OCC 2004-42
OCC Bulletin

Subject:      FFIEC Customer Brochure
Description:  Protecting Customers' Personal Financial 
              Information

Date:         September 8, 2004

 To: The Board of Directors and Chief Executive Officers of
     all National Banks, Department and Division Heads, and All
     Examining Personnel
 
 PURPOSE
 
 As bank customers increasingly use the Internet to perform
 banking functions, criminals are using more sophisticated
 methods to steal customers' passwords, and access codes and to
 obtain other personal and confidential information (e.g.,
 names, addresses, Social Security numbers).  To assist
 depository institutions' efforts in raising customer awareness,
 the Comptroller of the Currency (OCC) and other Federal
 Financial Examination Council (FFIEC) member agencies have
 developed the attached brochure outlining steps bank customers
 should take to reduce the risk of identity theft.
 
 BACKGROUND
 
 An industry organization, the Anti-Phishing Working Group
 (http://www.antiphishing.org), reports that identity theft
 frauds known as "phishing" attacks have increased significantly
 over the last year.  Phishing is a term used for criminals'
 attempts to steal personal financial information through
 fraudulent e-mails and Web sites designed to appear as though
 they were generated from legitimate businesses, financial
 institutions, and government agencies.  These scams are
 contributing to a rise in identity theft, and credit card and
 other Internet-based frauds.  E-commerce customers, including
 bank customers, have fallen victim to these scams.
 
 National banks should have information readily available to
 educate their customers about phishing attacks and related
 types of online fraud to help customers avoid becoming victims
 of these illegal activities.  These educational efforts should
 include information to help customers identify the potential
 risks associated with identity theft, as well as descriptions
 of the most frequently used fraudulent schemes.  Informed
 customers can help national banks identify many types of fraud.
 
 The attached brochure can be used to supplement national banks'
 customer education efforts.  The brochure, which can be used as
 a deposit or loan statement stuffer, identifies identity theft
 risks and the steps customers should take to reduce their
 chances of becoming victims.  The brochure also outlines
 practical steps customers should take if they fall victim to
 phishing attacks.
 
 The OCC encourages national banks to consider the use of this
 brochure, by either distributing the actual brochure to
 customers or posting it to their Web site.  National banks
 should also provide customers additional relevant educational
 information deemed appropriate.  A "camera-ready" version of
 the brochure is available on the OCC Web site at
 http://http://www.occ.treas.gov/consumer/PhishBrochFINAL-SCREEN.pdf for
 downloading.  For national banks that do not have access to the
 Internet, limited copies of the brochure can be obtained
 directly by contacting:
 
     Comptroller of the Currency
     Communications Division
     250 E Street, SW MS 3-1
     Washington DC 20219
     
     Attn: Publications
     
     Telephone: (202) 874-4700
 
 For questions concerning Internet fraud and phishing attacks,
 please contact Aida Plaza Carter, Director for Bank
 Information Technology at (202) 874-4740.
 
 
 
 
 
 ______________________________
 Mark L. O'Dell
 Deputy Comptroller for Operational Risk
 
 
 Attachment: Customer Brochure
           [http://www.occ.treas.gov/consumer/PhishBrochFINAL-SCREEN.pdf]