June 1, 2010, is just a few months away!
Is your company compliant with
"The Fair and
Accurate Credit Transactions Act (FACTA) of 2003" ?
Effective June 1, the fine for failure to comply
with or
violations of its provisions may run
as high as $3,500 for each
violation, or more.
Recent surveys suggest most
companies are still not compliant.
Croftware provides integrated identity management services. Principal among these is its Croftware Identity Verification Analysis (CIVA™) service.
It used to just make good business sense, now it's the law!
CIVA is an easy, effective, and affordable way to becoming complaint with FACTA. Let us tell you how.
Download Brief Overview of CIVA
At the heart of CIVA is a unique electronic survey of national public records to confirm information provided by customers and clients claiming a specific identity. Not only does the service confirm an individual's claimed identity and personal credentials (current and past addresses, phone numbers, etc.), the service also compiles a detailed personal history questionnaire that can be used to further verify an identity if need be.
![]() |
Importantly, this service satisfies at least 9 of the most challenging "red flag" checkpoint items required by the The Fair and Accurate Credit Transactions Act of 2003, now scheduled to go into full effect June 1 2010. |
According to a Business Alert issued by the Federal Trade Commission in June 2008, the Red Flag Rules apply to a very broad list of businesses including "financial institutions" and "creditors" with "covered accounts".
Some of the government and Commercial organizations covered by FACTA:
- Automobile dealers
- Banks
- Finance organizations (except
for those regulated by the Federal bank regulatory
agencies and the NCUA)
- State or national banks
- A state or federal savings and loan association
- A mutual savings bank
- A state or federal credit union
- Or any other entity that holds a “transaction account” belonging to a consumer
- Mortgage brokers
- Municipalities
- Professional Services organizations
- Lawyers *
- Accountants
- Doctors and medical clinics
- Dentists
- Hospitals
- Telecommunications companies
- Utility companies
- and so forth
* A recent district court has ruled FACTA does not include law firms. The FTC is appealing the case.
This is not an all-inclusive list. The FACTA definition includes all companies, regardless of size that maintain, or otherwise possess, consumer personal information for any business purpose.
In short, FACTA applies to any government agency (cities, towns, etc.) or commercial entity that extends credit to, establishes an on-going financial relationship with, or requests personal information from individuals. The regulations apply to all businesses that have "covered accounts". A "covered account" includes any account for which there is a foreseeable risk of identity theft. For example, credit cards, monthly billed accounts like utility bills or cell phone bills, social security numbers, drivers license numbers, medical insurance accounts, and many others. Because of the broad definitions in these regulations, few businesses will be able to escape these requirements.
About the only type of business not covered by FACTA, normally, would be retail establishments such as restaurants or stores that simply accept credit cards as payment for services.
If, in addition to or in place of a credit card or cash, your firm or agency requests personal information (anything including one or more of the following: name, address, phone number, birth date, social security number, etc.), then you are required by FACTA to comply with the provisions of the Act.
Credit reports issued by any of the major reporting offices (e.g., Experian, Equifax, and TransUnion) will satisfy some of the information requirements of FACTA, but there are at least 9 requirements the answers classified under "suspicious personal identifying information" to which are not in the credit reports or routinely available from the credit reporting agencies. These include:
Suspicious Personal Identifying Information--Red
Flags
![]() |
Personal identifying
information provided is
inconsistent when compared against external
information sources used by the financial institution or
creditor. For example: ▪ The address does not match any address in the consumer report; or ▪ The Social Security Number (SSN) has not been issued, or is listed on the Social Security Administration’s Death Master File. |
![]() |
Personal identifying
information provided by the customer is
not consistent with other
personal identifying information provided by the
customer. For example, there is a lack of correlation
between the SSN range and date of birth. |
![]() |
Personal identifying
information provided is associated with
known fraudulent activity as
indicated by internal or third-party sources used by the
financial institution or creditor. For example: ▪ The address on an application is the same as the address provided on a fraudulent application; or ▪ The phone number on an application is the same as the number provided on a fraudulent application. |
![]() |
Personal identifying
information provided is of a type commonly associated
with fraudulent activity as
indicated by internal or third-party sources used by the
financial institution or creditor. For example: ▪ The address on an application is fictitious, a mail drop, or a prison; or ▪ The phone number is invalid, or is associated with a pager or answering service. |
![]() |
The
SSN provided is the same as that submitted by
other persons opening an
account or other customers. |
![]() |
The
address or telephone number provided is the same
as or similar to the account number or telephone number
submitted by an unusually large
number of other persons opening accounts or other
customers. |
![]() |
The person opening the
covered account or the customer
fails to provide all required personal
identifying information on an application or in response
to notification that the application is incomplete. |
![]() |
Personal identifying
information provided is not
consistent with personal identifying information
that is on file with the financial institution or
creditor. |
![]() |
For financial institutions and creditors that use challenge questions, the person opening the covered account or the customer cannot provide authenticating information beyond that which generally would be available from a wallet or consumer report. CIVA is unique in its ability to create such questionnaires. |
E-mail:
POB 62
Merrifield, VA 22116-0062
CIVA
is unique in its ability to answer
all 9 of these challenges!
