity Theft: Using someone’s information for medical treatment. 3. Criminal Identity Theft: Using someone’s name to commit a crime. 4. Employment/Tax Fraud: Categorized as Financial Identity Theft but can be Medical Identity Theft.
Do not lose focus during the recovery process and get tunnel vision on just your credit score. Other types of identity theft can have severe effects on you rights and even your freedom.
3 Types of Identity Thieves
Opportunity & minimal jail time fuel the epidemic
• Collector: Auto Burglary or Residential Burglary, Dumpster • Converter: Transforms stolen identities into useable
Divers, Hackers, or even a Waitress (often organized crime).
identification by counterfeiting documents, personal and payroll checks to commit fraud.
your homeless person, or drug addicted individual who is not concerned with being arrested.
• Passer: Recruited by the converter or associate; this is usually
• RESULT: Your information is used time and time again due to being sold to other criminals and on more than one occasion. • Law Enforcement often overlooks the Real Criminal in this scenario by taking the easy arrest and doing nothing further.
Medical Identity Theft:
A deadly issue and growing concern
• Rx Fraud leads to stroke (Aurora, CO) • Medical records listing the wrong blood type due to identity theft results in almost lethal consequences. (Boston, MA) • Cancer patient denied treatment after being diagnosed with brain cancer due to an identity thief using the maximum benefits on the insurance policy. (Orlando, FL) • Allergic reactions to medication cases.
Other Side-Effects Include: Denial of employment due to companies conducting checks of medical data on file in clearing houses.
Criminal Identity Theft; Your Rights, Your Freedom!
1. A retired Kansas City businessman was arrested upon landing at DFW for Forgery due to a janitor stealing his identity and forging $10,000 in checks. An Ohio resident was denied his right to purchase a firearm when he was told by the store owner that he did not pass the criminal history check. An identity thief had been convicted of burglary in California under his name. Criminal Records affected by Identity Theft can result in loss of your right to VOTE, buy a GUN or, in some cases, incarceration at no fault of your own.
What does the FTC consider "Customer Information"?
In simple terms, the regulations want you to protect non-public personal information (NPI). This can be defined as any personally identifiable financial information that a is collected about an individual in connection with providing a finance contract
Any information an individual provides you to get a financial product including
1. 2. 3. 4. 5. 6. 7. Name Address Social Security Bank or loan account numbers Credit cards Loan or deposit balances Payment history and credit history reports.
5 Elements Required for Compliance
by Federal Regulation
The regulations require that financial institutions develop a written plan and include the following five elements in their security programs:
1. Designate an employee to coordinate your information security program. 2. Identify reasonably foreseeable risks to your customer information that could result in unauthorized disclosure, misuse, alteration or destruction. Assess the sufficiency of any safeguards in place to control these risks. 3. Design and implement safeguards to control the risks identified above. Regularly test or otherwise monitor the effectiveness of your program. 4. Oversee your service providers by taking reasonable steps to select and retain providers that are capable of maintaining the appropriate security of your customer information. You should require your service providers, by contract, to implement and maintain security measures. 5. Evaluate and adjust your security program based on the results of testing performed in accordance with step 3 above and any material changes to your business operations.
FTC FINES BIG $$
• As you can see from the five elements, the regulations not only require you to undertake actions to get into compliance, but you are also required to take prescribed actions, such as testing your security program, to stay in compliance. If you are not in compliance, the FTC can levy a fine of up to $11,000 per day.
FTC Red Flag Program
Recovery-Readiness is the law!
Average cost per person to a business for data loss...$90 100,000 names = $9M “Can you afford not to comply?”
The Gramm-Leach-Bliley Act & the FTC Safeguards Rule. “What Auto Dealers or any business should know about Identity Theft compliance.”
Red Flag Program
• • • FTC releases proposed interagency rules (FACTA) sections 114 and 315 - Fair and Accurate Credit Transactions Act of 2003 Define red flags (yes) Verify the identity of persons opening accounts (yes)
• • • •
Detect red flags (yes)
Assess whether a red flag evidences risk of identity theft Mitigate the risk of identity theft using a risk based approached Train staff to implement the program Oversee service provider arrangements including an independent assessment of any third-party fraud or identity theft detection program that are used by the institution to determine if the program meets requirements of red flag regulations and guidelines The board of directors or an appropriate committee of the board MUST APPROVE the program The board MUST annually evaluate the program. Continuously monitor, evaluate, and adjust its program
• • •
Business Tips to Develop Your Program
• • Make sure you address all of the required elements of the regulations. Simply typing up a policy is not enough. A policy does not equate to a "program" in the eyes of the FTC. Identify the person who will be "in-charge" of your program. The term commonly being used is "Program Coordinator". Be sure you give this person the time it will take to develop an appropriate program and the proper amount of authority to get you in compliance and keep you there. Prepare a written risk assessment. No where in the regulations does it say that you are required to have anything other than your policies in writing, but practically speaking there are three good reasons to do so: • You will be able to organize your policies to address all of the risks identified. • If the FTC comes knocking, you will be able to easily demonstrate that you are in compliance.
• All of the attorneys who have spoken at seminars on this topic say repeatedly to document, document, document!
• Make a list of your risks and threats identified during your assessment.
• Train your employees. First, employees must be trained so that they are aware of, and understand, the FTC Safeguards Rule. Secondly, you must train your employees so that they are informed of your company's specific policies in your security program. Be sure to keep a log of all employees who attend training.
