Feds Issue New Identity Theft Recommendations

But delay enforcement of "red flags" fraud program for businesses

By Martin H. Bosworth
ConsumerAffairs.com

October 25, 2008

Identity Theft • FTC Proposes Ways to Reduce Identity Theft • "Underground Economy" for Crime Thrives, Report Says • Feds Issue New Identity Theft Recommendations • Identity Theft: One Woman's Story, Eight Months Later • Consumers Cautioned About Voter Registration Scams • Young Adults Seen As Prime Identity Theft Targets • Researchers Find Security Flaws In Online Banking Sites • 'Red Flags Rules' for Identity Theft on the Way • Identity Theft: One Woman's Story • Xbox or PC Stolen? Don't Forget to Cancel Your Credit Cards • Identity Theft a Growth Industry in Texas Border Towns • FTC Warns Consumers About Tax Rebate Scams • Big Banks, Telcos Top Identity Theft List • Identity Theft Tops FTC Complaint List Again • Study Claims Identity Theft 'Continues To Decline' • 650,000 Retail Customers Exposed In Data Breach • Children Becoming Prime Identity Theft Targets • FTC Finds 8 Million Identity Theft Cases • New Jersey Wants Banks to Help Fight Phishing Scams --- • More ...

The Bush administration last week issued its annual Identity Theft Task Force Report, including 31 recommendations for combating identity theft and fraud, and boasting of a 26 percent increase in identity theft convictions from 2007.

"The SSN is highly valuable for identity thieves because it is often a necessary (if not necessarily sufficient) item of information that a thief needs to open new accounts in the victim's name," the task force wrote. "One of the most practical and cost-effective ways to prevent breaches is to collect and maintain sensitive data only when it is necessary to do so."

The Task Force recommended that the government's Office of Personnel Management (OPM) take the lead in reviewing how federal agencies use Social Security numbers and issuing new recommendations for reducing or eliminating their use in everyday paperwork. In addition, the task force reported that OPM has been working with the Social Security Administration (SSA) to conduct studies on the feasibility of replacing a Social Security number with a new unique identifier for all federal employees.

The task force also reported progress on working with state and local governments to reduce or eliminate usage of Social Security numbers as an identifier for their daily business.

The ID "passport"

The task force also focused on its efforts to improve restitution and aid for victims of identity theft, for whom it takes an average of 600 hours and $6,000 to get any damage to their identities fixed. The chief recommendation was widespread adoption of a "passport" document for victims to use in order to verify their identities while disputing or investigating charges of identity theft.

The Justice Department has launched a pilot "passport" program in Ohio, where victims enter their information into a statewide database that is shared with other law enforcement agencies, in order to reduce additional fraud and enable the victim to more easily go about their business.

The Task Force also recommended extending partnership with lawyers and legal aid services on both the state and federal levels to get victims of identity theft more legal representation in order to gain restitution.

Law enforcement

The Task Force reported that in 2007, 2,470 suspected identity thieves or fraudsters were charged with crimes relating to identity theft, and 1,943 were convicted, up from 1,534 in 2006.

Among those indicted were ll members of the hacker ring charged with stealing 40 million credit and debit card numbers from the TJX company and its affiliates, considered the biggest data breach in history.

The Justice Department also reported progress in identifying and prosecuting criminal groups that traffic in the "underground economy" of stolen credit cards and personal information, including members of the "Shadowcrew" identity theft cartel.

Lowering the red flag

The Task Force acknowledged that the private sector's usage of personally identifying information constitutes a potential security risk, and recommended increased education and training for companies on how to better handle the data they collect.

At the same time, the Federal Trade Commission (FTC), which is part of the Task Force, announced that it would be delaying implementation of the "red flags rules" for businesses to implement identity theft protection plans until May 1, 2009.

Under the "red flags rules," financial institutions and business entities that offer credit or services provided through credit were required to develop and implement plans to protect their customers' data from identity theft and better identify potential fraudulent transactions. Businesses covered by the rules included banks, mortgage lenders, telecommunications companies, auto dealerships, and many others.

The rules, which were passed in 2003 as part of the Fair and Accurate Credit Transactions Act (FACTA), were not scheduled for implementation until January 2008, and full implementation was originally delayed until November 2008. The FTC said that because many businesses that are not covered by FTC jurisdiction did not know they were affected by the rules, they would not be able to comply with the deadline quickly enough.

"These entities indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACT Act's definition of creditor or financial institution," the agency said. "The Commission's delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule."

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Follow us on Twitter.

Back to the top |