These Red Flag rules say that all financial institutions, including banks, credit unions, mortgage lenders, and more, that store consumer accounts to develop and implement identity theft prevention programs that will help combat ID theft in connection with new and existing accounts. Financial institutions must create “reasonable policies and procedures” for preventing ID theft, identify “red flag” signals of possible identity theft, and notify victims. With the compliance deadline Nov. 1, 2008, financial institutions have a mere 50 business days to fulfill seven requirements. Over the next few weeks we’ll be taking a closer look at the Red Flag rules’ seven main requirements, but for now, here’s the short list.

1. Initial Risk Assessment
2. Policies and Procedures Manual
3. New Account Authentication
4. Address Change Verification
5. Anti-Phishing Services
6. Staff Training and Program Implementation
7. Identity Theft Protection For All Consumer Accounts

The theft is being deemed the largest hacking and identity theft ring ever exposed. Eleven people, including a U.S. Secret Service informant, have been charged in connection with the hacking of nine major retailers and the theft and sale of more than 41 million credit and debit card numbers.

The indictment returned Tuesday by a federal grand jury in Boston alleges that the suspects hacked into the wireless computer networks of retailers including TJX Cos., BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW and set up programs that captured card numbers, passwords and account information.

You can read the press release announcing the indictment from the Department of Justice here.

Many of the hackers are still at large, according to this post in the WSJ.

Secure Identity Systems introduces anti-phishing services

Phishing attacks aren’t causing problems for just consumers. They’re also destroying the integrity of financial institution brands online.

But now with new anti-phishing services from Secure Identity Systems (SIS), financial institutions gain control of their brand integrity online, while protecting consumers from phishing attacks. Most important, these services enable financial institutions to fulfill Section 114 of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act (FACTA), which requires them to implement “reasonable policies and procedures” for identifying, thwarting, and preventing red flag activities-including phishing attacks-by Nov. 1.

“Phishing attacks continue to compromise consumers’ identities, and undermine their trust in online commerce-that includes online banking,” says Bryan Ansley, CEO of Secure Identity Systems. “By integrating world-class phishing detection and take-down services into our comprehensive services offering, we’re giving our financial institution clients a complete solution for protecting their customers’ interests, and complying with federal ID protection mandates.”
Available now through SIS, the anti-phishing services enable banks, credit unions, and other financial organizations to track the occurrence of their name, brands, trademarks, and slogans on the Internet. The service identifies phishing attacks, where e-mails and Web sites that display the financial institution’s brand are used to trick unwary consumers into providing account and logon information. SIS customers will be protected by a technology that is detecting and blocking as many as 5,000 phishing attacks daily around the world.

The technology uses extensive Internet surveying, which works by comparing the authentic Web site with a continuously updated database that includes over 172 million Web sites and domain names, SSL certificates, and feeds of phishing data from multiple sources. That’s only the beginning: after a phishing site is detected, countermeasures are launched to take down the phishing site. First, access to the site is restricted in popular browsers and security products, reducing its ability to lure and entrap consumers. The service then contacts the site owner, the ISP responsible for hosting the site, the domain registrar, upstream provider, and law enforcement to have the phishing site taken down. Once a site is taken down, the service will continue to monitor the site from various monitoring points around the world.
Source: Secure Identity Systems
]]> http://trevor7.wordpress.com/2008/08/06/what-are-banks-doing-for-anti-phishing/feed/ 1 trevor7 http://trevor7.wordpress.com/2008/07/30/banks-should-provide-protection/ http://trevor7.wordpress.com/2008/07/30/banks-should-provide-protection/#comments Wed, 30 Jul 2008 18:17:58 +0000 trevor7 http://trevor7.wordpress.com/?p=3 ]]> Why are Financial Institutions not doing more to protect our identities? It seems every day I read About personal information being lost. American National Bank in Colorado recognized the problem and is doing something about it. Identity theft is an ongoing concern and as a student it seems I am more vulnerable than anyone. Here is an article ran in the Bank Systems & Technology website where American National Bank teams with Secure Identity Systems to provide their customers the protection thats needed.