Skip main navigation (Press Enter).

Due Diligence and Ongoing Monitoring

View Only

Ncontracts State of TPRM 2026

Back to discussions

Expand all | Collapse all

Identity Theft and Red Flags

Anonymous Member08-23-2022 05:31 PM

This message was posted by a user wishing to remain anonymous Hello, I want to know how everybody handles ...

Bradley Martin08-23-2022 05:39 PM

If they can change the customers Address; they need a program. But if they share the program elements ...

1. Identity Theft and Red Flags

Like
This message was posted by a user wishing to remain anonymous
Posted 08-23-2022 05:31 PM
This message was posted by a user wishing to remain anonymous

Hello,

I want to know how everybody handles Identity Theft and Red flag due diligence. Do you ask all your vendors who have access to NPPI, or only vendors who are considered Financial Institution or creditor. (BTW, we are a Bank)

For example Ellie Mae informed us that they are not required to have a written identity theft program.

How about Payroll processing vendor?
Employee Benefits? Couriers? document shredding?

Thank you in advance for all the assistance.
2. RE: Identity Theft and Red Flags

Like
Bradley Martin
Posted 08-23-2022 05:39 PM
If they can change the customers Address; they need a program.
But if they share the program elements with you, that's a new risk (they shouldn't) As exposing what their controls are, opens the possibility that bad guys will find a way around them.

However, they can provide an attestation they have a program and it's audited at least annually.
And you can make certain you have a contract clause that describes both that they have a program; and what steps will be taken in the event a security breach exposes your clients, customers, consumers to potential Identity Theft.

------------------------------
Bradley Martin
bradleymartin.net
------------------------------

Powered by Higher Logic

Global message icon