05:00 PM
Connect Directly

American National Bank Thwarts ID Thieves

American National Bank covers its customers with an identity theft recovery solution.

A routine information security assessment triggered an ID theft prevention overhaul at American National Bank, a subsidiary of Denver-based Sturm Financial Group ($2 billion in total assets). "During our incident response review in mid-2006, we decided that our industry's standard practice for alerting customers was insufficient," explains Janet Pearson, EVP of technology, operations and training. "We wanted a system for repairing our customers' credit that went beyond the required notification letter."

Within weeks, ANB received a solicitation from Secure Identity Systems (SIS), a division of Brentwood, Tenn.-based First Payment Services. SIS offered a modular identity theft monitoring and recovery solution delivered on an application service provider (ASP) basis. "Although we already offered a credit bureau monitoring product, the SIS inquiry definitely spurred us to look more broadly at the solutions in the marketplace," Pearson recalls.

Soon afterward, proposed changes to the Fair and Accurate Credit Transactions Act (FACT Act) were announced. Among other things, the proposal mandated an identity theft prevention program to cover all customers, without exception. This pending regulation helped ANB narrow the field of technology vendors to three: its existing vendor, which Pearson declines to identify; SIS and one other contender.

"SIS was the most comprehensive," Pearson asserts. It not only monitored thousands of databases -- from credit bureaus to motor vehicle records -- it also provided a professional "personal advocate" to perform incident recovery chores and insurance to cover recovery expenses, according to Pearson. "Other vendors offered some recovery services, but they were primarily educational, ... leaving recovery and repair tasks to the customer," she adds.

In late 2006 Pearson presented a two-tiered business proposal to her CEO. First, blanket all account holders with a basic incident recovery service, which included the personal advocate and post-incident credit bureau monitoring. Additionally, ANB would offer a fee-based Plus product that added proactive daily monitoring of all SIS databases, automatic theft-attempt alerts and reimbursement of incident recovery expenses, including lost wages. "One goal of the fee-based product was to offset the basic service's costs [to the bank]," Pearson explains.

By January 2007 ANB closed a deal with SIS. "Operationally, our main task was developing mainframe codes to accurately report the number of covered individuals and coverage type," notes Pearson. "This determined our monthly SIS premiums."

ANB's only IT chore was adding the Plus program to its Web and intranet sites. "The resource-intensive tasks were establishing pricing and incentives, testing SIS internally, developing an advertising campaign and training our staff to up-sell customers to Plus," Pearson says.

When ANB went live with SIS in April 2007, it catapulted ANB into FACT Act compliance nearly 18 months ahead of the deadline and cut customer attrition. "Being first in our market to offer robust blanket coverage that goes beyond regulatory mandates has really helped us compete against the superregional and large national banks," Pearson reports.

The bank did uncover a flaw with the solution that the vendor has promised to resolve by the fourth quarter of 2008. "At present, the only alert mechanism is e-mail," explains Pearson. "This leaves out a percentage of the population that is, arguably, the most susceptible to fraud."

Still, SIS has paid dividends by flagging prior external identity theft incidents as well as recent attempts. "It's gratifying to see the relief on our customers' faces when they don't have to figure out how to recover on their own," stresses Pearson. "SIS has definitely been a value-add."

Case Study Profile

Institution: American National Bank (a subsidiary of Denver-based Sturm Financial Group).

Assets: $2 billion (Sturm Financial).

Business Challenge: Provide customers with leading-edge ID theft detection and recovery.

Solution: Secure Identity Systems' (a division of Brentwood, Tenn.-based First Payment Services) ID theft solution.

Anne Rawland Gabriel is a technology writer and marketing communications consultant based in the Minneapolis/St. Paul metro area. Among other projects, she's a regular contributor to UBM Tech's Bank Systems & Technology, Insurance & Technology and Wall Street & Technology ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.