 |
 |
 |
 |
 |
|
The federal financial institution regulatory agencies and the Federal Trade Commission have sent to the Federal Register for publication final rules on identity theft “red flags” and address discrepancies. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft
Consumers need to keep five tips in mind for managing their checking accounts and safeguarding their funds from unauthorized transfers by criminals, according to a new Federal Reserve Board publication.
The following GAO report highlights GAO-07-737, a report to congressional requesters.In recent years, many entities in the private, public, and government sectors have reported the loss or theft of sensitive personal information.
This bulletin is intended to provide guidance to national banks on a number of disclosure and marketing issues presented by gift cards, so that national banks that issue gift cards do so in a manner in which both purchasers and recipients of gift cards are fully informed of the terms and conditions of the product. A gift card is a type of prepaid or stored value card that is designed to be purchased by one consumer (purchaser) and presented as a gift to a second consumer (recipient). The terms and conditions of different gift card products can vary significantly, but gift cards are generally divided into two main categories: retail gift cards and bank-issued gift cards.
President Bush's Identity Theft Task Force today released its strategic plan for combating identity theft, the top consumer fraud reported to the Federal Trade Commission. It is an identity theft road map of the planned actions of the 17-agency task force. Treasury Deputy Assistant Secretary for Critical Infrastructure Protection and Compliance Policy D. Scott Parsons, who led the Department's efforts with the taskforce, released the following statement today.
The Federal Deposit Insurance Corporation (FDIC), a participant in the government-wide Identity Theft Task Force, will provide a direct link to the new, centralized government Web site on identity theft.
The new site, www.idtheft.gov, was launched today. Initially, the site will provide the Task Force's Strategic Plan. The Plan, which represents the input of 17 Federal agencies, including the FDIC, sets out recommendations to prevent identity theft, to assist identity theft victims in recovering from those crimes, and to prosecute and punish identity theft-related criminals. The Plan will be made public today. The taskforce was created on May 10, 2006, by Executive Order to strengthen Federal efforts to protect against identity theft.
For more information on the site, you can visit either www.idtheft.gov or www.fdic.gov.
Identity theft is fraud committed or attempted by using the identifying information of another person without his or her authority. Identifying information may include such things as a Social Security number, account number, date of birth, driver's license number, passport number, biometric data and other unique electronic identification numbers or codes. As more financial transactions are done electronically and remotely, and as more sensitive information is stored in electronic form, the opportunities for identity theft have increased significantly. 1 This policy statement describes the characteristics of identity theft and emphasizes the FDIC's well-defined expectations that institutions under its supervision detect, prevent and mitigate the effects of identity theft in order to protect consumers and help ensure safe and sound operations.
Kmart Corporation has agreed to settle Federal Trade Commission charges that it engaged in deceptive practices in advertising and selling its Kmart gift card. As part of the settlement, Kmart will implement a refund program and publicize it on its Web site. This is the agency’s first law enforcement action involving gift cards. “Consumers have a right to know when gift cards come with strings attached,” FTC Chairman Deborah Platt Majoras said. “If fees or restrictions apply, gift card issuers must fully and clearly disclose them.”
This bulletin is intended to provide guidance to national banks on a number of disclosure and marketing issues presented by gift cards, so that national banks that issue gift cards do so in a manner in which both purchasers and recipients of gift cards are fully informed of the terms and conditions of the product. A gift card is a type of prepaid or stored value card that is designed to be purchased by one consumer (purchaser) and presented as a gift to a second consumer (recipient). The terms and conditions of different gift card products can vary significantly, but gift cards are generally divided into two main categories: retail gift cards and bank-issued gift cards.
The Office of the Comptroller of the Currency (OCC) has been informed by the Committee on Financial Services of the U.S. House of Representatives that fraudulent correspondence, including e-mails, referring to the Committee and making use of the Committee’s letterhead is in circulation. The communications inform potential victims that they are due to receive large sums of money from an inheritance, but that they must first pay a large fee through lawyers to the Financial Services Committee in order to verify that the funds are not tied to terrorist financing. The Financial Services Committee does not require any person to obtain what the con-artists are calling a “Clean Bill of Record” for receiving inheritance money.
Purpose and Scope This document outlines the Office of Thrift Supervision’s (OTS’s) supervisory expectations for savings associations’ gift card programs. The purpose of this guidance is to ensure adequate account administration, marketing, and consumer disclosure practices for gift card programs; to encourage more uniform practices among the thrift institutions that offer gift card programs; and to promote consumer protection while continuing to encourage product innovation. Background A gift card is a payment card with a preloaded value that one consumer typically gives to another as a gift. Like a gift certificate, a consumer may use a gift card to purchase goods or services from one or more merchants.
The Federal Trade Commission today issued its annual report, "Consumer Fraud and Identity Theft Complaint Data" on complaints consumers have filed with the agency. For the seventh year in a row, identity theft tops the list, accounting for 36 percent of the 674,354 complaints received between January 1 and December 31, 2006. Other categories near the top of the complaint list include shop-at-home/catalog sales; prizes, sweepstakes and lotteries; Internet services and computer complaints; and Internet auction fraud.
Hurricanes Katrina and Rita destroyed homes and displaced millions of individuals. While federal and state governments continue to respond to this disaster, GAO has identified significant control weaknesses-specifically in the Federal Emergency Management Agency (FEMA)'s Individuals and Households Program (IHP) and in Department of Homeland Security (DHS)'s purchase card program—resulting in significant fraud, waste, and abuse. In response to the numerous recommendations GAO made, DHS and FEMA have reported on numerous actions taken to address our recommendations. Lessons learned from GAO's prior work can serve as a framework for an effective fraud prevention system for federal and state governments as they consider spending billions more on disaster recovery. These lessons are particularly important because funding that is lost to fraud, waste, and abuse reduces the amount of money that could be delivered to victims in need.
