Update on Identity Theft 'Red Flags'

July 19, 2010
KEYWORDS flags , fraud , identity , security , theft
/ PRINT / ShareShare / Text Size +

By Kimberly Bohannon

Last year, identity theft was the Federal Trade Commission’s (FTC) No. 1 consumer complaint category. About 1.3 million people were victims of the crime, accounting for 21% of total complaints.

Identity thieves are hard at work finding new ways to use members’ personal information to open new accounts and misuse existing accounts. It’s a crime that wreaks havoc for members and credit unions.

The Fair and Accurate Credit Transactions Act (FACT Act), enacted in 2003, created new regulations and guidelines regarding identity theft detection, prevention, and mitigation. The identity theft “red flags” rules became effective in 2008 for federal credit unions and some state-chartered credit unions. All state charters must comply by December 2010. (Check with your compliance liaison if you're unsure about your specific compliance timeline.)

The red flags rules apply to “financial institutions” and “creditors” with “covered accounts.” Covered accounts include those used mostly for personal, family, or household purposes, and that involve multiple payments or transactions. Examples are credit card accounts, mortgage loans, automobile loans, checking accounts, and savings accounts. Other covered accounts are small-business or sole-proprietorship accounts.

Encourage staff to be aware of and vigilant for red flags of identity theft, including:

  • A fraud alert included with a consumer credit report;
  • Unusual credit activity, such as an increased number of accounts or inquiries;
  • Identification (ID) documents appear altered or forged;
  • An ID photo inconsistent with the member’s appearance;
  • An application appears forged, altered, or destroyed and reassembled;
  • ID information doesn’t match any address in the member’s report, or the Social Security number hasn’t been issued or appears on the Social Security Administration’s Death Master File, which includes Social Security numbers of deceased individuals;
  • A Social Security number that matches a number submitted by another person opening an account, or other members;
  • A suspicious address, such as a mail drop or a prison;
  • A phone number associated with a pager or an answering service;
  • An address or phone number that is supplied by a large number of applicants;
  • A person opening an account or a member is unable to correctly answer challenging questions;
  • The member uses most of his or her available credit for cash advances, jewelry, or electronics, and fails to make the first payment;
  • An account that has been inactive for a long time suddenly exhibits unusual activity; or
  • Mail sent to the member repeatedly returns as undeliverable, despite ongoing transactions on an active account.

The FTC identified 26 possible red flags of identity theft your credit union should review in its training program. It’s also a good idea to include specific incidents of identity theft that your credit union has experiencedFor example, if the credit union had an incidence of wire transfer fraud, red flags training could include this scenario.

Encourage staff to be alert to red flags that might have indicated possible identity theft that led to a specific incidence of fraud. And review security measures the credit union has in place to prevent further fraud.

In addition to the red flags, regularly review and update your credit union’s policies, practices, and previous experiences with identity theft and fraud cases.

For more information on the FTC’s red flags rules, visit

Kimberly Bohannon is compliance and risk management officer at Knoxville (Tenn.) TVA Employees Credit Union. Contact her at 865-544-5443.

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory ( will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive