Tomorrow is February 1st - which is 9 short months away from FACT Act compliance. We are definitely seeing a lot of activity - particularly in the banking segment. Everyone we call is heading into war rooms to begin planning their strategy. What might be most interesting, is that people seem to be more concerned at this point about the documentary aspects of their program - as opposed to the solutions. We are beginning to see that the clock will very quickly be working against everyone, and while everyone will end up with the "program", they will head into the compliance date with something they are looking to replace.
By the way - Anybody have any idea what the typical bank pays for a single piece of mail sent out to a customer??
Thursday, January 31, 2008
Monday, January 28, 2008
Is Emergency Card Replacement Dead?
So here’s a question: Is emergency card replacement or rush shipping dead as we know it? As my ID Insight team continues to pour over the FACT Act Red Flag and Address Discrepancy rules, it’s becoming more apparent that the old way of doing business just won’t cut it anymore.
The FACT Act says that if a customer changes his or her address then calls back within 30 days to request a replacement card, the credit issuer is required to “assess the validity of that address change” before sending out the card. Many small banks and credit unions routinely send letters to verify an address. If we’re reading it correctly, after the November 1 FACT Act compliance date arrives, banks that continue using the mail as an identity-verification system simply won’t be able to send the card until the customer receives -- and is given a reasonable period of time to respond to -- the letter.
We’re digging more deeply into this potentially critical piece of FACT Act language with our industry advisors and attorneys. Are the days of getting a replacement card in less than 24 hours gone?
What do you think? I hope you’ll share your perspective on this, either by posting a comment on this blog or dropping me an email at adam.elliott@idinsight.com.
The FACT Act says that if a customer changes his or her address then calls back within 30 days to request a replacement card, the credit issuer is required to “assess the validity of that address change” before sending out the card. Many small banks and credit unions routinely send letters to verify an address. If we’re reading it correctly, after the November 1 FACT Act compliance date arrives, banks that continue using the mail as an identity-verification system simply won’t be able to send the card until the customer receives -- and is given a reasonable period of time to respond to -- the letter.
We’re digging more deeply into this potentially critical piece of FACT Act language with our industry advisors and attorneys. Are the days of getting a replacement card in less than 24 hours gone?
What do you think? I hope you’ll share your perspective on this, either by posting a comment on this blog or dropping me an email at adam.elliott@idinsight.com.
Wednesday, January 23, 2008
What We’re Learning
When we speak with banks and other financial institutions, we’re confident that our address-discrepancy solutions will be well-received because we know we’re providing a cost-effective, proven solution to a high-profile challenge. But every once in a while, we still get surprised.
Last week in a meeting with a top-10 bank, I made an assumption that they were “looking to check the FACT Act compliance box.” And one of the people in the meeting stopped me right there. “No, that’s not actually the case,” he said. “It’s a given that we’re going to comply. What we’re looking for is how to do it right and benefit our organization.” We went on to talk about how his team saw compliance as an opportunity to take a good look at the company’s processes, then implement efficiencies designed to reduce costs, increase customer service and enhance the bottom line.
Since then, we’ve heard similar sentiments from other banks. They tell us they’re looking not only for a solution, but the best solution.
Nice.
Last week in a meeting with a top-10 bank, I made an assumption that they were “looking to check the FACT Act compliance box.” And one of the people in the meeting stopped me right there. “No, that’s not actually the case,” he said. “It’s a given that we’re going to comply. What we’re looking for is how to do it right and benefit our organization.” We went on to talk about how his team saw compliance as an opportunity to take a good look at the company’s processes, then implement efficiencies designed to reduce costs, increase customer service and enhance the bottom line.
Since then, we’ve heard similar sentiments from other banks. They tell us they’re looking not only for a solution, but the best solution.
Nice.
Thursday, January 17, 2008
UK Fraud Likely Could Have Been Prevented
The story keeps getting louder. Last week the chairman of England’s Barclays Bank, Marcus Agius, became the latest victim of identity theft. A thief posing as Mr. Agius called the bank and requested that a new card be sent out. As in most account takeover cases, the fraudster no doubt requested that the card be sent to an alternate address that was easily accessible. From there, he racked up almost $20,000 in fraudulent charges, with little chance of getting caught.
Unfortunately, this story is not a surprise to us at ID Insight, as most banks still do not protect against fraudulent changes in address. This crime would most likely have been prevented had Barclays taken action when the caller asked that the card be delivered to that alternate address. My guess is that if we would have analyzed Mr. Agius’s real address versus the one the thief “moved Mr. Agius to” using our Safe2Change process, we would have seen some major red flags.
Unfortunately, this story is not a surprise to us at ID Insight, as most banks still do not protect against fraudulent changes in address. This crime would most likely have been prevented had Barclays taken action when the caller asked that the card be delivered to that alternate address. My guess is that if we would have analyzed Mr. Agius’s real address versus the one the thief “moved Mr. Agius to” using our Safe2Change process, we would have seen some major red flags.
