Archive for the ‘Business Solutions’ Category
Last Updated on Sunday, 17 June 2012 08:46 Written by Celframe Security Team Sunday, 14 October 2012 09:41
Identity fraud training is one of the main requirements of the Red Flags Rule and there is a good reason for this Federal requirement because once red flags which lead to fraud have been identified through risk assessments and procedures are developed to detect and mitigate such fraud red flags, employees must be provided appropriate training to properly follow established identity theft prevention policies and procedures.
Front line staff are often the ones who face identity thieves as they commit their planned fraud using someone else’s identity. Depending on how transactions are initiated, these front line employees must be aware of how identity fraud occurs, how to detect fraud, and what to do when they detect or even suspect fraud. Internet transactions processors also face online identity fraud as increasingly transactions and communications occur online without physical interaction while certain related processes might occur off line to complete the requests. Depending on whether transactions are initiated offline or online, defined procedures and requirements for identity theft prevention might vary and must be addressed in fraud training materials.
As we discuss the need to provide fraud training to front line employees, we must step back for a moment and note that individuals who track and analyze fraud trends, assess identity theft risks, draft policies and procedures, train employees, and oversee the identity theft prevention program also need to receive fraud training in order to effectively perform their job duties in support of the identity theft program.
Many laws have already laid out private data safeguard and breach management requirements however identity fraud prevention is just beginning to be addressed through the Federal Red Flags Rule. As we start to acknowledge that loss of private information and subsequently identity fraud are inevitable and on the rise, we have arrived at a junction where similar to the Sarbanes-Oxley Act, we have Federal requirements to proactively address identity theft prevention thorough specific steps and one such requirement is fraud training for all employees who are in a position to support any and all aspects of the identity theft prevention program to detect and mitigate fraud.
Fraud training can be administered by qualified internal or external staff through a variety of means. Although the law requires employee training, it does not specify the format and length of the training however as fraud occurs, employee knowledge as well as effectiveness and adequacy of provided training will be assessed by regulators or attorneys to identify whether lack of employee knowledge regarding policies and procedures has led to the recurring identity fraud cases and determine any regulatory violations.
The penalties for violating any aspect of the Red Flags Rule as stated on the FTC website is as follows:
“The FTC can seek both monetary civil penalties and injunctive relief for violations of the Red Flags Rule. Where the complaint seeks civil penalties, the U.S. Department of Justice typically files the lawsuit in federal court, on behalf of the FTC. Currently, the law sets $3,500 as the maximum civil penalty per violation. Each instance in which the company has violated the Rule is a separate violation. Injunctive relief in cases like this often requires the parties being sued to comply with the law in the future, as well as provide reports, retain documents, and take other steps to ensure compliance with both the Rule and the court order. Failure to comply with the court order could subject the parties to further penalties and injunctive relief.”
One specific conclusion that can be drawn from the above statement is that the government regulators will continue to audit the organization which was found to be non-compliant to make sure that they have implemented all identified deficiencies. Therefore it is necessary for management to ensure that their identity theft prevention program is fully in place and operating effectively before the regulators do.
The Certified Red Flag Specialist (CRFS) designation is the identity fraud certification developed to provide the necessary fraud training for preventing identity theft, reducing fraud costs, and complying with the Red Flags Rule. The CRFS identity fraud certification not only provides the required training for identity theft management and compliance but it also includes an examination to assess and certify the knowledge of candidates regarding identity fraud prevention requirements.
For any fraud training or certification questions, please visit Identity Management Institute.
Stolen Social Security Number
Last Updated on Sunday, 17 June 2012 08:46 Written by Celframe Security Team Wednesday, 10 October 2012 05:28
By Henry Bagdasarian
I heard on National Pubic Radio (NPR) that about 10% of children face stolen social security number (SSN) cases. Although social security number theft affects people of all ages, races and genders, children are more vulnerable to the misuse of their social security numbers because first, their parents do not periodically and actively monitor their identities and second, they do not engage in transactions whereby identity fraud may be detected due to the verification of their personal records or credit to process the transaction.
The specific child identity theft story I heard on NPR reported by Andrea Smardon was about a child whose parents discovered that their child’s SSN was stolen and misused before the child was born. Yes, what attracted my attention to this stolen social security number story was that the personal identifier which happened to be the SSN in this case was stolen and used by identity thieves before the Social Security Administration (SSA) issued and assigned the number to the child when she was born. This incident of an SSN being misused before the SSA formally issued the number raises many questions but primarily what steps does the SSA take to ensure the social security numbers that it issues and assigns to new borns are clear of any fraud and misuse? How could the SSA unknowingly issue stolen social security numbers? I am certain that the SSA does not knowingly issue a stolen social security number but I wonder which scenario is worse.
Misuse of stolen Social security numbers is not an uncommon occurrence and in fact when we consider the negligence applied by all parties, we can see the storm clouds present over the protection and integrity of social security numbers as personal identifiers. First, as evidenced in this reported incident, we learn that the SSA is issuing social security numbers which already exist and are in full circulation within our society, next, given the number of employment and credit identity theft cases, we can assume that employers and creditors are not doing a good job at verifying the connection of a given SSN to the person who is providing the SSN as their own identifier, and third, people fail to monitor their identities especially the social security number of their children looking for potential signs of stolen social security number and identity fraud possibly due cost considerations or lack of awareness. The combination of these careless behaviors by all parties leads to increase risks of stolen social security number and misuse.
