Privacy & Security

Identity Theft Kit

How to protect yourself from identity theft, and what to do if you suspect you may be a victim.




What is Identity Theft?

How Identity Theft Works

What You Can Do To Protect Your Identity

What Regions is Doing to Protect Your Identity

Who To Contact If You Are or May Be a Victim of ID Theft

How You Should Handle Your Regions Accounts

The Identity Theft Assistance Corporation (ITAC)

ITAC Description of Services and Agreement


At Regions, we take customer security seriously.

We value the relationships we have built with you and your family and hope that you never become the victim of identity theft. But, because identity theft is such a fast-growing crime, we want you to be aware of the basic precautions you can take to protect yourself. We have created the Regions Identity Theft Kit to help you understand the crime and minimize the risk. Included are safety measures and tips on safeguarding your personal information, performing online financial transactions, browsing the Web securely, and protecting your identity online.

In addition to providing you with information on how to protect your identity, we have also included an important contact list and information on what to do if you suspect that you have been a victim of identity theft. An Identity Theft Action Register also has been provided to help document the steps you may have to go through.


What is Identity Theft?

Identity theft occurs when a criminal takes your personal information — such as your name, address and Social Security Number — and uses it to establish credit and charge items to you.

Thieves can steal the information necessary to commit identity theft in a number of ways:

  • From discarded bills or statements
  • From a lost wallet
  • From stolen mail
  • By obtaining a copy of your credit report
  • From fraudulent Internet scams

How Identity Theft Works
Identity Theft can occur by using many different types of techniques. Some of the techniques are listed below:

There’s a new type of Internet piracy called “phishing.” It’s pronounced “fishing,” and that’s exactly what these thieves are doing: “fishing” for your personal financial information. What they want are account numbers, passwords, Social Security Numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.

In a typical case, you’ll receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies. The e-mail will probably warn you of a serious problem that requires your immediate attention.

It may use phrases such as “Immediate attention required,” or “Please contact us immediately about your account.” The e-mail will then encourage you to click on a button to go to the institution’s Web site. In a phishing scam, you could be redirected to a phony Web site that may look exactly like the real thing. Sometimes, in fact, it may be the company’s actual Web site. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information.

In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security Number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth.

If you provide the requested information, you may find yourself the victim of identity theft. Remember, REGIONS WILL NEVER ASK FOR THIS INFORMATION VIA E-MAIL.

Nigerian E-mail Scam (also referred to as “Advance Fee Fraud,” “419 Fraud” and “Help move money from my country”).

The scam operates as follows: the victim receives a fax, e-mail, or letter often concerning a business proposal or request to move money to the victim’s bank account. At some point, the victim is asked to pay a fee of some sort up front, be it an “Advance Fee,” “Transfer Tax,” “Performance Bond,” or to extend credit, grant COD privileges, or send back “change” on a cashier’s check or money order. If the victim pays the fee, there are often many “complications” which require still more advance payments until the victim either quits or runs out of money.

There are numerous variations on the scam such as the other party “paying” for a purchase with a check larger than the amount required and asking for change to be advanced:

  • Ordering items and commodities off “trading” sites on the Web and then cheating the seller.
  • “Over invoiced” or “double invoiced” oil or other supply and service contracts where the crooks want to get the funds out of Nigeria.
  • Crude oil and other commodity deals.
  • A “bequest” left you in a will.
  • “Money cleaning” where the scammer has a lot of currency that needs to be “chemically cleaned” before it can be used and he needs the cost of the chemicals.
  • “Spoof banks” where there is supposedly money in your name already on deposit.
  • Another common variation of the Nigerian type scam is the Internet sale scam. This is where the seller of merchandise over the Internet is contacted by e-mail and offered full price for their merchandise. The buyer then sends an altered, stolen or counterfeited check for several times the amount of the purchase and asks that the overpayment be returned by wire or official check. The merchandise is lost and the charge-back on the bogus check many times will overdraft the victim’s account.

Phony Identity Theft Protection or Credit Repair Scam
Credit repair scams offer to erase accurate negative information from your credit file so you can qualify for a credit card, auto loan, home mortgage, or a job. The Federal Trade Commission has warned that some companies claim to be identity theft prevention services but are, in reality, scam artists trying to get your driver’s license number, mother’s maiden name, Social Security Number and credit and bank account numbers. The FTC has advised consumers not to give out any personal information over the phone or online unless you are familiar with the business that is asking for it. If you are unsure about a firm, check it out with the Better Business Bureau before divulging the information they are asking for.