Many consumers have become victims of scams involving a fraudulent cashier’s check. A cashier's check is a check that is issued by a bank, and sold to its customer or another purchaser, that is a direct obligation of the bank. Cashier's checks are viewed as relatively risk-free instruments and, therefore, are often used as a trusted form of payment to consumers for goods and services. However, cashier's checks lately have become an attractive vehicle for fraud when used for payments to consumers. Although the amount of a cashier's check quickly becomes "available" for withdrawal by the consumer after the consumer deposits the check, these funds do not belong to the consumer if the check proves to be fraudulent.It may take weeks to discover that a cashier’s check is fraudulent.In the meantime, the consumer may have irrevocably wired the funds to a scam artist or otherwise used the funds - only to find out later, when the fraud is detected - that the consumer owes the bank the full amount of the cashier's check that had been deposited.
The Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) has prepared an assessment of mortgage loan fraud, which it based on its analysis of Suspicious Activity Reports (SARs). Financial institutions offering mortgage loan products may find the assessment useful. The assessment, entitled "Mortgage Loan Fraud," is available on FinCEN's Web site at http://www.fincen.gov/mortage_fraud.html.
The Office of the Comptroller of the Currency issued guidance today warning of the risks posed by scams involving fraudulent bank cashier's checks and describing steps national banks should take to protect themselves and their customers. A cashier's check, which is issued by a bank and sold to a consumer or other purchaser, represents a direct obligation of the bank. The guidance was issued in response to a growing incidence of scams involving cashier's checks. In most of these cases, individuals receive a cashier's check and are asked to deposit the check into their account, wait until funds become available and then wire some part of the funds from their account to a third party, often in a foreign country.
On May 10, 2006, the President signed an Executive Order establishing an Identity Theft Task Force, and directing it to develop a coordinated strategic plan to combat identity theft. The Task Force was specifically directed to make recommendations on ways to further improve the effectiveness and efficiency of the federal government's activities in the areas of identity theft awareness, prevention, detection, and prosecution. The Executive Order directed the Task Force to deliver the strategic plan to the President within 180 days. By further Executive Order, issued November 3, 2006, the President amended the original order to require submission of the strategic plan by February 9, 2007, or as soon as practicable thereafter as the Chairman and Co-Chairman shall determine.
How a financial institution can create an effective incident response program to mitigate a data security breach is reported in the FDIC's winter 2006 edition of Supervisory Insights, released today. Other topics covered in today's edition are: an update on CRE lending nationwide, with a look at best practices in CRE concentrations, particularly for identifying, monitoring and controlling risk in this lending area; the increasing number of unfair or deceptive acts or practices, and how examiners identify and address those violations; and highlights of recent USA PATRIOT Act changes and the types of Bank Secrecy Act (BSA)-related violations that examiners are citing.
On March 29, 2005, the Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), and Office of Thrift Supervision (OTS) (collectively, the Agencies) published the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (70 FR 15736) (Guidance). The Guidance interprets the requirements of section 501(b) of the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. 6801, and the Interagency Guidelines Establishing Information Security Standards (Security Guidelines) 1 to include the development and implementation of a response program to address unauthorized access to or use of customer information that could result in substantial harm or inconvenience to a customer.
At the request of the Federal Trade Commission, a federal court has shut down a payment processing operation that allegedly helped fraudulent telemarketers take millions of dollars from consumers' bank accounts. According to the FTC's complaint, since at least January 2003 the operation has aided at least nine Canada-based, advance-fee credit card schemes that induce consumers to allow an electronic debit of several hundred dollars from their bank account in exchange for an unsecured credit card; but consumers never receive a credit card or, at best, they receive a "benefits package" containing relatively worthless items.
The proposed information collection requirement described below has been submitted to the Office of Management and Budget (OMB) for review and approval, as required by the Paperwork Reduction Act of 1995. OTS is soliciting public comments on the proposal. DATES: Submit written comments on or before November 20, 2006.
The Federal Deposit Insurance Corporation (FDIC) has become aware of fraudulent e-mails appearing to be from the FDIC. The e-mails ask recipients to click on a hyperlink titled "Take the Corrective Action – Implement the LinkBank System." When accessed, the hyperlink takes the individual to a "spoofed" FDIC Web page. At that point, the individual is directed to provide online banking information, including bank name, username, and password. The fraudulent e-mails appear in "memo format" and are purportedly from "Russell A. Rau, Assistant Inspector General for Audits." The e-mails include a "Subject" line that states: "Division of Supervision and Consumer Protection's Risk-Focused Compliance Examination Process for [recipient's name inserted] (Report No. 05-038)."
Like any new technology, RFID presents new security and privacy risks that must be carefully mitigated through management, operational, and technical controls in order to realize the numerous benefits the technology has to offer. When practitioners adhere to sound security engineering principles, RFID technology can help a wide range of organizations and individuals realize substantial productivity gains and efficiencies. These organizations and individuals include hospitals and patients, retailers and customers, and manufacturers and suppliers throughout the supply chain. This guidance document provides an overview of RFID technology, the associated security and privacy risks, and recommended practices that will enable organizations to realize productivity improvements while safeguarding sensitive information and protecting the privacy of individuals. Radio frequency identification (RFID) is a form of automatic identification and data capture (AIDC) technology that uses electric or magnetic fields at radio frequencies to transmit information. An RFID system can be used to identify many types of objects, such as manufactured goods, animals, and people.
The Federal Deposit Insurance Corporation (FDIC) has announced that it will hold its next symposia on the importance of consumer confidence in e-commerce on October 5th in Mesa, Arizona, and on October 25th in Miami Beach, Florida. The half-day meetings will bring together experts from government and the private sector to discuss ways to combat online identity theft and help maintain public confidence in e-commerce. Opening the October 5th meeting will be keynote speaker Kelvin Boston, financial journalist, author and entrepreneur, and host of PBS's Moneywise with Kelvin Boston. Mr. Boston will provide an overview of the challenges and opportunities that businesses and consumers face in e-commerce. Panel discussions will follow with topics that include: Ensuring Integrity in Payment Systems; Building Confidence by Managing Risk in E-Commerce; and Consumer Rights and Resources in an E-Commerce World.
