WASHINGTON – Did you hear about the fellow who went into a New York City Kinko's, plugged a simple device into the back of a public computer and stole the user names and passwords of hundreds of online bankers? Jim Blake has and he finds it scary. Blake, president and CEO of $1 billion HarborOne Credit Union in Brockton, Mass., used that true story as an example of how easy it is to commit identity fraud, and how much financial institutions are on their own in the battle. Blake, a member of several national panels and task forces on the problem of identity theft, discussed the issue in a breakout session at CUNA's GAC. He said retailers and other vendors also should be pressured to meet something even close to the standards that financial institutions are held to when it comes to handling and protecting personal information. Blake was joined by Robert Gordon, an associate general counsel to a U.S. House subcommittee who is helping craft the laws and regulations related to identity theft and the Fair Credit Reporting Act. Gordon, a key aide to Financial Services Committee chair Michael Oxley of Ohio, reviewed efforts to create uniform laws governing identity theft and fraud across state and federal lines. "The changing habits of consumers, especially the increasing use of online shopping, is helping to increase the incidence of fraud," he observed, adding that his panel hoped to soon have specific regulations in place that could serve as guidelines for the NCUA to help credit unions take on the problem. Blake, meanwhile, reviewed the various ways identity theft occurs, including phishing (the use of real-looking Web sites to fool users into providing confidential information) and the legal sales of keyboard-stroke memory devices such as the one used in the case mentioned above. "Kinko's response, by the way, was to put up a placard warning customers to beware," Blake said. "Can you imagine us doing that?" In addition to requiring more of retailers, lawmakers also should seek ways to crack down on the unregulated sale of such keyboard-logging devices, as well as Internet sites that sell people's personal information, fake IDs and more, Blake said. He noted that such crimes have "become a wholesale problem instead of a retail one" as hackers continually try to find ways into financial institutions' data stores to steal identities, create new accounts and drain existing ones. "I used to be concerned about the guy who came into a branch and cashed a check for $2,200 in someone else's name," he said. "That's retail." Wholesale? He said the tech guardians at HarborOne detected more than seven million attempts to break into the CU's computer system last July alone. Blake also noted that identity theft tends to remain a local crime, and often a misdemeanor, putting it low on the list of priorities for local police concerned with fighting drugs, robberies and homicides. Meanwhile, the problem just grows. "I believe by the same time next year, we will find that at least one person in this room has had a serious problem with identity theft at his or her credit union," Blake said. In his introductory remarks, Kris Mecham, CEO of Desert First CU in Salt Lake City, also reflected on the widespread nature of the assaults on member identities and its impact on credit unions. "As a credit union president I am increasingly disturbed by the amount of fraud creeping into our movement and into our payment processes," he said. "Electronics alone, no matter how powerful, will not protect us from fraud completely," he said. "It's going to take a multi-faceted front." -

[email protected]