<img src="https://secure.hall3hook.com/198388.png" alt="" style="display:none;">

FTC Privacy Rule Violations are so Easy!

Sean Trundy

NRF Loss Prevention Blog Article

In a very interesting blog article found an the National Retail Federation's Loss Prevention site (look here for the blog) Joe La Rocca, who runs the NRF's loss prevention discussed a very interesting situation.  Basically, he talked about how copying machines manufactured over the last 8 or so years have all come equipped with an onboard hard-drive that saves a digital image of every document ever copied on the machine.

He went on to imagine copiers from businesses who must, as a routine part of their daily operations, make photocopies of individuals' identity documents. Since copier machines are commonly "refurbished" and sold after the original user's lease has expired, essentially, whoever acquired the previously used copier would have access to thousands of private, personal documents.

What About all those Copies of Peoples' Identity Documents?

When I read this article, it made me think of a few things. First, for every image of a document on those copier hard drives, there must also be one or more "hard-copies" of that same ID document floating around somewhere in a file, a folder or - in many cases - a dumpster.  Second, it really seemed to me the best way to handle this type of process within a business would be to utilize a central image storage server and never have to deal with hard-copies, or a copying machine hard-drive at all.  In this way, such images could be firewalled and the images themselves could be encrypted.  

This makes a lot of sense for Bank Secrecy Act "financial institutions" such as such as banks, credit unions, government offices, casinos and others. These businesses are obligated to keep records of who their customers are (and what identity document they used to determine this) when that customer conducts certain types of "covered" transactions, such as borrowing money, wiring funds, purchasing money orders or requesting public records. In some cases, this information has to be maintained for up to 5 years!

We spoke to one credit union who had constructed a secured vault for storage of personal information on their customers.  In less than two years, the vault was full of paper files with photocopies of drive licenses, passports social security cards and other personally identifying information and they were scambling to figure out what to do.

With the  increasing requirements on BSA financial institutions to authenticate customer's identity documents as well as maintain long-term records of such authentication, more and more organizations will need to move to an automated image capture, ID verification, authentication and storage solution for their identity document related needs.


UVeritech, established in 2000, is a leader in multi-layer fraud prevention and counterfeit money detection solutions such as  UV Scanners, Automated Currency Detection, Image Capture, Verification and Authentication, pioneered POS counterfeit fraud detection scanners in enterprise accounts such as Wells Fargo, Bank of America, JPMC, Bank One, Regions, Compass, Citizens, PNC, and over 1000 credit unions. UVeritech is also a leader in government, hospitality, rental and the retail industries. For more information, call: 800.883.8822.


Leave a Comment

Blog posts

Related Articles.

Gary Satanovsky

Online Gaming Networks: The New Front in Identity Theft Fight

Credit card processing servers. Poorly secured corporate networks. Point-of-sale terminals in gas...

Read more
Gary Satanovsky

Protecting Children From Identity Fraud

Hardly a day goes by without a news report mentioning identity theft or giving a heart-rending...
Read more