|
 |
 |
 |
 |
|
The federal financial institution regulatory agencies and the Federal Trade Commission have sent to the Federal Register for publication final rules on identity theft “red flags” and address discrepancies. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft
Consumers need to keep five tips in mind for managing their checking accounts and safeguarding their funds from unauthorized transfers by criminals, according to a new Federal Reserve Board publication.
The following GAO report highlights GAO-07-737, a report to congressional requesters.In recent years, many entities in the private, public, and government sectors have reported the loss or theft of sensitive personal information.
President Bush's Identity Theft Task Force today released its strategic plan for combating identity theft, the top consumer fraud reported to the Federal Trade Commission. Treasury Deputy Assistant Secretary for Critical Infrastructure Protection and Compliance Policy D. Scott Parsons, who led the Department's efforts with the taskforce, released the following statement today.
Kmart Corporation has agreed to settle Federal Trade Commission charges that it engaged in deceptive practices in advertising and selling its Kmart gift card. As part of the settlement, Kmart will implement a refund program and publicize it on its Web site. This is the agency’s first law enforcement action involving gift cards. “Consumers have a right to know when gift cards come with strings attached,” FTC Chairman Deborah Platt Majoras said. “If fees or restrictions apply, gift card issuers must fully and clearly disclose them.”
Hurricanes Katrina and Rita destroyed homes and displaced millions of individuals. While federal and state governments continue to respond to this disaster, GAO has identified significant control weaknesses-specifically in the Federal Emergency Management Agency (FEMA)'s Individuals and Households Program (IHP) and in Department of Homeland Security (DHS)'s purchase card program—resulting in significant fraud, waste, and abuse. In response to the numerous recommendations GAO made, DHS and FEMA have reported on numerous actions taken to address our recommendations. Lessons learned from GAO's prior work can serve as a framework for an effective fraud prevention system for federal and state governments as they consider spending billions more on disaster recovery. These lessons are particularly important because funding that is lost to fraud, waste, and abuse reduces the amount of money that could be delivered to victims in need.
At the request of the Federal Trade Commission, a federal court has shut down a payment processing operation that allegedly helped fraudulent telemarketers take millions of dollars from consumers' bank accounts. According to the FTC's complaint, since at least January 2003 the operation has aided at least nine Canada-based, advance-fee credit card schemes that induce consumers to allow an electronic debit of several hundred dollars from their bank account in exchange for an unsecured credit card; but consumers never receive a credit card or, at best, they receive a "benefits package" containing relatively worthless items.
Like any new technology, RFID presents new security and privacy risks that must be carefully mitigated through management, operational, and technical controls in order to realize the numerous benefits the technology has to offer. When practitioners adhere to sound security engineering principles, RFID technology can help a wide range of organizations and individuals realize substantial productivity gains and efficiencies. These organizations and individuals include hospitals and patients, retailers and customers, and manufacturers and suppliers throughout the supply chain. This guidance document provides an overview of RFID technology, the associated security and privacy risks, and recommended practices that will enable organizations to realize productivity improvements while safeguarding sensitive information and protecting the privacy of individuals. Radio frequency identification (RFID) is a form of automatic identification and data capture (AIDC) technology that uses electric or magnetic fields at radio frequencies to transmit information. An RFID system can be used to identify many types of objects, such as manufactured goods, animals, and people.
Alexandria, VA, September 27, 2006 - National Credit Union Administration (NCUA) Chairman JoAnn Johnson met recently with senior Administration officials to share recommendations with the President's Identity Theft Task Force. Based upon these recommendations, the Task Force will deliver a final strategic plan to President Bush in early November. During a September 19 Task Force meeting, Chairman Johnson joined U.S. Attorney General Alberto Gonzalez; Clay Johnson III, Deputy Director of the White House Office of Management and Budget, Michael Chertoff, Secretary of the Department of Homeland Security, Carlos M. Guiterrez, Secretary of Commerce; and other senior government officials to discuss recommendations to the President in key areas.