Alexandria, VA, September 27, 2006 - National Credit Union Administration (NCUA) Chairman JoAnn Johnson met recently with senior Administration officials to share recommendations with the President's Identity Theft Task Force. Based upon these recommendations, the Task Force will deliver a final strategic plan to President Bush in early November. During a September 19 Task Force meeting, Chairman Johnson joined U.S. Attorney General Alberto Gonzalez; Clay Johnson III, Deputy Director of the White House Office of Management and Budget, Michael Chertoff, Secretary of the Department of Homeland Security, Carlos M. Guiterrez, Secretary of Commerce; and other senior government officials to discuss recommendations to the President in key areas.
Good morning, Chairman Shelby, Ranking Member Sarbanes, and Members of the Committee. Thank you for the opportunity to discuss the views of the Office of Thrift Supervision (OTS) on the recently proposed Basel II capital framework and to update you on risk-based capital modernization in the U.S. When I testified before this Committee nearly a year ago, I discussed my views on the development of the Basel II framework as of November 2005. I expressed concern about what we had just learned from the quantitative impact study, QIS-4. In particular, I noted that if we applied the emerging U.S. Basel II standard to the portfolios of some of our largest banks, there could be a potentially significant drop in their capital levels and a wide dispersion of capital requirements between banks. I also stated that even beyond these concerns, we had yet to resolve difficult policy issues in the modernization of our risk-based capital standards.
Comptroller of the Currency John C. Dugan told a Senate committee today that the inadequacies of the current Basel I capital regime for the largest internationally active banks are a matter of great concern to the OCC because the agency supervises the five largest banks in the United States, some of which hold more than $1 trillion in assets, have complex balance sheets, take complex risks, and have complex risk management needs that are fundamentally different from those faced by community and mid-size banks. "The new regime is intended not only to align capital requirements more closely to the complex risks inherent in these largest institutions, but just as important—and this is a total departure from the existing capital framework—it would also require them to substantially improve their risk management systems and controls," Mr. Dugan said in testimony before the Senate Committee on Banking, Housing and Urban Affairs.
Statement of Sheila C. Bair Chairman Federal Deposit Insurance Corporation on the Interagency Proposal Regarding the Basel Capital Accord; before the Committee on Banking, Housing and Urban Affairs; U.S. Senate; 10:00 A.M.; Room 538, Dirksen Senate Office Building September 26, 2006 Chairman Shelby, Senator Sarbanes and members of the Committee, I appreciate the opportunity to testify on behalf of the Federal Deposit Insurance Corporation (FDIC) concerning the Basel II international capital accord. The U.S. banking system is a network of institutions that are highly leveraged and whose financial health bears directly on the health of our broader economy. Significant problems or a lack of financial flexibility at many small banks, or at one or more large systemically important banks, can have contagion effects that impose significant costs on the deposit insurance funds and the overall economy.
The Federal Trade Commission (FTC) is responsible for economic issues that affect both consumers and businesses. Its primary function is to help maintain a competitive market environment that benefits both sides and in this respect, identity theft is seen as negatively affecting both consumers and businesses. In an effort to combat this problem, the FTC provides information and resources that enables the development of effective countermeasures against identity theft. The FTC has developed a website that gives information on how to deter the threat of identity theft, which it refers to as a "one stop national resource" to learn about identity theft. The website provides material that defines identity theft and procedures to deal with it if it occurs.
The Agencies are proposing Red Flag Regulations that adopt a flexible risk-based approach similar to the approach used in the "Interagency Guidelines Establishing Information Security Standards" issued by the Federal banking agencies (FDIC, Board, OCC and OTS), the "Guidelines for Safeguarding Member Information" issued by the NCUA, and the "Standards for Safeguarding Customer Information" issued by the FTC, (collectively, Information Security Standards), to implement section 501(b) of the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. 6801. Under the proposed Red Flag Regulations, financial institutions and creditors must have a written Program that is based upon the risk assessment of the financial institution or creditor and that includes controls to address the identity theft risks identified.
The Fair and Accurate Credit Transaction Act of 2003 (FACTA) added new sections to the federal Fair Credit Reporting Act (FCRA, 15 U.S.C. 1681 et seq.), intended primarily to help consumers fight the growing crime of identity theft. Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in FACTA. (Pub. L. 108-159, 111 Stat. 1952) This is all good news for consumers. However, consumers came out on the losing end when Congress virtually barred states from adopting stronger laws. The Notes section at the end of this guide has more information about Congressional pre-emption of state laws.
The purpose of this document is to present recommendations for Personal Identity Verification (PIV) card readers in the area of performance and communications characteristics to foster interoperability. This document is not intended to re-state or contradict requirements specifically identified in Federal Information Processing Standard 201 (FIPS 201) or its associated documents. It is intended to augment existing standards to enable agencies to achieve the interoperability goal of Homeland Security Presidential Directive 12 (HSPD-12). The document provides requirements that facilitate interoperability between any card and any reader. Specifically, the recommendations are for end-point cards and readers designed to read end-point cards.
E-mails to financial institution customers that fraudulently claim to be from the FDIC attempt to obtain highly sensitive personal information, including bank account information. These e-mails falsely indicate that consumers can enroll in an "FDIC protection system" to insure bank accounts against certain types of fraudulent activities. The Federal Deposit Insurance Corporation (FDIC) has received numerous notifications from consumers of an e-mail that has the appearance of being sent from the FDIC. The "From" line of the e-mail displays the name "Federal Deposit Insurance Corporation" and the subject includes the phrase "IMPORTANT: Notification of Federal Deposit Insurance Corporation."
Why GAO Did This Study
GAO was asked to examine (1) financial institutions' use of resellers; (2) federal privacy and security laws applicable to resellers; (3) federal regulators' oversight of resellers; and (4) regulators' oversight of financial institution compliance with privacy and data security laws. To address these objectives, GAO analyzed documents and interviewed representatives from 10 information resellers, 14 financial institutions, 11 regulators, industry and consumer groups, and others.
