As banks and other financial services companies have come to rely more and more on technology, identity theft has become a prevailing problem for the industry.

It can happen in many ways: through a credit card purchase or loan, over the Internet or in person.

While banks have long had their methods for preventing unauthorized people from gaining access to their accounts, the problem is increasing and a 100 percent foolproof answer to the dilemma has yet to be found.

The possible ramifications for just one case of fraud on the Internet are staggering. Last spring, for example, agents working with the Federal Bureau of Investigation arrested two individuals in Wales for “alleged intrusions into e-commerce sites in several countries,” according to a statement made before Congress by Louis J. Freeh, director of the FBI. The actions of those two people alone resulted in the theft of credit card information from more than 26,000 accounts with losses expected to exceed $3 million.

According to research by the Gartner Group, a Connecticut-based research and strategy consultation firm, 17 percent of consumers reported that a checking or saving account had been fraudulently opened or accessed, while 11 percent said their names and credit histories were used to fraudulently obtain a loan. More than half reported that they had been the victims of credit card fraud.

While insurance policies protect financial institutions from these types of crime, the rising cost cannot be ignored, according to industry experts.

“Unless proper controls are established internally, by 2004 the business practices of U.S. financial services enterprises concerning consumer information will lead them to be blamed by the public as a main enabler of identity theft, resulting in pressure for stringent regulation of information reuse,” according to the Gartner research.

Knowing with a comfortable degree of accuracy that the person on the other side of the computer monitor is who he or she claims to be – and not a pretender in possession of a credit card – will become more important to financial institutions as they begin to use the electronic signature for mortgages, loans and agreements.

Equifax, which along with Trans Union and Experian makes up the so-called big three credit reporting agencies, recently launched a new product aimed at protecting consumers and merchants from identity theft through its Equifax Secure division.

“We are a full-service digital certificate authority. We secure transactions using PKI [public key infrastructure] technology. As we developed our digital … business it quickly became evident that [we must ensure customers] really are who they say they are. When it comes to verifying consumers, it becomes an unwieldy process,” said C. Richard Crutchfield, executive vice president and group executive for Equifax Internet Solutions.

Currently, the method for identification relies on “wallet data,” said Crutchfield. That means the consumer provides information that usually can be obtained from the person’s wallet, including Social Security number, card number or card expiration date.

The method is not foolproof, he said, because “they can verify that Rich Crutchfield exists and that he is alive … but they cannot verify if it’s him on the other end of the line.”

That’s where the Equifax Paynet Secure product comes in. When the customer registers on a certain site, a brokerage, for instance, Equifax’s product enables the verification of wallet data and asks the person to answer two to six questions whose answers can be verified through a credit report. Then the person is registered as the user and can immediately begin using the services. Until now, said Crutchfield, the customer would have to wait until the information is verified, which could take a few days, before he could begin trading in the case of a brokerage.

“What we do is validate the wallet data and the answers to the interactive query and issue a score that will validate that the consumer is who he or she says they are,” he said.

“This interaction with the consumer is only between Equifax and the consumer. The transaction is encrypted with 124-bit encryption. The consumer knows we are accessing their credit fields. They have to give permission for this,” he said. Using that added service is valuable to merchants because of the increase of criminal activity on the Web.

“Fraud on the Internet is significantly higher than in the physical world,” according to Crutchfield, who said such activity occurs online up to 12 time more frequently.

“There’s a growing demand to verify identity and prevent fraud for these [retail] types of transactions,” he said. However, while Equifax can make the transaction secure, it had to balance security with ease of use. According to Crutchfield, Internet merchants already have an abandonment rate of 60 percent before the final sale. “We don’t want to establish anything that would prohibit the customer [from completing a transaction] even more,” he said.

After the consumer registers, he is given an ID and password to use to sign in to the service. If he chooses to pay with an electronic check, Equifax can guarantee payment because its database allows it to check funds immediately.

Although the responsibility for protecting customer information is largely a consumer and merchant one, Equifax has launched itself into the market because of its background, he said. The company’s core competencies contribute to the development of the product, he said.

Although the Paynet product is for use largely in the retail Internet trade, Crutchfield said as banks move towards implementation of the electronic signature, they too will need a way to confidently validate identities.

“In the case of the mortgage industry, until the industry advances to a point where you don’t have to physically go and sign papers … I would guess the worst that could happen is that they wasted somebody’s time,” he said. “It’s the type of transactions that occur where you don’t have to physically present yourself that our product will work best in.”

Local Initiative
According to the Gartner Group, banks may be blamed by consumers for identity thefts even though they bear no real responsibility. Unless banks increase self-regulation, consumers may demand that more laws be enacted to safeguard accounts. But more regulations regarding protection of identities is not needed, according to testimony delivered by the American Bankers Association before Congress. What is needed, the association claims, is more stringent enforcement of current laws.

Protecting customer information while not thoroughly inconveniencing customers is a delicate balance, according to Tanya Duncan, director of federal regulatory and legislative policy for the Massachusetts Bankers Association.

In the physical world, banks are training and retraining their employees to guard against giving out information to the wrong person, said Duncan. “If they suspect suspicious activity, reporting that information” also is critical, she said.

Consumer and employee education is key, said Duncan. The bank should be able to direct the person how to proceed. “When this happens, the victim is overwhelmed and the first instinct is to call the bank,” she said.

Additionally, the MBA is launching a new initiative to educate consumers about how to prevent identity theft, according to Duncan. The new brochure should be released through the state in the first quarter of next year.

While guides to protecting consumer identity have been published by the FDIC, the Attorney General and the FBI, banks could do even more, according to the Gartner Group.

In a time when the labor market is tight, banks need to be extra cautious to perform background checks to weed out potential criminals. Mass mailing pre-approved credit cards increases the chances that fraud will occur as well as not immediately changing the addresses of customers who have moved. In addition, banks should limit who has access to customer information as much as possible, and prepare scripts for customer-contact personnel to follow to aid customers who have been victimized, the Gartner Group research concluded.