ITAC is a cooperative initiative of the financial-services industry. About six years ago, 50 of the largest financial-services companies decided if they worked together, they could do a better job at helping their customers recover from identity theft and detect fraud as part of that process. So they formed a nonprofit membership corporation, owned and managed by the members.
The basic concept is that identity theft typically doesn't just affect one company; it affects multiple companies and the consumer is groping around in the dark trying to find out where fraud has occurred. ITAC reduces that frustration and the time lag in helping the consumer find out where else the bad guys have struck. We also hold people's hands and walk them through the process; they talk to a real live person who is knowledgeable and sympathetic and can make them feel like someone cares and they really are in control. This is a free service for the consumer, paid by the member company.
That's primarily what we do, but behind that is also a fraud detection service. As part of this victim assistance service, the consumer will be walked through their credit report. A consumer might say, "I don't recognize that account." We notify all those companies of what may be fraud. The whole idea is that kind of fast notice allows our members to find fraud across their organizations. If the consumer spots suspicious activity at a company that's not a
From the victim's side, it's the same schemes we've seen historically. We typically ask consumers if they know how the fraud occurred and in most cases they don't. Of those who do know, we ask how they believe it happened. It's the same causes: lost or stolen wallets, some hacking. Those patterns of lost information, hacking, friends or family, and household fraud really haven't changed much...We know the FBI and others are very concerned about international gangs and crime rings, but the victim doesn't typically know [about] that. Have there been any advancements in identity theft investigations? Is there any more success with prosecution?
The anecdotal information is they're [law enforcement] paying a lot more attention. There's been an enormous change in last five years in terms of recognition of the seriousness of this crime, not just because of the impact on the individual …Particularly after 911, there's the recognition that identity theft is a facilitator of a lot of other and more serious crimes….human trafficking, terrorism. It is a characteristic, or a part of many serious crimes, both economic and violent.
A big change has been these task forces that are organized in a lot of cities; most are headed by the U.S. Postal Inspection Service and the FBI. They're bringing together the federal agencies and state and local agencies. They're phenomenally successful. If you have an immigration problem, the crime looks very different to a police officer than it does to an FBI agent. They'll see different aspects of the crime. These task forces have been very successful in getting past the biggest hurdles in identity theft investigations, which are jurisdictional … If you can have multiple victims and higher dollar losses, suddenly the prosecution may become a lot easier. Have you seen any impact yet from the Red Flags Rule in preventing ID theft?
Not really from a consumer standpoint. From an institutional standpoint, many financial institutions had investigative processes but they may not have been integrated across the institution. They often weren't. The thing about Red Flags is it forces an enterprise-wide review of what's this unit doing, what that unit's doing. So on one level, it's just compliance. But the substance is that it's the integration and consistency across the enterprise What role does ITAC play in financial institutions' identity theft prevention programs?
Our members are saying that it's a big part of what they talk about in their compliance plan on the detection side - the reports ITAC sends our members is the information they use to detect suspicious activity. It's also part of compliance on the back end; now that you know someone is a victim, what do you do? It goes back to this question of enterprise-wide awareness. What I hear from my members is they had an advantage in approaching Red Flags because the essence of ITAC is a single point of contact and an enterprise-wide approach to this. The whole idea of ITAC is no matter what unit of the bank deals with the consumer - whether it's student lending, mortgages or personal loans - all of those individuals should be offered the opportunity to use ITAC and you must have a mechanism for giving them the chance to use the service. How can financial institutions become members of the Identity Theft Assistance Center?
We're looking for ways to do that. We recognize there's a need for a lot of companies to use ITAC and we'd love to find ways through other trade associations or the card associations to make ITAC available, particularly to smaller companies. They may not have a huge volume, so it's not like it would be a regular thing but if they do have a need, we want to make it available. We've been looking for other channels so we can serve more companies.