The Federal Trade Commission (FTC) is responsible for economic issues that affect both consumers and businesses. Its primary function is to help maintain a competitive market environment that benefits both sides and in this respect, identity theft is seen as negatively affecting both consumers and businesses. In an effort to combat this problem, the FTC provides information and resources that enables the development of effective countermeasures against identity theft. The FTC has developed a website that gives information on how to deter the threat of identity theft, which it refers to as a "one stop national resource" to learn about identity theft. The website provides material that defines identity theft and procedures to deal with it if it occurs.
The Agencies are proposing Red Flag Regulations that adopt a flexible risk-based approach similar to the approach used in the "Interagency Guidelines Establishing Information Security Standards" issued by the Federal banking agencies (FDIC, Board, OCC and OTS), the "Guidelines for Safeguarding Member Information" issued by the NCUA, and the "Standards for Safeguarding Customer Information" issued by the FTC, (collectively, Information Security Standards), to implement section 501(b) of the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. 6801. Under the proposed Red Flag Regulations, financial institutions and creditors must have a written Program that is based upon the risk assessment of the financial institution or creditor and that includes controls to address the identity theft risks identified.
The Fair and Accurate Credit Transaction Act of 2003 (FACTA) added new sections to the federal Fair Credit Reporting Act (FCRA, 15 U.S.C. 1681 et seq.), intended primarily to help consumers fight the growing crime of identity theft. Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in FACTA. (Pub. L. 108-159, 111 Stat. 1952) This is all good news for consumers. However, consumers came out on the losing end when Congress virtually barred states from adopting stronger laws. The Notes section at the end of this guide has more information about Congressional pre-emption of state laws.
The purpose of this document is to present recommendations for Personal Identity Verification (PIV) card readers in the area of performance and communications characteristics to foster interoperability. This document is not intended to re-state or contradict requirements specifically identified in Federal Information Processing Standard 201 (FIPS 201) or its associated documents. It is intended to augment existing standards to enable agencies to achieve the interoperability goal of Homeland Security Presidential Directive 12 (HSPD-12). The document provides requirements that facilitate interoperability between any card and any reader. Specifically, the recommendations are for end-point cards and readers designed to read end-point cards.
Why GAO Did This Study
GAO was asked to examine (1) financial institutions' use of resellers; (2) federal privacy and security laws applicable to resellers; (3) federal regulators' oversight of resellers; and (4) regulators' oversight of financial institution compliance with privacy and data security laws. To address these objectives, GAO analyzed documents and interviewed representatives from 10 information resellers, 14 financial institutions, 11 regulators, industry and consumer groups, and others.
The federal financial institution regulatory agencies and the Federal Trade Commission are soliciting comments on a Notice of Proposed Rulemaking (NPRM) concerning identity theft "red flags" and address discrepancies. The NPRM, which has been reviewed and approved by each of the listed agencies, implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The regulations that the agencies are jointly proposing would require each financial institution and creditor to develop and implement an identity theft prevention program that includes policies and procedures for detecting, preventing, and mitigating identity theft in connection with account openings and existing accounts. The proposed regulations include guidelines listing patterns, practices, and specific forms of activity that should raise a "red flag" signaling a possible risk of identity theft. Under the proposed regulations, an identity theft prevention program established by a financial institution or creditor would have to include policies and procedures for detecting any "red flag" relevant to its operations and implementing a mitigation strategy appropriate for the level of risk.
FinCEN's primary function is to support and strengthen domestic and international anti-money laundering efforts through coordination and partnerships. Since its creation in 1990, FinCEN has been responsible for overseeing the management, processing, storage and dissemination of Bank Secrecy Act (BSA) data. In 2004, FinCEN embarked on a major initiative intended to improve the sharing of information reported under the Bank Secrecy Act. BSA Direct is an umbrella project intended to provide secure, user-friendly, web-based tools for accessing, analyzing, and filing BSA data. It is part of a broad effort to reengineer data management responsibilities and transition them from the IRS. During the early spring of 2006, it became clear to FinCEN that the Retrieval and Sharing component of the BSA Direct project (BSA Direct R&S) was not going to meet the critical implementation deadline of June 30, 2006. Objectives Because FinCEN has experienced problems with development and implementation of the BSA Direct R&S, you asked us about the project's current status and to provide observations on FinCEN's IT investment management practices. Our objectives were to (1) describe BSA Direct R&S and the project's current status; (2) examine FinCEN's application of information technology (IT) investment management processes to the BSA Direct R&S project; and (3) describe, at a high level, the range of options FinCEN may consider as it reexamines the BSA Direct R&S project.
