Signature

 

Phone: (703) 581-2389
PO Box 62
Merrifield, VA 22116-0062

 

CIVA

June 1, 2010, is just a few months away!

  Is your company compliant with "The Fair and
Accurate Credit Transactions Act (FACTA) of 2003" ?

Effective June 1, the fine for failure to comply with or violations of its provisions may run
as high as $3,500 for each
violation, or more.

Recent surveys suggest most
companies are still not compliant.

Croftware provides integrated identity management services.  Principal among these is its Croftware Identity Verification Analysis (CIVA™) service.

 It used to just make good business sense, now it's the law!

CIVA is an easy, effective, and affordable way to becoming complaint with FACTA.  Let us tell you how.

Download Brief Overview of CIVA

At the heart of CIVA is a unique electronic survey of national public records to confirm information provided by customers and clients claiming a specific identity.  Not only does the service confirm an individual's claimed identity and personal credentials (current and past addresses, phone numbers, etc.), the service also compiles a detailed personal history questionnaire that can be used to further verify an identity if need be.

Red Flag Importantly, this service satisfies at least 9 of the most challenging "red flag" checkpoint items required by the The Fair and Accurate Credit Transactions Act of 2003, now scheduled to go into full effect June 1 2010.
 

According to a Business Alert issued by the Federal Trade Commission in June 2008, the Red Flag Rules apply to a very broad list of businesses including "financial institutions" and "creditors" with "covered accounts".  

Some of the government and Commercial organizations covered by FACTA:

  • Automobile dealers
  • Banks
  • Finance organizations (except for those regulated by the Federal bank regulatory agencies and the NCUA)
    • State or national banks
    • A state or federal savings and loan association
    • A mutual savings bank
    • A state or federal credit union
    • Or any other entity that holds a “transaction account” belonging to a consumer
  • Mortgage brokers
  • Municipalities
  • Professional Services organizations 
    • Lawyers *
    • Accountants
    • Doctors and medical clinics
    • Dentists
    • Hospitals
  • Telecommunications companies
  • Utility companies
  • and so forth

* A recent district court has ruled FACTA does not include law firms.  The FTC is appealing the case.

This is not an all-inclusive list.  The FACTA definition includes all companies, regardless of size that maintain, or otherwise possess, consumer personal information for any business purpose.

In short, FACTA applies to any government agency (cities, towns, etc.) or commercial entity that extends credit to, establishes an on-going financial relationship with, or requests personal information from individuals.  The regulations apply to all businesses that have "covered accounts". A "covered account" includes any account for which there is a foreseeable risk of identity theft. For example, credit cards, monthly billed accounts like utility bills or cell phone bills, social security numbers, drivers license numbers, medical insurance accounts, and many others. Because of the broad definitions in these regulations, few businesses will be able to escape these requirements.

About the only type of business not covered by FACTA, normally, would be retail establishments such as restaurants or stores that simply accept credit cards as payment for services.

If, in addition to or in place of a credit card or cash, your firm or agency requests personal information (anything including one or more of the following: name, address, phone number, birth date, social security number, etc.), then you are required by FACTA to comply with the provisions of the Act.

Credit reports issued by any of the major reporting offices (e.g., Experian, Equifax, and TransUnion) will satisfy some of the information requirements of FACTA, but there are at least 9 requirements the answers classified under "suspicious personal identifying information" to which are not in the credit reports or routinely available from the credit reporting agencies.  These include:

Suspicious Personal Identifying Information--Red Flags

Red Flag Personal identifying information provided is inconsistent when compared against external information sources used by the financial institution or creditor. For example:
 
    ▪   The address does not match any address in the consumer report; or           
 
    ▪   
The Social Security Number (SSN) has not been issued, or is listed on the Social Security Administration’s Death Master File.
Red Flag Personal identifying information provided by the customer is not consistent with other personal identifying information provided by the customer. For example, there is a lack of correlation between the SSN range and date of birth.
Red Flag Personal identifying information provided is associated with known fraudulent activity as indicated by internal or third-party sources used by the financial institution or creditor. For example:
 
    ▪   The address on an application is the same as the address provided on a fraudulent application; or
 
    ▪   The phone number on an application is the same as the number provided on a fraudulent application.
Red Flag Personal identifying information provided is of a type commonly associated with fraudulent activity as indicated by internal or third-party sources used by the financial institution or creditor. For example:
 
    ▪   The address on an application is fictitious, a mail drop, or a prison; or
 
    ▪   The phone number is invalid, or is associated with a pager or answering service.
Red Flag The SSN provided is the same as that submitted by other persons opening an account or other customers.
Red Flag The address or telephone number provided is the same as or similar to the account number or telephone number submitted by an unusually large number of other persons opening accounts or other customers.
Red Flag The person opening the covered account or the customer fails to provide all required personal identifying information on an application or in response to notification that the application is incomplete.
Red Flag Personal identifying information provided is not consistent with personal identifying information that is on file with the financial institution or creditor. 
Red Flag For financial institutions and creditors that use challenge questions, the person opening the covered account or the customer cannot provide authenticating information beyond that which generally would be available from a wallet or consumer report.   CIVA is unique in its ability to create such questionnaires. 

