Loading...

Stop guessing: Identity Theft Prevention Programs Require Consistency

Published: November 20, 2008 by Keir Breitenfeld

I’m working with many of our clients in reviewing their existing or evolving Red Flags Identity Theft Prevention Programs. While the majority of them appear to be buttoned up from the perspective of identifying covered accounts and applicable Red Flag conditions, as well as establishing detection methodologies, I often still see too much subjectivity in their response and reconciliation procedures.

Here are a few reasons why the “response” portion of a strong Red Flags Identity Theft Prevention program needs to employ consistent and objective process, decisioning, and actions:

1.Inconsistent or subjectively varied responses and actions greatly reduce the ability to measure process effectiveness over time. It becomes increasingly difficult for retro-analysis to identify which processes and specific steps in those processes were successful in either positively or negatively reconciling potential fraudulent activity. Subsequently, it clouds any ability to make effective or necessary changes to specific activities that may not be working well.

2.Examiners may focus heavily on the response portion of your program. During operational side by sides, or even written program reviews, the less ambiguity and inconsistency identified or perceived, the better. A quick rule of thumb for any examination: preempt any questions with exhaustive information and clarity. Examiners that don’t need to ask many, or any, questions are happy examiners.

3.Objective and consistent process allows for more manageable staff training. It is much easier to educate your staff around a justified and effective uniform process than around intuitive and haphazard procedures and consumer interactions. It is tough to set expectations with your staff if there are gaping holes in the activities they are expected to execute.

4.Customer experience will certainly be more positive, and less of a worry for managers, as inequity of treatment is removed from the equation. It is better to have each customer progress through similar steps toward authentication than varied ones from the perspective of time, perception, effectiveness, and convenience. Now, certainly, a risk-based approach allows for varied treatment based on that risk. The point here is more toward the need to apply those varied techniques consistently.

5.Social engineering. Fraudsters are pretty good at figuring out if an operational process is open to interpretation and manipulation. They’ll continue to engage in a process with the goal of landing with the right associate who may be following a more easily penetrable fraud detection method. Bottom line: keep the walls around your business the same height throughout.

Until next time, best of luck as you continue to develop and improve your Red Flags programs.

Subscription title for insights blog

Description for the insights blog here

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Categories title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Subscription title 2

Description here
Subscribe Now

Text legacy

Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source.

recent post

Learn More Image