Identity Theft: How To Protect Consumers
Anne Wallace, president of the Identity Theft Assistance Center, says financial institutions must implement best practices to protect their customers' identities.
In this interview, Wallace discusses:
- How banking institutions can better protect and educate consumers about identity theft;
- Why it is so critical to implement tools and practices that help consumers and institutions detect potential breaches that could compromise identity;
- Why institutions must stay ahead of fraud risks associated with emerging technology, such as mobile banking and social networking.
Wallace is President of the Identity Theft Assistance Corp., a nonprofit corporation that operates ITAC, the Identity Theft Assistance Center. As the industry center of expertise, ITAC and its member companies fight identity theft through identity protection and victim assistance services, law enforcement partnerships, consumer education and research.
Wallace is a nationally recognized expert on privacy, financial services and payments law. She began her legal career with the Board of Governors of the Federal Reserve Board, where she served as assistant director of the Division of Consumer and Community Affairs and implemented key consumer credit laws, including the Equal Credit Opportunity Act.
TRACY KITTEN: What are the primary customer and member privacy concerns facing financial institutions today? Hi, I'm Tracy Kitten with Information Security Media Group. I'm here today with Anne Wallace, the president of the Identity Theft Assistance Corporation. Hi, Anne, thanks for speaking with us today.
ANNE WALLACE: Hello, it's great to be with you.
KITTEN: Anne, please tell the audience a little bit about the Identity Theft Assistance Center, when it was founded, and what its primary role is.
WALLACE: Well, we're a nonprofit. We were founded seven years ago, to help customers of financial-services companies recover from identity fraud. And what our member companies realized, back in 2003, was that each of them was helping their customers individually, within their own company -- helping that customer close the accounts that were affected, and whatever. But what they realized was that as a group, they could do more, and that their customers really needed additional help, because identity fraud is such an awful emotional experience; and it's difficult to recover from. So, ITAC was formed with an idea of collective action -- that these big companies would get together, work together and help all of their customers at the same time. I would just add that another big part of our mission is to partner with law enforcement; and, again, we realize that, as a group representing all these big companies, we could do more to work with law enforcement to fight this crime.
KITTEN: And how long has the organization been around?
WALLACE: Well, we've actually been around for seven years, legally, but as a corporation, our Victim Assistance Center is coming up on its sixth anniversary. So we have helped 70,000 people over the last six years of operation.
KITTEN: And how many financial institutions are members of ITAC?
WALLACE: Well, all of the companies that are members of the Financial Services Roundtable; so we have 100 big financial-services companies who are members of the Financial Services Roundtable. They're all members, and they all support our mission. There are probably about 35 or so that are directly active in the service, in the sense that they offer the kind of direct customer services that would require the help of a victim assistance service.
KITTEN: And so, what does being a member really mean, from a financial-services or financial industry perspective?
WALLACE: Well, our members are committed to helping customers and fighting identity fraud. So, what it means is they support our educational outreach efforts. ITAC does a lot of educational outreach, both on our website and increasingly in social media -- things like Facebook and so forth, to help people understand what they can do to protect themselves from fraud; and then, if they do become a victim, how to recover. So it's really the support of our educational outreach, and the support of our work with law enforcement, as well as the victim-recovery process.
KITTEN: Sure. And you've probably answered my next question already, which is, how does ITAC balance consumer needs with the needs of its financial-institution members?
WALLACE: We don't see that as a balance. I mean, for us, we're all for customers. I mean, really, this is a service that was created to help people. And our financial-services companies see helping their customers as part of their mission. That's what we do.
KITTEN: Now, identity theft is something that we see crop up quite a bit in the news, and we're hearing quite a bit about it from a regulatory standpoint. How does ITAC define identity theft, and how deep does it go? Does it range from the theft of a consumer Social Security number, for instance, to the interception or misuse of a consumer's address?
WALLACE: Well, you're absolutely right. Identity fraud takes all kinds of aspects and colors. It can be everything from driver's licenses, passports, medical identity fraud and so forth. But, with a lot of these kinds of fraud, it comes back to dollars and cents. It comes back to people being defrauded out of money. So, our service, our recovery service, really focuses on the financial impact of identity fraud. You know, has the consumer experienced new-account fraud? New financial accounts being opened in his or her name, whether they are credit cards or accounts at retailers or utilities or so forth; anything that shows up in a credit-bureau report. That is the sort of damage that we help the consumer, first of all, find -- find out that a fraudulent new account has been opened in your name, which you may not even know about until you get a collection call that the account hasn't been paid. And, also, account take-over. So we also help customers recover from the take-over of a deposit or a credit-card account.
