With all the attention over the past few years on Identity Theft in general, there is a new trend that is continuing to gain momentum. While identity theft in general has leveled off a bit, the category of Medical Identity Theft is continuing to be more of an issue.
Medical Identity Theft can take many guises, but can be thought of generally as someone using your identifying credentials to receive medical services. This could be anything from an emergency room visit to reconstructive surgery. With the costs of health care continuing to sky-rocket, this should come as no surprise. In fact, when compared to financial service where the average 'loss' is around $10,000 - this can be quickly dwarfed when it comes to health care.
The latest crime stats from 2007 suggest that over 250,000 consumers were the victims of Medical Identity Theft. Much like financial services, the typical fraud can involve either someone using an existing Insurance ID and policy information to utilize an existing account, or alternatively, apply for new services in the victim's name using the stolen ID information such as SSN and DOB.
Historically - health care providers have not deployed the scrutiny in the new account opening process as banks. However - this is beginning to change. Partly due to the increase in related fraud, but also due to the FACT Act provisions which will require health care providers to screen for Medical Identity Theft. While health care providers have not fallen under the regulatory banking agencies, they will now be regulated with respect to Identity Theft practices by the FTC - As of August 1st, 2009.
With the new mandate to electronify all medical records - we expect to see a lot of activity here over the next few years.
Monday, June 15, 2009
Thursday, June 11, 2009
Supreme Court Makes Decision on Identity Theft
A unanimous Supreme Court said in May that illegal workers who use falsified IDs can't be considered identity thieves without proof that they knew they were stealing real people's Social Security and other numbers!
How ridiculous is this?
The court, in an opinion by Justice Stephen Breyer, rejected the government's argument that prosecutors need only show that the identification numbers belong to someone else, regardless of whether the defendant knew it.
So - here we all are trying to deter identity theft, and our Supreme Court says it can only be prosecuted when someone "knows" that the ID was real. This is rarely the case. When people buy and steal IDs, they rarely ever know if they are indeed real.
This case was brought forth due to immigrants who were accessing various IDs to gain employment. However - this ruling I am sure will now make its way into the financial services sector.
Can we turn our brains back on...... please!
Here's a link to one version of the truth.
http://www.brownsvilleherald.com/news/identity-98001-theft-used.html
How ridiculous is this?
The court, in an opinion by Justice Stephen Breyer, rejected the government's argument that prosecutors need only show that the identification numbers belong to someone else, regardless of whether the defendant knew it.
So - here we all are trying to deter identity theft, and our Supreme Court says it can only be prosecuted when someone "knows" that the ID was real. This is rarely the case. When people buy and steal IDs, they rarely ever know if they are indeed real.
This case was brought forth due to immigrants who were accessing various IDs to gain employment. However - this ruling I am sure will now make its way into the financial services sector.
Can we turn our brains back on...... please!
Here's a link to one version of the truth.
http://www.brownsvilleherald.com/news/identity-98001-theft-used.html
Tuesday, June 2, 2009
Examinations In Process
We are finally beginning to get some good information regarding how banks and credit unions are doing coming out of their initial FACT Act Red Flag audits. The great news is that our clients are being given a passing grade by the auditors for using our Safe2Change solution to meet the address change provisions of FACT Act. Great news, because they deloyed Safe2Change as a much more cost-effective solution to complying versus sending out letter confirmations. At a time when costs are more critical than ever, saving some dollars here is very important, and our customers are able to realize these savings.
More interestingly, we are seeing a couple of general trends emerging from these audits that are worth thinking about.
Looks like the auditors are being somewhat lenient in this first pass. Clearly there are the handful that completely ignored the regulation and are getting it with both barrels. However - in the first round we are hearing that they are generally not having many issues.
The one gap that we are hearing now repeatedly is that the examiners are beginning to scrutinize compliance strategies where financial institutions are mailing letters to the customer's old and new address to achieve compliance. The issue is sufacing not because of the letter mailing strategy, but because FACTA requires that the institution not fulfill subsequent requests credit cards, debit cards, checks, etc. until the consumer has had enough time to receive and respond to the letter. This makes sense. If the institution sends out a letter and then sends the requested card to the new address (where the fraudster is waiting) - then this strategy will still still result in identity theft.
We are finding that most institutions have deployed the letter mailing strategy. However - we are also finding that these same institutions are not putting a "hold" on the account to block the request for cards and checks. This is not allowed per the FACT Act, which states that you can send letters, but not fulfill these additional requests until enough time has passed.
In these early examinations, we are hearing this issue being brought up repeatedly. While the examiners are being a bit lenient in round 1, we see this as being an issue that will be scrutinized much more and that financial institutions will need to plug this hole.
A.E>>>
More interestingly, we are seeing a couple of general trends emerging from these audits that are worth thinking about.
Looks like the auditors are being somewhat lenient in this first pass. Clearly there are the handful that completely ignored the regulation and are getting it with both barrels. However - in the first round we are hearing that they are generally not having many issues.
The one gap that we are hearing now repeatedly is that the examiners are beginning to scrutinize compliance strategies where financial institutions are mailing letters to the customer's old and new address to achieve compliance. The issue is sufacing not because of the letter mailing strategy, but because FACTA requires that the institution not fulfill subsequent requests credit cards, debit cards, checks, etc. until the consumer has had enough time to receive and respond to the letter. This makes sense. If the institution sends out a letter and then sends the requested card to the new address (where the fraudster is waiting) - then this strategy will still still result in identity theft.
We are finding that most institutions have deployed the letter mailing strategy. However - we are also finding that these same institutions are not putting a "hold" on the account to block the request for cards and checks. This is not allowed per the FACT Act, which states that you can send letters, but not fulfill these additional requests until enough time has passed.
In these early examinations, we are hearing this issue being brought up repeatedly. While the examiners are being a bit lenient in round 1, we see this as being an issue that will be scrutinized much more and that financial institutions will need to plug this hole.
A.E>>>
Subscribe to:
Posts (Atom)