Congress strengthens fraud protections, rolls back Dodd-Frank regs

A broad set of anti-fraud measures with bipartisan support from the U.S. Senate and House of Representatives was signed into law on May 24, 2018. The Economic Growth, Regulatory Relief and Consumer Protection Act (S. 2115) seeks to mitigate synthetic identity fraud, which involves criminal use of stolen Social Security numbers (SSNs) to secure loans and lines of credit. It also seeks to remedy portions of the 2010 Dodd-Frank Act, which drafters of the new legislation believe did not distinguish sufficiently between the huge financial institutions (FIs) that contributed to the 2008 crash and the smaller, community-based FIs that did not.

Regulatory relief

Section 201 of the bill grants relief to depository institutions and holding companies with total consolidated assets of less than $10 billion, including community banks and credit unions. The bill recommends that "appropriate Federal banking agencies shall issue regulations that allow for a reduced reporting requirement for a covered depository institution."

Key provisions of the act:

• Permit FIs with up to $250 billion in assets to operate with reduced regulatory oversight from the Stability Oversight Council
• Entirely exempt FIs with less than $10 billion in assets from certain rules, including the Volcker Rule, which bans some forms of speculative trades
• Require the Federal Reserve to take into account FI size when crafting regulations and not rely on one-size-fits all regs

An amendment devised to close a loophole that allows massive foreign banks to avoid regulations by tallying their U.S. assets in ways that enable them to fall under the $250 billion threshold was rejected. When enacted, the bill will delegate oversight to federal and state bank supervisors to ensure participating financial institutions remain within appropriate leverage ratios.

Protecting consumers, children

In addition, the bill, when enacted, will require the Social Security Administration to electronically authenticate borrowers within 24 hours by linking their personally identifiable information (PII) to its database. This will replace the current manual process for checking SSNs that relies on handwritten signatures and can take days to verify, according to federal authorities.

Security analysts have observed new attack vectors that use automation and artificial intelligence to detect user passwords, profiles and behavioral traits. The increasingly sophisticated attacks necessitate a proportional response from organizations to protect their networks, analysts noted. Robert Capps, vice president of business development at NuData Security, a Mastercard company, said passive biometrics and behavioral analytics can thwart attempted intrusions. These technologies can devalue stolen data and decipher between legitimate users from fraudsters, which protects consumers, merchants and financial institutions, he added.

Children are particularly vulnerable, Capps noted, because they do not have an immediate need to apply for loans or lines of credit. Victims may not learn their identities have been compromised until they become adults and are denied school loans or other forms of credit due to the false indicators of fraudulent behavior associated with their PII. This is why the U.S. government is taking steps to proactively prevent consumers and children from becoming a victims of fraud, he said.

"Synthetic identity theft is one of the reasons many ecommerce companies and financial institutions are turning to multilayered solutions that incorporate passive biometrics and behavioral analytics," Capp stated. "With these technologies, even when the consumer's static information (such as Social Security numbers, date of birth, and other data) is stolen, the breached credentials cannot be used to log into someone else's account or to make a fraudulent transaction, making the stolen data useless."

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.