The 5-0 vote by the agency's board of directors come in the wake of a
flurry of announcements of the theft of personal data affecting
hundreds of thousands of consumers.
The changes have won approval from the Office of the Comptroller of
the Currency and Office of Thrift Supervision, and still require
Federal Reserve Board approval. Fed spokesman Andrew Williams said the
board is considering the matter.
Banks will be required to notify customers when they learn of
unauthorized access to sensitive customer information and, after a
reasonable investigation, determine the information was misused or
there is a "reasonable possibility" of misuse.
The notices must describe the incidents, detail measures taken to
protect customers, provide phone numbers for further information,
remind customers to be vigilant and describe how customers may put
fraud alerts in their credit reports.
Sensitive customer information is defined as a customer's name,
address or phone number, in conjunction with his or her Social
Security or driver's license numbers; account, credit or debit card
numbers; or an identification number or password that would permit
access to an account.
It also includes any combination of data that would allow a thief to
access an account.
Obtaining Social Security numbers is often considered a key to
identity theft scams involving banks, which regularly use the numbers
as a unique way to identify customers.
Identity theft cost businesses $47.6 billion and consumers $5 billion
in 2002, Federal Trade Commission estimates show.
Financial institutions regularly targeted by scammers include
Citibank, Wells Fargo, Washington Mutual, U.S. Bank, SunTrust, and
Capital One.
A common form of identity theft involving banks is "phishing," derived
from the act of computer thieves who "fish" for private data.
Phishers typically tell prospective victims in e-mails that there is a
problem with their accounts, and ask them to verify personal
information through a link to a real-looking Web site. They e-mail
either known customers of a particular bank, or many people with the
hope of reaching actual bank customers.
Many phishing e-mails contain return addresses at sites such as
Yahoo.com, or typographical or grammatical errors.
Among companies to have reported thefts of customer data this year are
data brokers ChoicePoint Inc. and LexisNexis, a unit of Anglo-Dutch
Reed Elsevier (ELSN.AS) (REL.L), as well as DSW Shoe Warehouse, a unit
of Retail Ventures Inc.
Meanwhile, Bank of America Corp. the No. 3 U.S. bank, last month
said computer tapes with credit card records of more than 1 million
U.S. government employees were lost.
NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . Hundreds of new articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, Associated Press.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml