Bank Regulator Says Banks Must Warn of ID Theft

The 5-0 vote by the agency's board of directors come in the wake of a flurry of announcements of the theft of personal data affecting hundreds of thousands of consumers.

The changes have won approval from the Office of the Comptroller of the Currency and Office of Thrift Supervision, and still require Federal Reserve Board approval. Fed spokesman Andrew Williams said the board is considering the matter.

Banks will be required to notify customers when they learn of unauthorized access to sensitive customer information and, after a reasonable investigation, determine the information was misused or there is a "reasonable possibility" of misuse.

The notices must describe the incidents, detail measures taken to protect customers, provide phone numbers for further information, remind customers to be vigilant and describe how customers may put fraud alerts in their credit reports.

Sensitive customer information is defined as a customer's name, address or phone number, in conjunction with his or her Social Security or driver's license numbers; account, credit or debit card numbers; or an identification number or password that would permit access to an account.

It also includes any combination of data that would allow a thief to access an account.

Obtaining Social Security numbers is often considered a key to identity theft scams involving banks, which regularly use the numbers as a unique way to identify customers.

Identity theft cost businesses $47.6 billion and consumers $5 billion in 2002, Federal Trade Commission estimates show.

Financial institutions regularly targeted by scammers include Citibank, Wells Fargo, Washington Mutual, U.S. Bank, SunTrust, and Capital One.

A common form of identity theft involving banks is "phishing," derived from the act of computer thieves who "fish" for private data.

Phishers typically tell prospective victims in e-mails that there is a problem with their accounts, and ask them to verify personal information through a link to a real-looking Web site. They e-mail either known customers of a particular bank, or many people with the hope of reaching actual bank customers.

Many phishing e-mails contain return addresses at sites such as, or typographical or grammatical errors.

Among companies to have reported thefts of customer data this year are data brokers ChoicePoint Inc. and LexisNexis, a unit of Anglo-Dutch Reed Elsevier (ELSN.AS) (REL.L), as well as DSW Shoe Warehouse, a unit of Retail Ventures Inc.

Meanwhile, Bank of America Corp. the No. 3 U.S. bank, last month said computer tapes with credit card records of more than 1 million U.S. government employees were lost.

NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at

formatting link
. Hundreds of new articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, Associated Press.

For more information go to:

formatting link

Reply to
Lisa Minte
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.