U.S. regulators Wednesday told banks to develop programs to quickly warn federal officials and customers of suspected cases of identity theft, a growing type of fraud that costs consumers billions.
The Federal Reserve Board of Governors joined other thrift regulators in demanding greater vigilance and quick action, after a flurry of recent announcements from banks and data companies that customer information had been stolen or lost.
The agencies are instructing banks to create response programs to address security breaches that involve sensitive customer information. These programs are to include procedures to notify customers about unauthorized activity that might cause “substantial harm” to them.
“If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible,” the agencies said.
Financial institutions may delay notification if that would interfere with a criminal investigation. But they must still notify their primary federal regulator of suspected identity fraud, even if customers are left in the dark.
Identity theft cost businesses $47.6 billion and consumers $5 billion in 2002, Federal Trade Commission estimates show.
Among companies that reported customer data thefts this year are data brokers ChoicePoint Inc. and LexisNexis, a unit of Anglo-Dutch Reed Elsevier.
And Bank of America Corp. last month said computer tapes with credit card records of more than 1 million U.S. government employees were lost.