Monday, January 14, 2008
Compliance and FACT Act named top two challenges for 2008
Everywhere you look today, financial services news outlets are reporting about how compliance is the number one issue facing the industry this year. Last week, BankInfoSecurity.com followed suit and said the top two challenges in 2008 were “keeping up with compliance” and “FACT Act Red Flag Guidelines.” This should come as no surprise. Over the past few years, we have been accustomed to new compliance issues taking top billing on priority lists, such as the USA Patriot Act or Sarbanes-Oxley.
While everyone has their own take on compliance and the value, ID Insight is predicting that the new FACT Act Identity Theft Provisions will have the biggest positive effect on financial services compared to compliance issues of years past. The reason is that today, the major reason for the sustained increase in ID theft can be tracked back to the lack of controls around address changes and address discrepancies. The major theme of the FACT Act is to make sure that these controls are put in place. In doing so, we believe that the overall impact to the industry will be positive rather than a hindrance.
While everyone has their own take on compliance and the value, ID Insight is predicting that the new FACT Act Identity Theft Provisions will have the biggest positive effect on financial services compared to compliance issues of years past. The reason is that today, the major reason for the sustained increase in ID theft can be tracked back to the lack of controls around address changes and address discrepancies. The major theme of the FACT Act is to make sure that these controls are put in place. In doing so, we believe that the overall impact to the industry will be positive rather than a hindrance.
Thursday, January 3, 2008
Welcome to the ID Insight FACT Act Blog
Welcome to our “Facts on the FACT Act” Blog. I’m Adam Elliott, president and co-founder of ID Insight, Inc. And if you made a point of stopping by, you’re very likely just as interested as I am in exactly what the FACT Act is going to mean to your business.
For the foreseeable future, I’ll be offering my take on the latest FACT Act news, as well as commentary and tips, all designed to help banks, credit card issuers, retailers, wireless providers, online merchants, and financial services companies comply with the Red Flag rules as efficiently as possible. Some other ID Insight team members will likely contribute to the discussion along the way.
Let’s kick things off by talking about the reason behind all the discussion that’s happening in board rooms across the country: the FACT Act Red Flag rules.
The Red Flag rules have been a major question mark since the Fair and Accurate Credit Transactions (FACT) Act was signed into law back in 2003. Last month, all that talk became a reality: The FDIC, Federal Reserve and several other federal regulatory agencies finalized the rules. By November 1, 2008, financial institutions and other creditors will be required to adopt a risk-based program to detect and prevent identity theft.
Under FACT Act Sections 114 and 315, financial institutions and creditors are now required by law to adopt procedures to reduce the risk of identity theft by examining consumer address changes on both new and existing accounts. Roughly 20 percent of new consumer credit applications feature a different address from the corresponding credit bureau file, so financial institutions using traditional address-verification methods are in for a lot of extra work and expense.
It doesn’t have to be all doom and gloom, though. In fact, if institutions take the right steps to comply with FACT Act, there are opportunities for millions of dollars in savings each year, especially for large banks that process thousands of applications every day.
In upcoming posts, I’ll talk about some easy-to-implement solutions to this often-confusing challenge. In the meantime, visit http://www.idinsight.com/ for more information and our free white papers on the Red Flag rules.
For the foreseeable future, I’ll be offering my take on the latest FACT Act news, as well as commentary and tips, all designed to help banks, credit card issuers, retailers, wireless providers, online merchants, and financial services companies comply with the Red Flag rules as efficiently as possible. Some other ID Insight team members will likely contribute to the discussion along the way.
Let’s kick things off by talking about the reason behind all the discussion that’s happening in board rooms across the country: the FACT Act Red Flag rules.
The Red Flag rules have been a major question mark since the Fair and Accurate Credit Transactions (FACT) Act was signed into law back in 2003. Last month, all that talk became a reality: The FDIC, Federal Reserve and several other federal regulatory agencies finalized the rules. By November 1, 2008, financial institutions and other creditors will be required to adopt a risk-based program to detect and prevent identity theft.
Under FACT Act Sections 114 and 315, financial institutions and creditors are now required by law to adopt procedures to reduce the risk of identity theft by examining consumer address changes on both new and existing accounts. Roughly 20 percent of new consumer credit applications feature a different address from the corresponding credit bureau file, so financial institutions using traditional address-verification methods are in for a lot of extra work and expense.
It doesn’t have to be all doom and gloom, though. In fact, if institutions take the right steps to comply with FACT Act, there are opportunities for millions of dollars in savings each year, especially for large banks that process thousands of applications every day.
In upcoming posts, I’ll talk about some easy-to-implement solutions to this often-confusing challenge. In the meantime, visit http://www.idinsight.com/ for more information and our free white papers on the Red Flag rules.
Subscribe to:
Posts (Atom)