National Credit Union Administration (NCUA) Board Member Gigi Hyland represented the agency yesterday at the inaugural meeting of President Bush's Identity Theft Task Force. On May 10, 2006, the President signed an Executive Order for the purpose of strengthening federal efforts to protect against identity theft. The Order establishes the Task Force and provides that it will be co-chaired by the Attorney General and the Chairman of the Federal Trade Commission. Task Force membership includes representatives from the other executive branch departments as well as representatives from all of the federal financial regulatory agencies.
The Financial Crimes Enforcement Network today announced it is issuing a survey to banking and financial services industry trade groups seeking information about the feasibility and impact of implementing a cross-border wire transfer reporting requirement under the Bank Secrecy Act. The survey, which is required by the Intelligence Reform and Prevention Act of 2004, is part of an ongoing study into the feasibility of imposing a requirement that financial institutions to report to FinCEN records that they currently maintain concerning international wire transfers. The survey, which is required by the Intelligence Reform and Prevention Act of 2004, is part of an ongoing study into the feasibility of imposing a requirement that financial institutions report to FinCEN records that they currently maintain concerning international wire transfers. The American Bankers Association, the Institute of International Bankers, the Credit Union National Association, the Independent Community Bankers of America and representatives of major money wire services are assisting in this effort by distributing this survey to their membership.
You are receiving this information because you have notified a consumer reporting agency that you believe that you are a victim of identity theft. Identity theft occurs when someone uses your name, Social Security number, date of birth, or other identifying information, without authority, to commit fraud. For example, someone may have committed identity theft by using your personal information to open a credit card account or get a loan in your name. For more information, visit www.consumer.gov/idtheft or write to: FTC, Consumer Response Center, Room 130-B, 600 Pennsylvania Avenue, N.W. Washington, D.C., 20580. The Fair Credit Reporting Act (FCRA) gives you specific rights when you are, or believe that you are, the victim of identity theft. Here is a brief summary of the rights designed to help you recover from identity theft.
Following a public comment period, the Federal Trade Commission has issued final summaries of identity theft and general consumer rights and revised furnisher and user notices under the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Consumer reporting companies are required to notify consumers of their rights under FACTA and steps they can take to protect themselves against identity theft and difficulties resulting from identity theft.
The identity theft rights summary includes the major new identity theft rights granted to consumers by FACTA, including the right to place fraud alerts on their credit reports, to block businesses and credit bureaus from reporting information in their credit files that is a result of identity theft, and to obtain from businesses information about accounts or transactions in their name that result from identity theft. The identity theft rights summary will be provided by consumer reporting companies to consumers who contact the agencies because they believe they are victims of fraud or identity theft.
The Federal Trade Commission today said that provisions of the recently enacted Fair and Accurate Credit Transactions Act will help reduce identity theft and help victims recover. In testimony to the House Ways and Means Committee’s Subcommittee on Social Security, Howard Beales, Director of the FTC’s Bureau of Consumer Protection, said that many of the provisions will go into effect over the course of this year.
The testimony says one of the newly enacted provisions requires the three major credit reporting agencies to provide consumers with a free copy of their own credit report every 12 months. The requirement will become effective in December but will be phased in over nine months from West to East. The reports allow consumers to discover and correct errors in their credit records and to assure that accounts have not been fraudulently opened in their names.
In 2001, NCUA amended 12 CFR Part 748 to fulfill a requirement in Section 501 of the Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA), in which Congressdirected both NCUA and the other Federal Financial Institution Examination Council (FFIEC ) agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Banking Agencies”) to establish standards for financial institutions relating to administrative, technical, and physical safeguards to: (1) insure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of such records; and (3) protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer. Although NCUA worked with the Banking Agencies to develop the standards described above, the Banking Agencies issued their standards as guidelines under the authority of Section 39 of the Federal Deposit Insurance Act.
