Banks: New Laws Not Needed To Guard Personal Information

Additional laws are not needed to protect banks from the fraudulent use of consumer information, industry officials agreed in comment letters to the Federal Reserve Board.

"We believe the best and most productive approach, instead of additional legislation, would be to allow banks to combat this problem through their own internal controls and additional security precautions," said David F. Mowrey, associate counsel for Mellon Bank.

Last year Congress gave the Fed until March 31 to study whether easy access to customer information, such as Social Security numbers, dates of birth, and bank account numbers, could cause security problems for banks.

Lawmakers mandated the study after some electronic data base companies began selling Social Security numbers. The increasing incidence of "identity theft," a crime where publicly available information is used to take over a person's identity, also prodded Congress to act.

L. Richard Fischer, counsel for Visa U.S.A. Inc. and MasterCard International Inc., said the associations "do not believe that the activities of organizations engaged in the business of making sensitive consumer information available to the general public have contributed significantly to financial fraud or risk of loss to insured depository institutions."

Industry officials voiced concern that any new laws could restrict the availability of the information used by banks to confirm customer identities for lending purposes and for verification systems to help reduce fraud. For instance, banks would not have the ability to collect on bad debt if previous addresses were not readily available.

"If a regulatory or legislative remedy is not properly drafted, it could have the effect of seriously impairing a huge amount of legitimate business in the effort to root out a comparatively small amount of individual fraud," Mr. Mowrey said.

Banking officials emphasized that they devote substantial resources to preventing and detecting financial fraud. While individual consumers have access to much of this data through credit reporting agencies, it is difficult for an unauthorized user to get this information.

"It is too valuable to the institution to allow anyone else to access it," said Marcia Z. Sullivan, director of government relations at the Consumer Bankers Association.

Sensitive information is most often acquired through illegal means, such as a stolen wallet or purse, the improper removal of information from consumer files, and, more recently, through illegal access to computers.

"Existing laws provide sufficient penalties for the unauthorized use of sensitive consumer identifying information," Ms. Sullivan said.

Customer privacy is protected by federal and state laws as well as bank regulations and internal institution policies. Compliance is regularly monitored.

"Fraudulent use of information originating from a financial institution is very minimal," said June M. Seay, assistant vice president of regulatory management at Richmond-based Signet Bank.

For further protection, Ms. Seay suggested requiring customers to use a personal identification number to cash checks or use credit cards.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER