ARLINGTON, Va. – With more than 27 million consumers across the U.S. having been victimized by identity theft in the last five years, according to the Federal Trade Commission, credit unions have wanted to do more to help their members counter the threat. But a noted security consultant says there is little a credit union can do other than to keep its own house in order. "What credit unions or banks would have to do is help protect consumers against themselves," said Chris McGoey, President of McGoey and Associates, "and that is always the hardest to do." McGoey, who is president of McGoey and Associates, a noted security consultation firm with offices in San Francisco and Los Angeles, said that credit unions would serve their members best by paying attention to their own procedures for information, starting with how much they collect. "There is such a drive now for financial institutions to get identifiers for their customers," he noted, "so they are asking for a lot of information." He said a credit union's first step might be to review its procedures for membership or loans and asking `do we really need to collect all this information?' "If they never collect the information, they don't have to worry about protecting it," he noted. Next, a credit union which wanted to help its members would examine what procedures it had in place for taking care of their members' information. And that does not mean just making sure that the computers and software have adequate security. It includes things like keeping track of the forms that someone uses when joining the credit union and screening the employees that handle the information. "If someone fills out forms to join and the information is then keyed into a computer afterward," McGoey said, "what happens to that information? Is it thrown away? If so, is it shredded first? And the person who keys in the information, is that person screened at all?" McGoey was also harsh in his criticism of institutions that in his view are not doing enough. Too many financial institutions of all stripes still do things like use their members' Social Security Numbers to identify their accounts, he said, and too often money is the stumbling block in front of changing that policy. "It's not that people don't know what to do," he said. "It's that they don't want to spend the money on what they still view as someone else's problem." After cleaning up their own procedures, credit unions can start being proactive about prompting their members to take the steps only they can take. Although he admitted few people might read the notices, McGoey said it would not be a bad idea for a credit union to stick notices about identity theft and instructions about how to see your credit report into the member's account and credit card statements. Credit unions could also offer short classes for all members, not just members considered low income, on how to understand their credit reports so that if a member gets their credit report they will be able to understand what they are seeing and whether the reports have errors. McGoey did endorse an innovative new product which advocates say should give credit unions a way to easily help their members check their identities and credit reports when they join the credit union or when they use or apply for any loan or product. Rapid Reporting, a firm based in Fort Worth, Texas that specializes in helping lenders verify the applicant's identities, says its Direct Check product can help credit unions protect both themselves and their members against identity fraud. With Direct Check, a credit union client of Rapid Reporting would use a signed permission form from the credit union member to access the Social Security Administration's and other database's to verify that no other person is using that member's social security number as a form of identity in financial transactions. The checking process takes less than 24 hours, costs $5 and can let both the credit union and the credit union member know whether they are being used as part of an identity theft. "So many of the credit bureaus and other data depositories use harvested data in their credit reports," said Ray Petta, COO of the firm. "We have a relationship with the Social Security Administration that lets us have access to virgin data from the government agency." Petta explained that in many sophisticated frauds, such as so-called "bust out" frauds, perpetrators use a pilfered social security number to create an identity that will pass many identity validations. McGoey liked the Rapid Reporting product in particular because it would allow the credit union member to gain a baseline understanding of their credit report which they could compare against future checks to find any differences or discrepancies. Progeny, Nashville, also has a credit monitoring product it is offering credit unions to offer to their members. [email protected]

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.