Combating identity theft.
ABA supports efforts to implement laws to combat the continuing problem of identity theft, and to continue working to identify and address emerging threats to customers. ABA supports passing comprehensive, but focused, federal legislation and regulatory policies to protect sensitive customer information that could be used to commit identity theft. However, any legislative or regulatory solutions considered should provide national standards and allow financial institutions the flexibility to identify the appropriate security technologies to manage this ever-changing risk instead of government mandates imposing static solutions.
Congress enacted the Fair and Accurate Credit Transactions Act (FACT Act) in 2003, creating a strong, new, uniform federal standard for the prevention and combating of identity theft. Identity theft is broadly defined as the criminal takeover of another person's identity attributes (e.g., name, social security number, bank account numbers, etc.) for fraudulent gain.
In 2004, Congress followed up on the landmark FACT Act by passing legislation to increase the penalties for committing identity theft, and passing the CAN SPAM Act to fight spam, which is increasingly used to carry out identity theft. Techniques such as "phishing," "pharming," and "spoofing" are continuing to be used to lure consumers into giving their personal financial information to fraudsters.
Identity thieves are constantly creating new tools to defraud consumers. The banking regulators, the Federal Trade Commission (FTC), other law enforcement agencies, and private sector entities have been actively working on education and outreach initiatives to help the victims of identity theft and to inform consumers of actions they can take to minimize the risk of becoming a victim. ABA supports and encourages the continuation of these initiatives and commits to support these efforts wherever possible.
In October 2007, the banking agencies and the FTC issued a final rulemaking to implement portions of the FACT Act to combat identity theft including a requirement that banks institute an "Identity Theft Prevention Program." ABA had expressed serious concerns about the regulatory burden, lack of flexibility and effectiveness, and redundancy of the rule when it was first proposed in 2006. The final rule adopted some but not all of the changes recommended by ABA to allow additional flexibility for banks that are already taking steps to prevent fraud. ABA provided free to all members an ABA Works to assist in creating the required Identity Theft Prevention Program.
Data breaches by a number of companies and government agencies have made sensitive consumer information available to criminals. Such information can be used to commit identity theft, and federal legislation designed to protect sensitive personal information better needs to include provisions to protect people from compromise of information held by government entities as well as non financial institutions.
For additional information regarding data breaches, please go here.