The federal financial institution regulatory agencies and the Federal Trade Commission are soliciting comments on a Notice of Proposed Rulemaking (NPRM) concerning identity theft "red flags" and address discrepancies. The NPRM, which has been reviewed and approved by each of the listed agencies, implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The regulations that the agencies are jointly proposing would require each financial institution and creditor to develop and implement an identity theft prevention program that includes policies and procedures for detecting, preventing, and mitigating identity theft in connection with account openings and existing accounts. The proposed regulations include guidelines listing patterns, practices, and specific forms of activity that should raise a "red flag" signaling a possible risk of identity theft. Under the proposed regulations, an identity theft prevention program established by a financial institution or creditor would have to include policies and procedures for detecting any "red flag" relevant to its operations and implementing a mitigation strategy appropriate for the level of risk.
FinCEN's primary function is to support and strengthen domestic and international anti-money laundering efforts through coordination and partnerships. Since its creation in 1990, FinCEN has been responsible for overseeing the management, processing, storage and dissemination of Bank Secrecy Act (BSA) data. In 2004, FinCEN embarked on a major initiative intended to improve the sharing of information reported under the Bank Secrecy Act. BSA Direct is an umbrella project intended to provide secure, user-friendly, web-based tools for accessing, analyzing, and filing BSA data. It is part of a broad effort to reengineer data management responsibilities and transition them from the IRS. During the early spring of 2006, it became clear to FinCEN that the Retrieval and Sharing component of the BSA Direct project (BSA Direct R&S) was not going to meet the critical implementation deadline of June 30, 2006. Objectives Because FinCEN has experienced problems with development and implementation of the BSA Direct R&S, you asked us about the project's current status and to provide observations on FinCEN's IT investment management practices. Our objectives were to (1) describe BSA Direct R&S and the project's current status; (2) examine FinCEN's application of information technology (IT) investment management processes to the BSA Direct R&S project; and (3) describe, at a high level, the range of options FinCEN may consider as it reexamines the BSA Direct R&S project.
The Federal Deposit Insurance Corporation (FDIC) announced that it will hold a symposium on the importance of continued consumer confidence in e-commerce in San Francisco on June 23, 2006 at the Hyatt Regency Hotel. The half-day meetings will bring together experts from the government and private sector to discuss ways to combat on-line identity theft and help find ways to maintain public confidence in e-commerce. The meeting will run from 7:30 a.m. to 1:00 p.m. Key note speaker Charlene Zettel, Director, California Department of Consumer Affairs will set the stage for the day's event. The first panel will focus on Ensuring Integrity in Payment Systems while the second panel will address Building Confidence by Managing Risk in E-Commerce. The third panel will address Consumer Rights and Resources in an E-Commerce World. The symposium is free of charge and open to both industry and the public participants.
On May 22, 2006, the U.S. Department of Veteran Affairs (VA) published a notice that electronic data on approximately 26.5 million veterans and some spouses may have been compromised. The VA is working with law enforcement, Congress, the media, veteran services, and other government agencies to ensure that veterans and their families are protected against potential misuse of that data. Please refer to the VA Web site at www.va.gov for additional information on this security incident. While no specific fraud related to the VA incident has been detected, the growing trend of data breaches occurring in both the private and public sectors raises concerns that personal information may be used to commit identity theft. The FDIC, as a member of the President's Identity Theft Task Force, urges financial institutions to be vigilant against the misuse of personal information for both new and existing customers. Additionally, financial institutions have an obligation to verify the identity of persons seeking to open new accounts and to safeguard customer information against unauthorized access or use.
National Credit Union Administration (NCUA) Board Member Gigi Hyland represented the agency yesterday at the inaugural meeting of President Bush's Identity Theft Task Force. On May 10, 2006, the President signed an Executive Order for the purpose of strengthening federal efforts to protect against identity theft. The Order establishes the Task Force and provides that it will be co-chaired by the Attorney General and the Chairman of the Federal Trade Commission. Task Force membership includes representatives from the other executive branch departments as well as representatives from all of the federal financial regulatory agencies.
The Office of Thrift Supervision (OTS) is encouraging savings institutions to take advantage of a new Treasury Department program to educate their customers on identity theft prevention and remedies. The program, available to institutions on a DVD, entitled Identity Theft: Outsmarting the Crooks, informs consumers on protecting themselves against identity theft. The Treasury Department launched the DVD, created by the Department's Critical Infrastructure Protection Office, on January 26th. The DVD educates consumers on what identity theft is, how they can protect themselves, and what they should do if they become victims of identity theft. It covers topics such as: online safety, access to credit reports, taxpayer vulnerabilities to identity theft, and how to deal with debts and debt collectors in connection with identity theft.
The Financial Crimes Enforcement Network today announced it is issuing a survey to banking and financial services industry trade groups seeking information about the feasibility and impact of implementing a cross-border wire transfer reporting requirement under the Bank Secrecy Act. The survey, which is required by the Intelligence Reform and Prevention Act of 2004, is part of an ongoing study into the feasibility of imposing a requirement that financial institutions to report to FinCEN records that they currently maintain concerning international wire transfers. The survey, which is required by the Intelligence Reform and Prevention Act of 2004, is part of an ongoing study into the feasibility of imposing a requirement that financial institutions report to FinCEN records that they currently maintain concerning international wire transfers. The American Bankers Association, the Institute of International Bankers, the Credit Union National Association, the Independent Community Bankers of America and representatives of major money wire services are assisting in this effort by distributing this survey to their membership.
The "Insider Activities" booklet is one of several booklets in the Comptroller's Handbook that will be published under the theme of corporate governance. This booklet provides guidance on how banks may legally and prudently engage in transactions with insiders and implement risk management processes that provide for the appropriate control and monitoring of insider activities. This booklet also provides guidance on how examiners will review and assess insider activities during the supervisory process.
