FDIC Wants Banks to Notify Customers of Identity Theft

On Friday, March 18, 2005, regulators at the Federal Deposit Insurance Corp. (FDIC) voted 5-0 to approve a ruling that would force U.S. banks to warn their customers if they believe their customers have been subjected to identity theft.

The ruling follows several highly publicized consumer privacy breaches that were disclosed over the last few weeks, including the loss of backup tapes containing the credit card information of 1.2 million federal workers by Bank of America; the loss of 145,000 customers' personal information to identity thieves at ChoicePoint, an aggregator and reseller of personal information; the loss and possible theft of customer credit card information from over 100 DSW Stores, a nationwide shoe retailer; and the disclosure from Lexis-Nexis, a compiler of legal and consumer information, that the Social Security numbers, names and addresses of 30,000 people may have been stolen by identity thieves.

The FDIC decision comes at a time when lawmakers in Washington, DC are mulling legislation that could force companies to disclose material breaches of customer information. The FDIC proposal is somewhat similar to California's Information Practice Act (A.K.A. SB 1386) which mandates similar public disclosure for companies that have exposed California residents to privacy breaches, although whereas SB 1386 requires companies to disclose all breaches, the proposed FDIC rule would only require banks to disclose breaches in which they believe customers' private information was misused.

"The FDIC ruling, if approved by the Federal Reserve, could cause a significant increase in identity theft disclosures," said Stickley, a banking security expert and the Chief Technology Officer for TraceSecurity.

"Today, most large-scale identity thefts go unreported, either because the bank wants to avoid tarnishing their reputation or because they are simply unaware of the breaches. Many banks employ archaic data privacy practices that haven't kept pace with the evolving threats. The exploits of identity thieves, however, which are often coordinated by international crime syndicates, have become increasingly creative and sophisticated. Many banks are caught in a catch-22 situation: Their customers are demanding greater online access to a broader range of financial services, yet as banks make their services available online to customers, they're also making them available to thieves."

"There's no single silver bullet that can eliminate identity theft," concludes Stickley. "Based on our experience, the banks that do the best job of protecting their customers' information are the banks that view information security not as a static one-time fix, but as a regularly monitored business process that requires continuous improvement. Information security must become infused directly into every facet of the business, governing everything from policies and procedures for how the receptionist greets front desk visitors, to how waste paper is shredded, to how software engineers design and test the guts of online banking applications."

You may like these other stories...

Plan ahead before you buy some shares in a stock mutual fund near yearend, when the fund is about to pay a dividend. It might be better to wait until after the fund goes "ex-dividend," that is, wait until after the...
AgFeed agrees to pay $18 million to settle SEC accounting fraud caseMichael Rapoport of the Wall Street Journal reported on Monday that AgFeed Industries Inc. has agreed to pay $18 million to settle US Securities and...
Many accountants struggle with payroll, either because they have too much of it or they don't want to do any of it. Either way, they are at odds with the needs of their business clients. Most clients are looking for a...

Already a member? log in here.

Upcoming CPE Webinars

Sep 18
In this course, Amber Setter will shine the light on different types of leadership behavior- an integral part of everyone's career.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.