The US Government is starting to put their foot down on the incidents of ID theft. Everyone is becoming aware of the fact that ID theft is not an isolated purvey of email phishers, so US regulators are asking financial institutions to develop appropriate notification measures (for their customers, that is).
ID theft results in losses that number in the tens of billions per year, and growing fast. I have seen numerous announcements at bank sites, warning customers of what to and not to do when utlizing online services. But the notification issue is a good additional step, if done right.
California has a notification rule, but gives institutions several weeks leeway before having to take action. Spamroll can’t say it enough…a couple of weeks is a crime in itself! Customers who may fall victim to ID theft, at the hands of lax security protocols inside an organization trusted with their personal information, need to be notified yesterday! (read Drug dealing is big business…so is Phishing and Spamroll: Data Stolen from UC Berkeley, again, if you still don’t get what I am saying).
Some say that data is already regulated, and safeguards are in place. Not quite true. Section 607 of the Fair Credit Reporting Act does provide impetus for those in possession of personal data to properly handle it, but seems a little outdated for our fast paced, picobyte level world. Section 607 is just a few paragraphs, for goodness sakes.
What I am exceptionally curious about is whether regulators will put their money where their mouth is, or simply their foot. Asking financial institutions to make “some changes” is a far cry from requiring the implementation of strict guidelines. With billions upon billions at stake, you would think financial institutions would accept this as a foregone conclusion, but you never know.
Read the whole story over at IT-Analysis: Identity Theft – U.S. banking regulators take action.