|Received:||9/18/2006 12:26:46 PM|
|Organization:||Virginia Credit Union|
|Agency:||Federal Trade Commission|
|Rule:||Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003|
Comments:Thank you for the opportunity to provide input on the proposed guidelines regarding address discrepancies and "red flags" which require financial institutions to implement the guidelines. I am responding on behalf of a state chartered credit union in Virginia. We have the following comments regarding the proposed guidelines: First, while the guidelines have addressed and we support a risk-based, flexible approach in implementing an identity theft prevention program, we believe there is room for shared responsibility between the consumer and the financial institution. Financial institutions must shoulder more and more of the responsibility for monitoring accounts, however, many times consumers have been negligent with their personal information, such as providing their social security number on their personal checks, or share their password with non-account owners. The added cost for monitoring accounts is passed on to all consumers, even those that are actively protecting their financial data. We also understand the need for the board of directors, or an appropriate board committee to approve the written program. We support a board delegating responsibility for the oversight of the program to senior management but do not believe an annual report should be required. One of the red flags listed is when an account is being used after being inactive for a long time. We believe the inactive period should be consistent with state law regarding "inactive" or "dormant" accounts rather than establishing a 2-year time period as indicated in the FACT Act. Regarding the list of "red flags" indicated in Appendix A, we have concern that some of those indicated in the list may give a false indication of identity theft. For example, invalid phone numbers occur frequently because so many people now use cell phones as their only phone and these numbers come up as invalid in screening programs because there is no central directory for them as there is for land line phones. Financial institutions should be allowed to include only those red flags that are truly indicative of identity theft, based on historical data at the institution. Thank you for the opportunity to provide comments. Please feel free to contact me with any questions.