|Received:||9/19/2006 6:59:43 PM|
|Agency:||Federal Trade Commission|
|Rule:||Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003|
Comments:My comments are being submitted a day past the due date, but may be appropriate to the discussion. I'm an Information Security Officer for a lending/grant agency, but I am not speaking on behalf of them. However, as a past identity theft victim (twice, approx. 15 years ago), I have taken great pains to secure my identity from theft in a number of ways. My professional work includes the need to monitor current security trends and observe daily exposures pertaining to information security and the loss or theft of records containing personal identification that is useful for someone to assume another's identity for unlawful purposes. Within my current job, I became aware of certain deadlines and practices that allow certain unlawful practices. For instance, loans/grants may require only an enrollment as proof for final eligibility for the disbursement of funds, but then enrollees immediately drop the class or never attend, having pocketed the money. While on a light rail train recently during an enrollment period for colleges, several young men were openly discussing how to defraud the colleges using the above method. While timing is important for the disbursement of funds to alleviate undue financial hardship, it seems to place verification of identity far behind. There are other means to defraud an institution, and red flags should be raised during suspicious sequential events. Schools that are the point of contact for such fund disbursements are pushing back in providing this service, despite their physical proximity to the enrollee and physically viewing forms of identification that can eliminate the assumption of another student's identification, which has recently been identified as the largest segment of stolen identification. (New credit histories, lack of experience in protecting ones own identification against identity theft.) Schools wish to be reimbursed for such efforts, which is understandable, but this form of verification should be a required step as a precursor to enrollment as a legitimate student. I have heard arguments regarding the need to push this to a higher level (ie, lending/funding organizations), but such organizations cannot complete the same level of verification that can be done in person at each educational establishment. I apologize for the tardiness of my comments. I was not made aware of the RFC period until today.