For more information: 
Phil Tschudy 608/231-7188  philip.tschudy@cunamutual.com
Rick Uhlmann 608/231-8940  rick.uhlmann@cunamutual.com

Jan. 17, 2008

Credit Unions Face Challenges in Combating Identity Theft
Latest Collaborative Study Defines ID Theft, its Causes, and How it Can be Prevented
 
MADISON, WI – Identity fraud generally represents the end of a multi-stage process, with the loss or theft of sensitive personal information enabling fraud.  A recently released report commissioned by credit union industry leaders indicates credit unions are unable to completely prevent leakage of personal information because too many parts of the custody chain are beyond their control.

These findings were included in “Combating Identity Theft: Leading Practices for Credit Unions.” The study was conducted to clarify the nature of identity theft and classify countermeasures in the credit union environment.  Research was conducted by the University of Wisconsin E-Business Consortium (UWEBC) and sponsored by CUNA Mutual Group, the Credit Union National Association and the Credit Union Information Security Professionals Association.

Identity theft has become an increasing problem and concern for companies and consumers across the country, with approximately 10 million people falling victim to identity theft annually.  Identity theft occurs when someone wrongfully acquires or uses another’s personal information (such as name, Social Security number, address, and financial account numbers) and uses that information to commit fraud.

Consumers are often concerned with identity theft and the potential fraud that follows, but financial institutions currently absorb most of the effects of the fraud, the report states.  In the U.S. in 2006, $56.6 billion were stolen through identity theft, with an average fraud per victim of $6,278. Much of these losses are covered by businesses. In 2004, businesses reported average monetary losses of $49,254.

Identity theft can happen in many ways, including via stolen or discarded property, through phishing, by thieves hacking into corporate databases, or by using social engineering to steal personal information from authorized custodians of such data.

Current efforts to prevent identity theft focus on the privacy of personal information. Most organizations, including credit unions, need to store the personal information of their customers in order to provide services. Once the consumer gives his or her information to a trusted business, it is up to that organization to keep the information private. The report concludes that more effort should be directed to verifying at the point of service that those receiving financial benefits are really who they claim to be.

“Sensitive personal information is difficult to protect, and the technology needed to protect that information with a high degree of confidence can be complex and expensive,” said Dr. Steve Arnold, researcher and consultant with UWEBC who led the study.  “There are many legacy systems that are difficult to update with new protection techniques. In addition, the business itself depends on fast and easy access to sensitive personal information for optimum service, which creates a counter demand to privacy protection within the organization.”

Because of the challenges credit unions face in battling identity theft, the credit union consortium and UWEBC decided to commission the study with the primary objectives being to:

1. Clearly define identity theft and the types of identity theft
2. Characterize how sensitive personal information is usually compromised
3. Determine how much sensitive personal information lost via each route is actually being used to commit fraud
4. Describe threats and defenses using attack tree diagrams, and
5. Use these results to recommend where identity theft prevention efforts should be focused.

The free research report is available online at http://www.UWEBC.org.

“Credit union executives will find this report valuable in their efforts to minimize the chances of identity theft and prioritizing their fraud-prevention resources,” said Gary Pate, director of insurance compliance and risk management for CUNA Mutual.

The survey builds on a series of successful annual research projects conducted collaboratively by CUNA Mutual, CUNA, other credit union groups and the UWEBC.

“This type of collaboration among credit union industry leaders, in conjunction with academia, is beneficial to helping credit unions compete in today’s fast-moving business environment,” Pate said.

The UW E-Business Consortium is Wisconsin's leading organization to help companies improve business processes through technology. Members, including the Midwest's leading companies, tap into world-class university resources and members’ collective experience to address and share strategic e-business and information technology challenges, best practices and lessons learned.

CUNA Mutual Group is the leading provider of financial products and services to credit unions and their members worldwide. More information on the company is available on the company’s Web site at www.cunamutual.com.