Identity theft results in $50-$60 billion in losses annually, according to
the Federal Trade Commission (FTC). The rise of public fear of identity theft and increasing fraud mean that credit unions need to take preventative measures for institutional security.
Security threats are both internal and external. The FTC estimates that 6 percent
of fraud originates from someone within a company or financial institution that
had access to the victim's personal information. Mailings containing sensitive
member information could be compromised internally before they are ever sent.
A recent case involving stolen credit union member information from a large
California marketing firm illustrates an important point: information security
safeguards are only as strong as the weakest link within a credit union and
its network of business partners.
Another problem is member reliance upon paper statements. While consumers detect
half of all unauthorized activity themselves, it typically takes between six
and 36 days to detect fraudulent activity in paper statements.
The industry best practices to limit identity theft include:
- Encouraging members to adopt e-statements and monitor their accounts regularly
- Designing internal safeguards to limit employee access to sensitive data
- Demanding marketing partners and subcontractors maintain high commitments
to data security
Effects of Financial Privacy Legislation on the Credit Union Industry
The public's perception of reckless data-security measures within companies
and financial organizations has drawn criticism from government regulators.
Just last July, U.S. District Courts upheld the California Financial Privacy
Act. The Senate introduced a bill that would extend to the broader American
population the same protections, such as express consent to share financial
data with third parties and extensive notification procedures in the event of
a security breach.
"The privacy of consumers' personal data has never been less secure,"
said bill sponsor Diane Feinstein in response to the District ruling. "Once
the nation sees the benefits that California's consumers reap from the California
Financial Privacy Act, I am hopeful that we will be able to provide the same
protections in federal law."
The implication of such legislation may significantly alter the way financial
institutions and their partners handle personal data. While some credit unions
are already doing a phenomenal job of maintaining tight internal controls, the
massive rise in identity theft crimes has helped fuel a fervor in which the
public is demanding that institutions employ stricter preventative measures
against fraud and eliminate any unnecessary risks. The burden therefore falls
heavily on credit unions to ensure that member information is protected.
Callahan's will host a Webinar entitled Preventing
Online Identity Theft next week.