In
addition to the on-going CIVA service, FACTA also
requires each covered entity
to develop a written program that identifies and detects
the relevant warning signs – or “red flags” – of
identity theft. The
program must also describe appropriate responses that
would prevent and mitigate the crime and detail a plan
to update the program. The program must be managed by
the Board of Directors or senior employees of the
financial institution or creditor, include appropriate
staff training, and provide for oversight of any service
providers.
http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml
Croftw
In today’s environment it’s becoming increasingly important to
know that the person you’re talking to or selling goods
and services to is exactly who they say they are. Now
with the help of cutting edge technology CIVA can assist
you in determining, in real-time, the likelihood that
the person you are talking to IS who they claim to be
thus dramatically reducing potential losses.
Real-Time Identity Verification & Authentication
Ø
Verifies and authenticates a consumer’s identity in
seconds
Ø
Verifies Social Security number and name match
Ø
Verifies Social Security number status – valid,
deceased, etc.
Ø
Verifies name and address match
Ø
Verifies name and driver’s license match
Ø
Verifies phone and name match
Ø
Verifies phone and address match
Ø
Checks
for high risk status of address and phone
Ø
Verifies address type – residential, multi-use, etc.
Ø
Verifies address and driver’s license match
Ø
Verifies driver’s license is valid for the State issued
Ø
Verifies and presents age and date of birth
Ø
Standardizes full name as it appears in DMV database
Ø
Standardizes city, state, and zip as it appears in DMV
database
Ø
Standardizes driver’s license address as it appears in
DMV database
Ø
USA
Patriot Act Compliant – “Know Your Customer”
Ø
Government watch list analysis – Office of Foreign Asset
Control (OFAC)
Ø
Can
initiate interactive historical questionnaire to
authenticate identity
Ø
And much more!
CIVA WILL INCREASE YOUR PROCESS EFFICIENCIES, COMBAT FRAUD, SATISFY COMPLIANCE REQUIREMENTS, and AUTHENTICATE A CONSUMER’S IDENTITY IN A MATTER OF SECONDS!
CIVA was designed to defend businesses against fraud, identity
theft, terrorism and money laundering. CIVA can be used
by ACH processors, on-line merchants, software
companies, car dealerships, financial institutions,
payday loan operations, insurance companies, government,
check cashing companies, brokerage firms and mortgage
companies, to name a few.
The CIVA Advantage
CIVA aggregates the highest quality data sources available today and combines them with sophisticated programming technology. The data sources totaling over 400, include: the Social Security Administration, Regional Bell Operating companies, credit header data, non-credit data, government watch lists and several proprietary sources.
CIVA optionally offers, at NO additional cost, the most effective
identity authentication solution
Sample Multiple Choice Questions
Ø
Which
of the following addresses is or has been associated
with you?
Ø
Which
of the following zip codes is associated with this
address?
Ø
Which
of the following telephone area codes is associated with
this address?
Ø
Which
of the following names are associated with you?
Ø
Which
of the following states was this address located?
Ø
Which
of the following states was your social security number
issued?
Customized Service
CIVA can deliver a raw data response or a customized result.
Whether you need all the raw data, designated data, one
question, five questions, or simply a customized risk
score, CIVA can address your business needs.
CIVA can be accessed in a number of ways. The most basic is
through our easy to use web interface. For customers
that desire an integrated solution, CIVA can connect
through several options or provide a custom gateway. The
system is written in ASP.NET with VB.NET for business
logic using SQL Server 2000 designed to connect for data
storage and retrieval. We expose interfaces to our data
through SML over SOAP, XML over HTTPS, and XML through
.Net Web Services. All encrypted with 128-bit SSL.
CIVA Services
Ø
Improves efficiencies by auto-populating exiting
application process
Ø
Verifies and authenticates a consumer’s identity in
seconds
Ø
Over
400 data sources - provides up to 72 response codes in a
customized format
Ø
Complies with the USA Patriot Act – “Know your Customer”
Ø
Screens
name against Office of Foreign Asset Control (OFAC) list
Initiates interactive historical questionnaire to
authenticate identity
Ø
Turn-key seamless integration tool to protect you and
your clients
E-mail:
POB 62
Merrifield, VA 22116-0062