A bank should engage in safe and sound business and personal transactions with its insiders, consistent with law and regulation. Transactions between a bank its insiders can address legitimate banking needs and serve the interests of both parties. The challenge is to separate legitimate insider financial relationships from those that are, or could become, abusive, imprudent, or preferential. Studies of bank failures have found that insider abuse, including excessive or poor quality loans made, and unjustified fees paid, to directors and officers, is often a contributing factor to the failure. Because of the significant risks that insider activities can pose, activities are subject to strict laws and ethical guidelines.
Welcome to the fifth issue of the The SAR Activity Review - By the Numbers, a compilation of statistitcal data gathered from Suspicious Activity Report forms submitted by depository institutions since April 1996, casinos and card clubs since August 1996, certain money services businesses since January 2002, and certain segments of the securities and futures industries since January 2003. By the Numbers serves as a companion piece to the publication of The SAR Activity Review - Trends, Tips & Issues, which provides inforamtion about the preparation, use, and utility of Suspicious Activity Reports.
By the Numbers is produced twice a year to cover two filing periods: January 1 to June 30 and July 1 to December 31. The statistical data from the filing periods is available for publication on the FinCEN website after the end of each period, usually in the spring and fall. The last issue of By the Numbers was published in May 2005 and may be accessed through the following link:
This Advisory warns financial institutions about the potential for fraudulent transactions involving hurricane relief monies. To assist law enforcement, we request that financial institutions include key terms in the narrative portions of all Suspicious Activity Reports filed relating to possible hurricane relief fraud schemes. In the wake of the devastating Hurricanes Katrina, Rita, and Wilma that struck during the past year, an unusually large amount of emergency financial assistance has been distributed to storm victims in many parts of the country. The Department of Justice’s Hurricane Katrina Fraud Task Force (“Task Force”), which Attorney General Alberto Gonzales established in September 2005, has been vigorously prosecuting all types of fraud relating to the three hurricanes.
Comptroller of the Currency John C. Dugan said today that most bank customers don’t find the privacy notices they receive to be especially useful and said an ongoing interagency process to simplify those notices will better serve banks and their customers. That’s partly because the statutory requirements are complex and mandate a host of very specific disclosures, the Comptroller said. In addition, the regulations implementing the law encourage the use of legal terms in notices. Finally, there was no requirement in the law or regulations for uniformity or consistency among institutions in the way the information is presented. “When you combine these three factors, the result is what we have today: notices with too much information, too many legal terms, and too much variability in presentation from institution to institution,” Mr. Dugan said in a speech to a meeting sponsored by the American Law Institute and the American Bar Association.
The purpose of this bulletin is to provide banks with guidance on how to respond to incidents of Web-site spoofing. The bulletin addresses procedures banks can implement to mitigate the risks to themselves and their customers by detecting and responding to Web-site spoofing. It also identifies the types of information banks can provide to law enforcement authorities to assist in investigating illegal activities. This bulletin expands on OCC Alert 2003-11, “Customer Identity Theft: E-mail-Related Fraud Threats,” September 12, 2003.
Financial institutions are actively evaluating and implementing wireless technology as a means to reach customers and reduce the costs of implementing new networks. In light of this fast-developing trend, the Federal Deposit Insurance Corporation (FDIC) is providing financial institutions with the following information about the risks associated with wireless technology and suggestions on managing those risks. Please share this information with your Chief Information Officer.
To assure that prudent practices are being followed by banking institutions in their funds transfer activities, examinations should focus, with equal emphasis, on the evaluation of credit risks and operational controls. Deficiencies disclosed in either of these areas and suggestions for improvement should be discussed with management and listed in the Report of Examination. Constructive criticism by the examiners should help the institutions strengthen procedures to minimize the risks associated with funds transfer activities. Refer to the Electronic Funds Transfer (EFT) Examination Documentation module for further guidance.
The Federal Deposit Insurance Corporation (FDIC) today released an on-line multimedia education tool that consumers can use to learn how to better protect their computers and themselves from identity thieves. The presentation also features actions consumers can take if their personal information has been compromised. Identity theft continues to be one of the fastest growing crimes in the United States, and has ranked as one of the top consumer concerns for the past several years. Identity theft is evolving in more complicated ways that make it harder for consumers to protect themselves, and easier for criminals to set up virtual storefronts on the Internet to sell confidential personal information.
The Financial Crimes Enforcement Network and the federal banking agencies – the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision – are issuing the attached guidance to notify institutions when a Suspicious Activity Report (SAR) can be shared with a holding company or other controlling company, or with the head office of a U.S. branch or agency of a foreign bank.
The Financial Crimes Enforcement Network (FinCEN) has announced the final regulation implementing the international correspondent banking provisions and the private banking provisions of Section 312 of the USA PATRIOT Act. Concurrently, FinCEN has released a further notice of proposed rulemaking on one key issue regarding correspondent banking. To view the final and proposed rules, along with a press release and fact sheet from FinCEN, visit FinCEN's Web site at http://www.fincen.gov/section312.pdf.
Highlights: The final regulation takes effect within 90 days from the date the regulation is published in the Federal Register (anticipated by January 4, 2006) for new accounts opened by U.S. financial institutions and 270 days from that date for existing accounts.
The final rule requires certain U.S. financial institutions to apply due diligence to correspondent accounts maintained for certain foreign financial institutions and private banking accounts maintained for foreign individuals.
You are receiving this information because you have notified a consumer reporting agency that you believe that you are a victim of identity theft. Identity theft occurs when someone uses your name, Social Security number, date of birth, or other identifying information, without authority, to commit fraud. For example, someone may have committed identity theft by using your personal information to open a credit card account or get a loan in your name. For more information, visit www.consumer.gov/idtheft or write to: FTC, Consumer Response Center, Room 130-B, 600 Pennsylvania Avenue, N.W. Washington, D.C., 20580. The Fair Credit Reporting Act (FCRA) gives you specific rights when you are, or believe that you are, the victim of identity theft. Here is a brief summary of the rights designed to help you recover from identity theft.