KITTEN: It's interesting you should mention account take-over; that's something that has popped up in the news quite a bit lately, and it is obviously a concern for financial institutions, as well as consumers. How is ITAC helping financial institutions protect their customers and members from identity theft?
WALLACE: Well, again, it goes back to our educational efforts. It is so important to keep talking to people about the old threats, the new threats on a recurring basis. And to keep talking to people about what they can do to protect themselves. I mean, this really is a shared responsibility. It's not something -- finding identity fraud is not something -- that financial institutions can do by themselves. The consumers can't do it by themselves. It's not solely a government responsibility, either. It really takes cooperation and partnership of everybody to prevent the fraud, to fight it once the crime has occurred and to see that it doesn't happen again.
KITTEN: Sure. And talking about some of the regulatory issues, and identity theft kind of being top of mind across the board, how is ITAC helping financial institutions, if at all, comply with and understand the Red Flags Rule?
WALLACE: Well, actually, there's two important ways that we help our member companies fight and comply with the Red Flag requirements. First, as you probably know, the Red Flag requirements talk about helping mitigate the impact of identity fraud, and our service, which, of course, is designed to help consumers recover, is exactly the sort of thing that the regulators are looking for in terms of mitigation of the impact of identity fraud. The second aspect where we help companies comply with Red Flags is in the detection of fraud. So, our member companies use our online service to get notice of potential fraud. For example, if I am using the ITAC service, and say I'm referred by Wells Fargo, and during the discussion with the ITAC agent, I say, "Oh, my goodness! This Capital One account, that's not mine," Capital One will get online notice from ITAC that that account may well be fraudulent. So, it's that kind of notice that helps our companies detect fraud, which is another major part of the Red Flags rule.
KITTEN: What types of gaps do you see in the strategies financial institutions currently have in place, when it comes to protecting consumers' identities? Where could they be doing a better job?
WALLACE: We never relax our efforts with respect to education and prevention. You know, the crooks are ever vigilant, they are ever creative, they are always exploiting new schemes to, you know, extract information, to extract information from consumers. So, it's just a constant process of staying up with what the bad guys are doing, what the technology risks may be, and adapting to how our customers are interacting with us. I mean, the perfect example is the increasing use of mobile -- mobile phones, PDAs -- to do banking business; consumers going online to sites like Facebook, and so forth. I mean, we know that that is what our customers are doing, and, so, there is this constant process of identifying the risks and helping our customers understand and manage those risks.
KITTEN: Anne, over the next 12 months, what should financial institutions be focusing on in the way of identity-theft protection?
WALLACE: Well, I think it really goes back to what I just discussed. It's continually watching the technology to see where are your customers? What are they doing? How are they interacting with both their financial-services company and with each other. But, how are they using that information, and what are we doing to educate our customers and potential customers about protecting themselves? I mean, I still do think there is really a sort of a knowledge gap, just with people understanding that if you put information out there, whether it's on Twitter or Facebook or so forth, it facilitates fraud. You think you're just sharing information with your friends and family, not realizing that other people are listening. I think financial institutions all know how devastating identity theft can be for their customers. I mean, I think they are very empathetic and understanding of that. But I just say that we can't lose sight of that, of how personally people take this crime, how emotionally devastating it is, and to really be tuned into that when you, you know, when you get those calls in the call center or in the branches or whatever from people who really feel as if they have been violated. Try to be responsive to that emotional need, as well as the business need. And I guess the other thing is just reinforcing what I said earlier, about the need to constantly educate people about the emerging risks, and to find as many ways as we possibly can to communicate with people. What are the opportunities to educate? What are the opportunities to communicate about risks? And don't assume that people understand it. My experience is that consumers really want to work with their financial institution; they want to be partners, and they want to hear from us, from the institutions, about what they should be doing. So, I think we have a great opportunity to partner, to educate. Maybe we just have to find different ways, better ways, more ways, you know, to reach people.