Have all employees sign an agreement to follow your company's security polices as well as acknowledge that they have been properly trained.
Create testing procedures that can be conducted on a regular basis. Create a log or some other way to track your testing history. Again, if the FTC comes, you want to be ready. No matter how you choose to attack the development of your Information Security Program, a significant amount of time and effort will be required by your organization. Focus should be on developing a comprehensive program that addresses all of the required elements.
Prepare written policies…
…that not only address the specific requirements you intend each employee to follow, but also management's plan to deal with all elements of your program. Examples of areas you should consider including in your policies are:
• Program Coordinator duties • Handling and reporting breeches or violations of your security program • Employee training and orientation procedures • Hiring and screening process • Program testing plans • Computer access and security rules
FTC Safeguards Rule
The Gramm-Leach-Bliley Act of 1999 established the FTC Safeguards Rule that requires Mortgage Companies to “develop, implement, and maintain a comprehensive information security and recovery program.” One of the greatest challenges facing mortgage companies today is safeguarding their customers’ personal information. Thirty one states in the US now have laws that require Mortgage Companies, regardless of size, to provide notification and/or credit monitoring to those affected by the breach. A Security Breach or loss of data can cost you an average of $90 per customer record. A data loss involving just 5,000 records could cost your company up to $450,000. Further, the loss of customer trust can never be measured.
“Red Flag” Program
WASHINGTON -- The federal financial institution regulatory agencies and the Federal Trade Commission are soliciting comments on a Notice of Proposed Rulemaking (NPRM) concerning identity theft “red flags” and address discrepancies. The NPRM, which has been reviewed and approved by each of the listed agencies, implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The regulations that the agencies are jointly proposing would require each financial institution and creditor to develop and implement an identity theft prevention program that includes policies and procedures for detecting, preventing, and mitigating identity theft in connection with account openings and existing accounts. The proposed regulations include guidelines listing patterns, practices, and specific forms of activity that should raise a “red flag” signaling a possible risk of identity theft. Under the proposed regulations, an identity theft prevention program established by a financial institution or creditor would have to include policies and procedures for detecting any “red flag” relevant to its operations and implementing a mitigation strategy appropriate for the level of risk. The proposed regulations also would require credit and debit card issuers to develop policies and procedures to assess the validity of a request for a change of address followed closely by a request for an additional or replacement card.
Fully Managed Focus on Identity Recovery
• • • A comprehensive fully managed Recovery with personalized damage assessment and sets goals for recovery process. Review the Member’s credit files with the Member to determine the accuracy of the file and potential areas of fraud. Notify the Member’s affected creditors, financial institutions, and utility providers of the identity theft.
Provide assistance in filing a Police Report / location a station and appropriate jurisdiction.
Collect information regarding misuse of the Member’s accounts to be shared with law enforcement. When appropriate, provide assistance with obtaining and reviewing the Member’s Social Security Profit Earnings and Benefits Statement.
Fully Managed Focus on Identity Recovery
Provide information to the FTC, and other government agencies as appropriate.
Work to restore the victim’s credit file to pre-event status. File forms, affidavits, contact collectors to stop undo harassment or phone calls on your behalf.
• • •
Contact banks or account holders on your behalf that may be holding funds due to you as a result of the Identity Theft.
Provide answers to any questions the member may have Follow up tracking for 1 year after the Member’s Identity has been stolen to make sure your good name remains their good name. All your member has to do is report the incident to us within 90 days of discovering they are a victim. Note: Victims with pre-existing conditions are not covered by the blanket program. However, they can obtain recovery services at a reduced hourly rate.
Compliance, Recovery, Protection of Liability, Customer Care, and Revenue Stream
The Solution Provides:
The most comprehensive, fully-managed identity theft recovery program available today with complete restoration for customers to 100% preevent status.
Fraud prevention assistance from identity theft experts (unlimited phone consultation).
Identity Theft Recovery Agents will assist YOU in exploring what actions you should take to restore your identity.
Recovery Agent assists YOU in exploring what actions you should take in order to restore your identity.
Recovery Agent assists YOU to determine whether or not you've been a victim of identity fraud, and then to help YOU work through the process of recovery and resolution.
Recovery Agent helps YOU to determine what actions you need to take and then guide you through the resolution and recovery process.
Recovery Agent assists YOU with contacting all three national credit reporting agencies to place a fraud alert on your credit files. Recovery Agent assists YOU with requesting a copy of your credit report and advises you to review it carefully for additional fraudulent accounts and inaccurate data on existing accounts. A few months later, YOU must request new copies of your credit reports to make sure all corrections and changes have been made, and to ensure that no new fraudulent activity has occurred.
Recovery Agent assists YOU with contacting affected reporting agencies and the appropriate law enforcement agencies and with contacting creditors of accounts tampered with or opened fraudulently and have you ask to speak with someone in the fraud or security department YOU follow up in writing, as stated in the Fair Credit Billing Act, which addresses resolution of errors on credit billing statements, including charges made by someone else. YOU request any additional forms to dispute any fraudulent activities or transactions. YOU must notify the appropriate check verification services. YOU must call SCAN at 1-800-262-7771 and find out if an identity thief has been passing bad checks in your name. YOU close fraudulent accounts. Agent sends you a Fraud First Aid Kit that provides information and assistance in helping you recover your identity and restore your personal information. The kit advises YOU to file a complaint with the FTC, which maintains the Identity Fraud Data Clearinghouse.