FDIC issues study on identity theft;
seeks comments on possible
guidance to bankers
The Federal Deposit
Insurance Corporate (FDIC) has released a study on a type of
identity theft known as account-hijacking, one of the fastest
growing forms of identity theft in the country. The agency is
soliciting comments on the study that it hopes to use to formulate
guidance to bankers in 2005.
"Technology
is rapidly evolving and regulators need to ensure that information
safeguards for consumers and banks keep pace,” said FDIC Chairman
Don Powell. "ID theft is one of the fastest growing consumer issues
in America and our study is an effort to address the needed
changes."
Account-hijacking is the unauthorized access and misuse of existing
account information primarily through a scheme known as phishing.
Phishing is the process of sending tens of thousands of bogus
e-mails in the guise of legitimate government agencies and
businesses asking recipients to verify or provide confidential
financial information. The information is then used by criminals to
either steal a person"s identity or to hijack their accounts. This
form of identity theft is of particular concern to financial
institutions and to their customers.
A recent
study has estimated that nearly two million Internet users in the
U.S. experienced account hijacking during the 12 months ending April
2004. Of those, 70 percent do their banking or pay their bills
online and over half believed they received a phishing e-mail. Many
experts believe that the increase in identity theft will have the
effect of slowing the growth of online banking and commerce.
According to
the study released today by the FDIC, financial institutions and
their regulators should consider a number of steps to help reduce
online fraud, including:
Upgrading existing password-based single-factor
customer authentication systems to two-factor authentication.
Using scanning software to identify and defend
against phishing attacks.
Strengthening educational programs to help
consumers avoid online scams.
Placing a continuing emphasis on information
sharing among the financial services industry, government, and
technology providers.
The FDIC's study-Putting
an End to Account-Hijacking Identity Theft-is available on the
Web by
clicking here. Comments on the study are being solicited through
February 11, 2005, via email to:
IDTheftStudy@fdic.gov.