Seems not a day goes by that we don’t hear of yet another case of identity theft. It’s become so commonplace; most people have become desensitized to it. Nowadays when we hear a company lost the Personal Identifying Information (PII) of 2,000 customers, we barely pay attention because there have been so many reports of mass theft—meaning hundreds of thousands of customers’ PII—from other companies. Plus, we’ve learned that often times when an identity has been “stolen”, the initial victim never suffers any ill effects because their information is not used.
But what about those cases where the information IS used? The fraudulent use of identities to establish credit and banking accounts promises to challenge consumers and financial institutions alike for years to come.
For years now, many entities in the financial services industry have been complying with the “Red Flags Rule,” established by government regulatory agencies. The rule was designed to help businesses fight identity theft fraud by requiring they have a program to actively look for fraudulent activity during the course of doing business. This seems like a fairly simple task, but it’s easier said than done with the large amounts of customer information your staff sees (or skims over) in a typical day.
To help you and your team spot identity theft more easily, with minimal effort involved, here are three red flags typically noted with fraudulent accounts:
- Fraudulent Identification Documents
These are documents—like a driver’s license or other form of government-issued identification—that may have been physically altered. They may have an address or other information that doesn’t match what you have on file for that customer.
When reviewing identification provided by your customers, make sure you and your team are actively looking for discrepancies. All information, including the address, how their full name is spelled, etc., should be consistent. If it’s not, then you must follow your institution’s protocol for reporting that information.
There are several commercial guides available to help your staff determine the legitimacy of government-issued identification documents. Seek out free resources such as the Law Enforcement Guide to False Identification and Illegal ID Use, prepared by the Pacific Institute for Research and Evaluation. Although it was designed to fight underage drinking, many of the concepts in the guide are useful to anyone assessing the legitimacy of identification documents.
- Suspicious PII
If a customer gives you their current address, and that address doesn’t match anything on their credit report, your “Spidey sense” should be tingling. Social Security Numbers can be validated by any one of several paid and free services. While many of these tools are not actually checking Social Security Administration records, they can give information such as the approximate year and state of issuance. This information—while limited—could be enough identify fraudulent activity.
- Lack of Background Knowledge
Using challenge questions to assess the legitimacy of an account or loan application can be an easy way to vet the applicant. Challenge questions must have answers that are specific, detailed, and show first-hand knowledge—not answers that someone would know after simply rummaging through someone’s wallet or credit report.
If the applicant’s credit report reflects a significant period of time living in a certain area, do some basic research and ask the person questions that only someone who truly lived there would know. Thanks to the Internet, this type of information can accessed quickly, so you can do this type of research on the spot. This is especially convenient and helpful when conducting in-person interviews.
The following scenario is an example of how you could use challenge questions to help expose fraud:
Let’s say you are a financial institution located in Chicago. A new customer submits a loan application, and when you run their credit report, it shows the person recently resided in the Westminster Chase Apartments in Tampa, Florida, for a period of approximately 10 years. You do an online search for the apartment name and location, and your search results show that the complex is located right next to a major U.S. Air Force Base (MacDill AFB). So during your interaction with the customer, you mention you had a relative in the Air Force in Tampa, but can’t recall the name of the base. This poses the perfect opportunity to ask them what that name is. If the applicant cannot name MacDill AFB they more than likely never lived in that complex.
These three red flags are very telling and can be spotted as long as your employees are looking for them. The tactics and resources outlined in this post are a small portion of all that’s available to you as you work to prevent identity theft from victimizing your institution and your customers. In future posts, we will look at other red flags and include some real-life examples of how discovering them prevented an identity theft crime.
What red flags do you commonly find? And what methods do you use to uncover fraudulent information/activity? Please share them with us, so others can learn from your successes!