Identity Theft Red Flags Rule: A Chance to Take a Stand
"Technically, we don't have a phishing problem," he was told.
Yes, scores of PayPal customers were inundated daily with fake emails. But the fraud was against PayPal customers - not against PayPal itself. In the mix of risks to the company ... phishing wasn't such a concern.
Suddenly, Red Flags Rule compliance can be a way to tell customers 'This is what we're doing to fight Identity Theft.'
Yet whenever Barrett went out socially, all he'd hear was "When are you people going to stop sending me those fake emails?"
Judging from the results of our new Identity Theft Red Flags Rule Compliance Survey, we've got a similar situation re: ID Theft.
Asked who is responsible for fighting Identity Theft, 44% of our respondents put the onus on consumers - only 29% say it's the responsibility of banks and businesses.
They've got a point. The best-known data breaches we've seen to date - TJX and Hannaford - weren't the fault of any banking institution.
And yet when banking/security leaders step out socially, what's the common question they hear? "What are you people doing to fight Identity Theft?"
Well, how about Identity Theft Red Flags Rule compliance?
In the wake of the subprime mortgage crisis and its most recent victims -- IndyMac Bank, First National Bank of Nevada and First Heritage Bank, N.A. -- consumer confidence is shaken. Banking customers need reassurance from their institutions. Suddenly, Red Flags Rule compliance - which, let's be honest, has just been a regulatory exercise for many institutions - can be a way to tell customers "This is what we're doing to fight Identity Theft."
And y'know what? It's a lot more than non-regulated industries are doing to mitigate the threat. Casinos and auto dealers also fall under Identity Theft Red Flags Rule jurisdiction, but do you think the Federal Trade Commission will be routinely examining them for compliance after Nov. 1?
Admittedly, customer confidence wasn't top of mind when we initiated this survey. With roughly one-third of the year left for U.S. financial institutions to meet the Nov. 1 compliance date, we wanted to find out how close they truly are. We also asked:
The responses are enlightening from several angles, revealing new insights on how banking institutions approach Identity Theft Red Flags Rule compliance, what they perceive to be their next big regulatory challenge, and, yes, even their resounding opinion on who ultimately is responsible for fighting identity theft.
But given recent events, it's clear that the next three months are not just about jumping through the right hoops and checking off the box labeled "compliance." This is the banking industry's opportunity to take a stand against identity theft - and make a statement about trust.
Ultimately, perhaps identity theft is a consumer issue. But confidence is the industry's problem, and the Identity Theft Red Flags Rule presents the perfect chance to help strengthen the trust.