The worst part of the theft of a social security number is the aftermath of such cases. As I continued to listen to this story, I could not believe that parents who discover that their child’s identity has been stolen and misused for many years have no immediate and quick solution. Given that identity theft is relatively a new crime at the scale that we see today; the police departments don’t have clear directions about what to do to help minor victims of identity theft and their parents. In this particular case and surprisingly, the Social Security Administration even refused to take responsibility and help the parents correct the issue that they helped create by failing to verify that the new social security number they were issuing was clean and without any past history. The parents were finally able to attract the attention of their Attorney General to investigate the matter however parents who face child identity theft cases must be patient as it may take months or years to clean a child’s identity history depending on the severity of the cases. But, all the efforts made before the child reaches the legal age to apply for credit or employment is worth it since the young adult will be able to move on with her life without delay and having to fight matters that we created for them before they were born in some cases.
As we can see, social security number theft can occur before a person is born as well as after the SSN is issued regardless of whether the person received the SSN at birth or upon coming to the country as an immigrant.
We need to monitor our identities and look for signs of stolen social security number and if we detect a case of SSN misuse, we need to ask for and receive help from any entity which is willing to help out and clear the negative SSN history as soon as possible. I hope that the Social Security Administration will take the necessary steps to prevent such incidents that they help create by failing to apply due diligence in their SSN management and operations and help those victims who report SSN misuse and desperately look for help.
Sign up for the Identity Theft Newsletter to receive periodic announcements of new articles such as this stolen social security number.
Last Updated on Monday, 26 March 2012 05:41 Written by Celframe Security Team Thursday, 20 September 2012 04:04
Placing fraud alerts or fraud warnings on your credit reports is a good identity theft prevention control. You need to place them on your credit reports as soon as you discover or even suspect possible identity theft. There are currently two types of alerts that you can place on your credit reports; initial alert and extended alert.
The purpose of the alerts placed on your credit reports is to alert the businesses which do business with you regarding your possible identity theft and fraud case and encourage them to contact you and confirm your identity if a transaction is initiated under your name. This is to make sure someone else is not getting loans or opening new credit accounts under your name for example. Although this may not be effective in stopping your identity theft if businesses do not contact you to validate your identity, you may have legal options in case of an identity theft if it occurs after you placed the alerts. Plus, it's better than having no control at all. To validate your identity, businesses will call you at home or your business number available on your credit files. That’s why it’s a good idea to have your current phone number properly listed and validated with the credit reporting agencies to help businesses find you as quickly as possible.
You may place a fraud warning by contacting the credit reporting agencies and it may take them 24 hours to activate the alert on your credit files and send you the confirmation.
An initial alert placed with any of the 3 credit reporting agencies stays on your credit report for 90 days and you should typically place an initial alert when you suspect you are a victim of identity theft or are even about to become one. It’s a very good idea to place an initial alert if and when you lose your identity cards, passport, wallet or any other identity component, which cannot be readily found. Although, the credit agency where you placed your fraud alert is required to share the information with the other 2 agencies, it’s always a good idea to contact the other ones as well and place separate alerts just in case there is a failure in the process which I’m sure is extremely rare, right? I mentioned placing an initial alert on your credit report is a good idea when you suspect someone is either using or even considers using your financial identity, and I also suggested placing fraud alerts when you lose your personal information like a credit card to prevent potential identity theft. What I would also add to my statements is to place a fraud alert on your credit reports at all 3 agencies regardless of your suspicions of someone using your identity or whether you have lost your personal information because I just think that businesses should validate an identity before completing transactions anyway and they need to be reminded if they forget to do so. You should consider placing a fraud alert and then renewing that alert every 90 days. This way, you know for sure creditors are warned to contact and validate your identity before granting credit by opening new accounts. If you're worried about remembering when to renew, don't worry, many companies now provide automated services to place and renew the alerts. This is the latest control and most effective in preventing identity theft other than credit or security freeze implemented in some states and being considered in others which will require your involvement to lift the freeze before agencies can release your credit reports to creditors.
Placing fraud warning or alerts on your credit files is a great way to prevent credit identity theft if businesses take them seriously and some identity theft prevention services sold in the market these days can place the alerts for you and automatically renew the alert every 90 days for a fee. So, if you have tendency to forget or have little time for placing and renewing fraud alerts, consider subscribing to such services which according to recent statistics greatly reduce the risk of identity theft by asking creditors to contact you in order to open new accounts or extend existing credit limits. The only problem with fraud alerts in my opinion is that businesses may not take the alerts seriously enough to validate identities before granting credit as more people routinely place them these days, although I think it makes a of business sense to do so. However, the Red Flags Rule clearly requires businesses to take them seriously and verify identities before granting a new line of credit.
You can place your free initial fraud alert at either or both links below:
Equifax Fraud Website
TransUnion Fraud Website
You can also place an extended alert on your credit reports when in fact you have become an identity theft victim. To place an extended fraud alert, you will need an identity theft report. The extended alert will stay on your report for 7 years, but don't worry; you can remove the alerts at any time by contacting the agencies. An extended report also entitles you to 2 free credit reports from each one of the 3 agencies.
Learn why credit freeze may be a better option than fraud alerts for some people.