Following a public comment period, the Federal Trade Commission has issued final summaries of identity theft and general consumer rights and revised furnisher and user notices under the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Consumer reporting companies are required to notify consumers of their rights under FACTA and steps they can take to protect themselves against identity theft and difficulties resulting from identity theft.
The identity theft rights summary includes the major new identity theft rights granted to consumers by FACTA, including the right to place fraud alerts on their credit reports, to block businesses and credit bureaus from reporting information in their credit files that is a result of identity theft, and to obtain from businesses information about accounts or transactions in their name that result from identity theft. The identity theft rights summary will be provided by consumer reporting companies to consumers who contact the agencies because they believe they are victims of fraud or identity theft.
The Federal Trade Commission today said that provisions of the recently enacted Fair and Accurate Credit Transactions Act will help reduce identity theft and help victims recover. In testimony to the House Ways and Means Committee’s Subcommittee on Social Security, Howard Beales, Director of the FTC’s Bureau of Consumer Protection, said that many of the provisions will go into effect over the course of this year.
The testimony says one of the newly enacted provisions requires the three major credit reporting agencies to provide consumers with a free copy of their own credit report every 12 months. The requirement will become effective in December but will be phased in over nine months from West to East. The reports allow consumers to discover and correct errors in their credit records and to assure that accounts have not been fraudulently opened in their names.
Fight Back: What You Can Do about Identity Theft
If you think your identity has been stolen, here's what to do now: Contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts. Once the alert is placed, you may order a free copy of your credit report from all three major credit bureaus. The special toll-free numbers for the fraud departments are: Equifax at (800) 525-6285, Experian at (888) 397-3742 and Trans Union at (800) 680-7289. Close the accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit when disputing new unauthorized accounts.
File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
This guidance identifies risks associated with public Internet instant messaging (IM)1 and how they can be mitigated through an effective management program. Public IM may be used by employees both officially and unofficially in work environments. The use of public IM may expose financial institutions to security, privacy, and legal liability risks because of the ability to download copyrighted files. Technology vendors have released IM products for corporate use that authenticate, encrypt, audit, log and monitor IM communication. These new corporate enterprise products help financial institutions use IM technology in a more secure environment and assist in compliance with applicable laws and regulations.
The FDIC is issuing the attached guidance to financial institutions recommendingan effective spyware prevention and detection program based on an institution’s risk profile. This guidance and the attached informational supplement discuss the risks associated with spywarefrom both a bank and consumer perspective and provide recommendations to mitigate these risks.
The federal bank and thrift regulatory agencies have jointly issued final guidelines to implement section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Section 216 is designed to protect consumers against the risks associated with identity theft and other types of fraud. The guidelines require the proper disposal of consumer information. The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (agencies) have adopted the attached final rule to implement section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Section 216 of the FACT Act is designed to protect a consumer against the risks associated with identity theft and other types of fraud.
Under the final rule, the agencies have amended their "Guidelines Establishing Standards for Safeguarding Customer Information," as mandated by the Gramm-Leach-Bliley Act, to require the proper disposal of consumer information. The guidelines have been renamed "Interagency Guidelines Establishing Information Security Standards."
This advisory letter informs national banks about two areas of consumer bank fraud—identity theft and pretext calling—and advises them about measures to prevent and detect these types of fraud. The Gramm–Leach–Bliley Act (GLBA), enacted in 1999, directs the federal banking agencies (the Agencies) to ensure that banks have policies, procedures, and controls in place to prevent the unauthorized disclosure of customer financial information and to deter and detect fraudulent access to such information.1 The Agencies recently adopted guidelines for the safeguarding of customer information by financial institutions.2 The advisory letter supplements those guidelines by focusing on the protection of customer information specifically against identity theft and pretext calling. Identity theft is the fraudulent use of an individual’s personal identifying information. Often, identity thieves will use another individual’s personal information such as a social security number, mother’s maiden name, date of birth, or account number to fraudulently open new credit card accounts, charge existing credit card accounts, write checks, open bank accounts or obtain new loans.
Successful frauds tend to be replicated until they no longer work. Financial institutions can help reduce identity theft, including account hijacking, by encouraging information sharing so that identity theft frauds are thwarted sooner. A number of such information-sharing efforts are noteworthy including those sponsored by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Anti-Phishing Working Group (APWG), the Identity Theft Assistance Corporation (ITAC), and Infragard, in addition to individual financial institution Web sites.
Since 1998, when identity theft first became a federal crime, a number of statutes and regulations have clarified impermissible use of personal information and offered greater tools to law enforcement. However, no law or regulation is focused solely on account hijacking. These changes in federal law have either established standards for protecting information, provided consumers with more information about their credit history so they can be more vigilant in protecting their own identity, or increased criminal penalties for identity theft and enforcement tools in an effort to deter it. Each of these approaches is discussed below.
These examination procedures are derived from the interagency Guidelines Establishing Standards for Safeguarding Customer Information, as mandated by Section 501(b) of the Gramm-Leach-Bliley Act of 1999. The guidelines address standards for developing andimplementing administrative, technical, and physical safeguards to protect the security,confidentiality, and integrity of customer information.
The guidelines require each institution to implement a comprehensive written informationsecurity program that includes administrative, technical, and physical safeguards appropriate tothe size and complexity of the institution and the nature and scope of its activities. While allparts of the institution are not required to implement a uniform set of policies, all elements of theinformation security program must be coordinated.
The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision jointly requested comment today on a proposed rule establishing standards for safeguarding confidential customer information. The proposed rule would implement section 501 (b) of the Gramm-Leach-Bliley Act (GLBA).
The law requires the agencies to establish standards for financial institutions relating to administrative, technical and physical safeguards for customer records and information. These safeguards are intended to ensure the security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security or integrity of these records and protect against unauthorized access to or use of these records or information that would result in substantial harm or inconvenience to a customer.