Since Section 39 of the Federal Deposit Insurance Act does not apply to NCUA, the NCUA Board determined that it could best meet the congressional directive to prescribe standards through an amendment to its existing regulation governing security programs for federally insured credit unions and by providing guidanceto credit unions, substantially identical to the guidelines issued by the Banking Agencies, in an appendix to the regulation. 12 CFR Part 748, Appendix A; 66 FR 8152 (January 30, 2001). The preamble to the final rule discusses the different regulatory framework under which the Banking Agencies issued their guidelines. The final regulation requires each federally insured credit union to establish and maintain a security program implementing the safeguards required by GLBA.
Weblinking:
Identifying Risks & Risk Management Techniques ENCL:
Weblinking Guidance The purpose of this letter is to assist
credit unions in identifying risks posed by the use of weblinks on
their websites and suggest a variety of risk management techniques to
mitigate these risks. A large number of credit unions maintain
sites on the World Wide Web. Virtually every website contains weblinks.
A weblink is a word, phrase, or image that contains coding that will
transport the viewer to a different part of the website or a completely
different website by clicking on it. While weblinks are a convenient
and accepted tool in website design, their use can present certain risks.
The primary risk posed by weblinking is viewer confusion about whose
website they are viewing and who is responsible for information, products,
and services available through that website. Credit unions using weblinks are encouraged
to review the enclosed guidance that was developed jointly with other
federal regulatory agencies. This guidance applies to credit unions
that develop and maintain their own websites, as well as those using
service providers for these functions. This letter supercedes NCUA Letter 02-FCU-04.
If you have any questions, please contact your NCUA Regional Office
or State Supervisory Authority.
">U. S. Implementation of Basel II: Objectives of Basel Accord Advance a “three- pillar ” approach –Pillar 1 - - minimum capital requirement –Pillar 2 - - supervisory oversight –Pillar 3 - - heightened market discipline Develop a measure of capital that is: –more risk sensitive than the current approach –better suited to the complex activities of internationally-active banks –capable of adapting to market and product evolution
assessments of capital adequacy
FACILITATING AFFILIATION AMONG BANKS, SECURITIES FIRMS, AND INSURANCE COMPANIES
The Patriot Act, and How It Applies to the Banking Industry: The U.S. Department of the Treasury issued a final rule on September 26, 2002, to implement Section 314 of the USA PATRIOT Act that adds sections 103.100 and 103.110 to the Bank Secrecy Act regulations. These sections establish procedures that encourage information sharing between governmental authorities and financial institutions, and among financial institutions themselves. The new section 103.100 establishes a mechanism for law enforcement to communicate names of suspected terrorists and money launderers to financial institutions in return for securing the ability to promptly locate accounts and transactions involving those suspects. Financial institutions receiving names of suspects must search their account and transaction records for potential matches and report positive results to Treasury's Financial Crimes Enforcement Network (FinCEN) in the manner and time frame specified in the request. Each financial institution must designate a point of contact to receive information requests. FinCEN has prescribed that each financial institution supply point of contact information to its primary federal regulator. If you have not already done so, send by e-mail to FDICAdvisory@fdic.gov or by mail to FDIC, Special Activities Section, 550 17th Street NW, Washington, DC 20429, the following information: name of institution, name of point of contact, title, mailing address, e-mail address, telephone number, and fax number. Changes in contact information must be promptly reported.
In 2001, NCUA amended 12 CFR Part 748 to fulfill a requirement in Section 501 of the Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA), in which Congress directed both NCUA and the other Federal Financial Institution Examination Council (FFIEC ) agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Banking Agencies”) to establish standards for financial institutions relating to administrative, technical, and physical safeguards to...
On January 17, 2001, the banking regulatory agencies adopted guidelines implementing Section 501 of the Gramm-Leach-Bliley Act (GLBA). The guidelines require financial institutions to establish a comprehensive and coordinated information security program, appropriate to the size of the bank and the complexity of its operations.
Section 314(a) of the USA PATRIOT Act of 2001 (P.L. 107-56)1 , required the Secretary of the Treasury to adopt regulations to encourage regulatory authorities and law enforcement authorities to share with financial institutions information regarding individuals, entities, and organizations engaged in or reasonably suspected, based on credible evidence, of engaging in terrorist acts or money laundering activities. FinCEN issued a proposed rule on March 5, 2002, and the final rule on September 26, 2002(67 Fed. Reg. 60,579). Section 314(a) requirements are now published in 31 CFR Part 103.100.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RSS Syndication