For additional information or a meeting to discuss FACTA 2003 and CIVA, contact Croftware at:

Phone:  (703) 581-2389

E-mail:  Contact@croftware.net, or mail a note to:

Croftware - FACTA
POB 62
Merrifield, VA 22116-0062

 

CIVA is unique in its ability to answer
all 9 of these challenges!

In addition to the on-going CIVA service, FACTA also requires each covered entity to develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft.  The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Board of Directors or senior employees of the financial institution or creditor, include appropriate staff training, and provide for oversight of any service providers.

Additional information regarding FACTA 2003 can be found at:

http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml

Croftware has model plans in editable electronic format entities can modify to use as their response to FACTA.

In today’s environment it’s becoming increasingly important to know that the person you’re talking to or selling goods and services to is exactly who they say they are. Now with the help of cutting edge technology CIVA can assist you in determining, in real-time, the likelihood that the person you are talking to IS who they claim to be thus dramatically reducing potential losses. 

Real-Time Identity Verification & Authentication

Ø  Verifies and authenticates a consumer’s identity in seconds

Ø  Verifies Social Security number and name match

Ø  Verifies Social Security number status – valid, deceased, etc.

Ø  Verifies name and address match

Ø  Verifies name and driver’s license match

Ø  Verifies phone and name match

Ø  Verifies phone and address match

Ø  Checks for high risk status of address and phone

Ø  Verifies address type – residential, multi-use, etc.

Ø  Verifies address and driver’s license match

Ø  Verifies driver’s license is valid for the State issued

Ø  Verifies and presents age and date of birth

Ø  Standardizes full name as it appears in DMV database

Ø  Standardizes city, state, and zip as it appears in DMV database

Ø  Standardizes driver’s license address as it appears in DMV database

Ø  USA Patriot Act Compliant – “Know Your Customer”

Ø  Government watch list analysis – Office of Foreign Asset Control (OFAC)

Ø  Can initiate interactive historical questionnaire to authenticate identity

Ø  And much more!

CIVA WILL INCREASE YOUR PROCESS EFFICIENCIES, COMBAT FRAUD, SATISFY COMPLIANCE REQUIREMENTS, and AUTHENTICATE A CONSUMER’S IDENTITY IN A MATTER OF SECONDS!

CIVA was designed to defend businesses against fraud, identity theft, terrorism and money laundering. CIVA can be used by ACH processors, on-line merchants, software companies, car dealerships, financial institutions, payday loan operations, insurance companies, government, check cashing companies, brokerage firms and mortgage companies, to name a few. 

The CIVA Advantage

CIVA aggregates the highest quality data sources available today and combines them with sophisticated programming technology. The data sources totaling over 400, include: the Social Security Administration, Regional Bell Operating companies, credit header data, non-credit data, government watch lists and several proprietary sources.

CIVA optionally offers, at NO additional cost, the most effective identity authentication solution in the marketplace today. CIVA generates a series of “out of pocket” historical questions to authenticate the applicant. The correct person will answer quickly and easily without holding up the online transaction or line. The identity thief will struggle and depart to steal elsewhere. 

Sample Multiple Choice Questions

Ø  Which of the following addresses is or has been associated with you?

Ø  Which of the following zip codes is associated with this address?

Ø  Which of the following telephone area codes is associated with this address?

Ø  Which of the following names are associated with you?

Ø  Which of the following states was this address located?

Ø  Which of the following states was your social security number issued?

Customized Service

CIVA can deliver a raw data response or a customized result. Whether you need all the raw data, designated data, one question, five questions, or simply a customized risk score, CIVA can address your business needs. 

CIVA can be accessed in a number of ways. The most basic is through our easy to use web interface. For customers that desire an integrated solution, CIVA can connect through several options or provide a custom gateway. The system is written in ASP.NET with VB.NET for business logic using SQL Server 2000 designed to connect for data storage and retrieval. We expose interfaces to our data through SML over SOAP, XML over HTTPS, and XML through .Net Web Services. All encrypted with 128-bit SSL.

CIVA Services

Ø  Improves efficiencies by auto-populating exiting application process

Ø  Verifies and authenticates a consumer’s identity in seconds

Ø  Over 400 data sources - provides up to 72 response codes in a customized format

Ø  Complies with the USA Patriot Act – “Know your Customer”

Ø  Screens name against Office of Foreign Asset Control (OFAC) list Initiates interactive historical questionnaire to authenticate identity

Ø  Turn-key seamless integration tool to protect you and your clients

For additional information or a meeting to discuss how CIVA help with FACTA 2003 and other legislation, contact Croftware at:

Phone:  (703) 581-2389

E-mail:  Contact@croftware.net, or mail a note to:

Croftware - FACTA
POB 62
Merrifield, VA 22116-0062

See the Croftware Calendar for conferences we will exhibit.