The federal bank and thrift regulatory agencies have sent to the Federal Register joint guidelines for safeguarding confidential customer information. The guidelines implement section 501(b) of the Gramm-Leach-Bliley Act (GLBA), and will be effective on July 1, 2001.
The GLBA requires the agencies to establish standards for financial institutions relating to administrative, technical and physical safeguards for customer records and information. These safeguards are to ensure the security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security or integrity of these records, and protect against unauthorized access to or use of these records or information that would result in substantial harm or inconvenience to a customer.
The purpose of this bulletin is to alert you to the joint-agency issuance of the attached final "Guidelines Establishing Standards for Safeguarding Customer Information" and to highlight provisions of these guidelines. The guidelines are mandated by Section 501 of the Gramm-Leach-Bliley Act of 1999 (GLBA), and are effective July 1, 2001. The guidelines affect all national banks, federal branches and federal agencies of foreign banks, and any subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisors).1 The guidelines describe the Office of the Comptroller of the Currency's (OCC's) expectations for the creation, implementation, and maintenance of a comprehensive information security program. BACKGROUND Section 501 of the GLBA requires the OCC and other federal banking agencies to establish appropriate standards for the administrative, technical, and physical safeguards for customers' "nonpublic personal information." The OCC has done so by issuing guidelines that require each national bank to establish an information security program.
A bank's information security program must be designed to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information that would result in substantial harm or inconvenience to any customer.
The Agencies are jointly issuing final Guidance that interprets the requirements of section 501(b) of the GLBA, 15 U.S.C. 6801, and the Security Guidelines2 to include the development and implementation of a response program to address unauthorized access to, or use of customer information that could result in substantial harm or inconvenience to a customer. The Guidance describes the appropriate elements of a financial institution’s response program, including customer notification procedures. Section 501(b) required the Agencies to establish standards for financial institutions relating to administrative, technical, and physical safeguards to: (1) ensure the security and confidentiality of customer information; (2) protect against any anticipated threats or hazards to the security or integrity of such information; and (3) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
On February 1, 2001, the Agencies issued the Security Guidelines as required by section 501(b) (66 FR 8616). Among other things, the Security Guidelines direct financial institutions to: (1) identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems; (2) assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and (3) assess the sufficiency of policies, procedures, customer information systems, and other arrangements in place to control risks.
In 2001, NCUA amended 12 CFR Part 748 to fulfill a requirement in Section 501 of the Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA), in which Congressdirected both NCUA and the other Federal Financial Institution Examination Council (FFIEC ) agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Banking Agencies”) to establish standards for financial institutions relating to administrative, technical, and physical safeguards to: (1) insure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of such records; and (3) protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer. Although NCUA worked with the Banking Agencies to develop the standards described above, the Banking Agencies issued their standards as guidelines under the authority of Section 39 of the Federal Deposit Insurance Act.
Since Section 39 of the Federal Deposit Insurance Act does not apply to NCUA, the NCUA Board determined that it could best meet the congressional directive to prescribe standards through an amendment to its existing regulation governing security programs for federally insured credit unions and by providing guidanceto credit unions, substantially identical to the guidelines issued by the Banking Agencies, in an appendix to the regulation. 12 CFR Part 748, Appendix A; 66 FR 8152 (January 30, 2001). The preamble to the final rule discusses the different regulatory framework under which the Banking Agencies issued their guidelines. The final regulation requires each federally insured credit union to establish and maintain a security program implementing the safeguards required by GLBA.
E-mail and Internet-related fraudulent schemes, such as “phishing” (pronounced “fishing”), are being perpetrated with increasing frequency, creativity and intensity. Phishing involves the use of seemingly legitimate e-mail messages and Internet Web sites to deceive consumers into disclosing sensitive information, such as bank account information, Social Security numbers, credit card numbers, passwords, and personal identification numbers (PINs). The perpetrator of the fraudulent e-mail message may use various means to convince the recipient that the message is legitimate and from a trusted source with which the recipient has an established business relationship, such as a bank. Techniques such as a false “from” address or the use of seemingly legitimate bank logos, Web links and graphics may be used to mislead e-mail recipients.
I. INTRODUCTION Purpose and Scope of the Guide This Small-Entity Compliance Guide1 is intended to help financial institutions2 comply with the Interagency Guidelines Establishing Information Security Standards (Security Guidelines).3 The guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. The appendix lists resources that may be helpful in assessing risks and designing and implementing information security programs. Although this guide was designed to help financial institutions identify and comply with the requirements of the Security Guidelines, it is not a substitute for the Security Guidelines. Moreover, this guide only addresses obligations of financial institutions under the Security Guidelines and does not address the applicability of any other federal or state laws or regulations that may pertain to policies or practices for protecting customer records and information.
Weblinking:
Identifying Risks & Risk Management Techniques ENCL:
Weblinking Guidance The purpose of this letter is to assist
credit unions in identifying risks posed by the use of weblinks on
their websites and suggest a variety of risk management techniques to
mitigate these risks. A large number of credit unions maintain
sites on the World Wide Web. Virtually every website contains weblinks.
A weblink is a word, phrase, or image that contains coding that will
transport the viewer to a different part of the website or a completely
different website by clicking on it. While weblinks are a convenient
and accepted tool in website design, their use can present certain risks.
The primary risk posed by weblinking is viewer confusion about whose
website they are viewing and who is responsible for information, products,
and services available through that website. Credit unions using weblinks are encouraged
to review the enclosed guidance that was developed jointly with other
federal regulatory agencies. This guidance applies to credit unions
that develop and maintain their own websites, as well as those using
service providers for these functions. This letter supercedes NCUA Letter 02-FCU-04.
If you have any questions, please contact your NCUA Regional Office
or State Supervisory Authority.
