On January 12, the CFPB released a report that identified an uptick in identity theft reported by servicemembers. The report found that military consumers (defined as active duty servicemembers, veterans, and military family members) reported almost 50,000 cases of identity theft to the FTC in 2021. Additionally, military consumer complaints to the CFPB for debts resulting from identity theft increased from about 200 in 2014 to more than 1,000 in 2022.
The report highlights that while identity theft is of major concern for all consumers, it is particularly devastating for victims that are military consumers, who are often subject to continuing evaluation of their credit history and ability to meet all of their financial obligations as a part of their ongoing security clearance. It also found that common characteristics associated with being a servicemember likely make them more susceptible and attractive to identity theft, like multiple moves across state lines, which creates an increase of associated exposures such as online housing and employment searches.
Also emphasized in the report is the onus on financial institutions and creditors to have a concrete process of identifying identity theft and detecting certain criteria that are considered “red flags.” The CFPB referenced such responsibilities identified in the “Red Flags Rule,” which sets forth certain duties and obligations on creditors to have policies in place that detect, prevent, and mitigate identity theft, and can be enforced by various regulators. The CFPB also sets forth action that consumers, particularly servicemembers, can take in order to protect themselves from identity theft, such as: requesting a security freeze and notifying creditors when they are out of the country; regularly reviewing credit reports and disputing inaccuracies; and accessing free credit monitoring services.
Putting it into Practice: With the focus on the responsibility of financial instructions and creditors to implement an identity theft framework under the Red Flags Rule, such companies should consider:
- Reviewing and enhancing policies and procedures to identify the red flags of identity theft that may occur in day-to-day operations.
- Ensuring the efficacy of procedures to detect possible fake, forged, or altered identification.
- Taking appropriate actions when red flags are detected.
- Proactive updating of policies and procedures to account for new threats.