The OCC, FRB, FDIC, and OTS are issuing the attached final “Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.” The guidance was published in the Federal Register on March 29, 2005, and became effective upon publication. The guidance interprets the Interagency Guidelines Establishing Information Security Standards (Security Guidelines)[1] and states that each financial institution should implement a response program to address unauthorized access to customer information maintained by the institution or its service providers. The guidance describes the components that a response program should contain including procedures to notify customers about incidents that involve unauthorized access to sensitive customer information. The guidance provides that, “when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible.” However, notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation and provides the institution with a written request for a delay.
WASHINGTON- Comptroller of the Currency John C. Dugan approved today an advance notice of proposed rule making (ANPR) seeking public comment on a proposal intended to improve risk-based capital rules for U.S. institutions without the expense and complexity of the Basel II framework. The U.S. banking agencies plan to address implementation of the Basel II framework in a separate rulemaking. "Our primary goal is to increase the risk sensitivity of our domestic risk-based capital rules without unduly increasing regulatory burden," Comptroller Dugan said. "This is no small challenge and we cannot easily accomplish that goal without substantial input from the banking industry and other interested parties." Current risk-based capital rules are the same for all banks. The OCC has heard concern voiced by a number of banks and industry groups that banks operating under Basel II might gain a competitive edge over banks that would not be governed by the Basel II framework.
">U. S. Implementation of Basel II: Objectives of Basel Accord Advance a “three- pillar ” approach –Pillar 1 - - minimum capital requirement –Pillar 2 - - supervisory oversight –Pillar 3 - - heightened market discipline Develop a measure of capital that is: –more risk sensitive than the current approach –better suited to the complex activities of internationally-active banks –capable of adapting to market and product evolution
assessments of capital adequacy
FACILITATING AFFILIATION AMONG BANKS, SECURITIES FIRMS, AND INSURANCE COMPANIES
The Patriot Act, and How It Applies to the Banking Industry: The U.S. Department of the Treasury issued a final rule on September 26, 2002, to implement Section 314 of the USA PATRIOT Act that adds sections 103.100 and 103.110 to the Bank Secrecy Act regulations. These sections establish procedures that encourage information sharing between governmental authorities and financial institutions, and among financial institutions themselves. The new section 103.100 establishes a mechanism for law enforcement to communicate names of suspected terrorists and money launderers to financial institutions in return for securing the ability to promptly locate accounts and transactions involving those suspects. Financial institutions receiving names of suspects must search their account and transaction records for potential matches and report positive results to Treasury's Financial Crimes Enforcement Network (FinCEN) in the manner and time frame specified in the request. Each financial institution must designate a point of contact to receive information requests. FinCEN has prescribed that each financial institution supply point of contact information to its primary federal regulator. If you have not already done so, send by e-mail to FDICAdvisory@fdic.gov or by mail to FDIC, Special Activities Section, 550 17th Street NW, Washington, DC 20429, the following information: name of institution, name of point of contact, title, mailing address, e-mail address, telephone number, and fax number. Changes in contact information must be promptly reported.
Guidance on Developing an Effective Pre-Employment Background Screening
Summary: The Federal Deposit Insurance Corporation encourages banks to assist those impacted by Hurricane Katrina by honoring handwritten, typewritten, and laser checks issued by certain Social Security Administration Offices.
In 2001, NCUA amended 12 CFR Part 748 to fulfill a requirement in Section 501 of the Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA), in which Congress directed both NCUA and the other Federal Financial Institution Examination Council (FFIEC ) agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Banking Agencies”) to establish standards for financial institutions relating to administrative, technical, and physical safeguards to...
On January 17, 2001, the banking regulatory agencies adopted guidelines implementing Section 501 of the Gramm-Leach-Bliley Act (GLBA). The guidelines require financial institutions to establish a comprehensive and coordinated information security program, appropriate to the size of the bank and the complexity of its operations.
The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision have jointly issued Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. The guidance interprets the agencies’ customer information security standards and states that financial institutions should implement a response program to address security breaches involving customer information. The response program should include procedures to notify customers about incidents of unauthorized access to customer information that could result in substantial harm or inconvenience to the customer. The guidance provides that, "when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused."
>"User names" and passwords should be supported in Internet banking transactions with new and better ways of identifying real customers from fraud artists trying to "highjack" bank accounts, according to an update on identity theft from the Federal Deposit Insurance Corporation (FDIC). "Identity theft, particularly account hijacking, continues to grow as a problem for the financial services industry and for consumers," said FDIC Chairman Don Powell. "Our review illustrates that ID theft is evolving in more complicated ways and that more can and should be done to make online banking more secure." The new findings are in a supplement to an FDIC study issued in December about ways to fight "phishing" scams, in which criminals send fraudulent e-mails to trick consumers into providing confidential financial information that can lead to illegal access to bank accounts. The supplement reviews and responds to public comments that the FDIC received about the original study, identifies the most recent trends in identity theft, and discusses a variety of new technologies that could be used to make Internet banking more secure. In the latest findings, the FDIC concluded that the risk assessment financial institutions are required to perform regarding information security also should address customer authentication. The supplement also said that if an institution offers Internet banking, it has an obligation to properly secure that delivery channel. This extra level of security for online accounts, often referred to as "multifactor authentication," would be used in addition to the traditional passwords. These new security features may include "tokens" issued to customers that generate new passwords every 60 seconds, software that can identify the computer that a customer uses to access online accounts, or contacting a customer by phone to make sure that he or she is the one attempting to access the account.
Section 314(a) of the USA PATRIOT Act of 2001 (P.L. 107-56)1 , required the Secretary of the Treasury to adopt regulations to encourage regulatory authorities and law enforcement authorities to share with financial institutions information regarding individuals, entities, and organizations engaged in or reasonably suspected, based on credible evidence, of engaging in terrorist acts or money laundering activities. FinCEN issued a proposed rule on March 5, 2002, and the final rule on September 26, 2002(67 Fed. Reg. 60,579). Section 314(a) requirements are now published in 31 CFR Part 103.100.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RSS SyndicationCopyright © 2007 BankInfoSecurity.com