The scam artists who promote these services can’t actually do anything to help repair your credit. Be aware that they may recommend that you lie on a loan or credit application, misrepresent your Social Security Number, or get an Employer Identification Number from the Internal Revenue Service under false pretenses, all of which violate federal law.

“Your Account Needs to be Updated” Scam
These scams usually show up in your e-mail inbox with a message from the “System Administrator” telling you to perform some urgent maintenance on your account or to verify your account information and Social Security Number.

Special Visa®/MasterCard® Scam
This scam involves a phone call from a Visa or MasterCard “employee” trying to confirm unusual spending activity. They will then ask for the three-digit “Security Code” on the back of your credit card. You should not give the code on the back of your credit card to anyone unless you have initiated the call and it is to a reputable merchant.

“Free Credit Report” Scam
Almost all of the “free credit report” e-mails you receive are scams. Either the person is trying to find out your Social Security Number or will be billing you for a service later on. Do your homework and check out the company via the Better Business Bureau and Federal Trade Commission.

If you provide the requested information, you may find yourself the victim of identity theft. Remember, REGIONS WILL NEVER ASK FOR THIS INFORMATION VIA E-MAIL.

Dumpster Diving
Believe it or not, there are criminals who go through the trash of businesses or residences hoping to find confidential information about consumers. They may also visit dumpsters in hopes of finding records, mail, or other papers that have been thrown away.

Stealing from Mailboxes
Criminals will steal mail from mailboxes, both items placed there as outgoing mail by a resident or delivered by the postal carrier. The identity thief is looking for credit card bills, bank statements, credit card offers, and other mail that may contain personal identifying information.

Stealing Wallets, Purses, or Other Items
A lost or stolen wallet is often used by a criminal not only to use the stolen credit cards, but also to establish additional credit in the owner’s name.


What You Can Do To Protect Your Identity
There are steps you can take to protect yourself and your identity. Below are some basicreminders, including how to protect yourself online:

Bank Statements
Review your bank statements promptly and report any discrepancies or suspicious transactions immediately. Also, report any discrepancies you notice while performing other routine transactions (i.e., ATM transactions, online sessions, etc.). Report lost or stolen checks, ATM cards or Check Cards as soon as you discover they are missing.

Monitor Your Credit Report
Monitor your credit report annually for inquiries and accounts that you are unfamiliar with. You are entitled to receive one free credit file disclosure every 12 months from each of the nationwide consumer credit reporting companies -- Equifax, Experian and TransUnion. This free credit file can be requested through annualcreditreport.com or by calling 877-322-8228.

You have the option of ordering all three at the same time (which allows for comparison of data maintained by the three companies) or ordering one from each of the three companies at periodic intervals (which may alert you to any changes in your credit report).

Use Precautions With Your Mail
Make a habit of placing outgoing mail in a collection box or at your local post office. If you are going to be out of town or unable to pick up your incoming mail, ask a friend to retrieve your mail or request your Post Office to hold it for you. To make sure your statement is secure, consider moving from paper to an electronic format. You can enroll in Regions Online Banking with online statements at regions.com.

Use Precautions With Your Trash
Consider investing in a shredder. Don’t make the mistake of carelessly tossing out credit card statements with courtesy checks enclosed, credit card offers, mail, or any other paperwork that may contain personal information. Shred these items or tear them up finely so that a “dumpster diver” won’t be able to glean any facts from your trash.

Know Your Caller
Remember that identity thieves are skilled criminals who may use many different ruses to obtain information over the phone. They may pose as someone from your bank, credit union, utility company, or other company that you are known to frequent. Unless you have initiated the call, don’t give out any personal information over the phone to someone unknown to you.

Safeguard Your Personal Information
Your Social Security Number (SSN), credit card numbers, and other sensitive information are key pieces of information sought by identity thieves. Use good judgment in where and how you carry this information with you. For example, you generally don’t need to carry your Social Security Card with you, and you may only need to carry one credit card rather than multiple cards. Consider storing unneeded information in a secure location in your home or safe deposit box rather than in your purse or wallet.

User IDs & Passwords
Never provide your Internet password over the phone or in response to an unsolicited Internet or e-mail request. Regions will never ask you to verify your account information via e-mail. Web site user IDs and passwords are highly confidential and should never be given to anyone. Make sure that you choose ones that will be easy for you to remember but very difficult for someone else to guess, and never write your password down on a piece of paper. Don’t use your personal information as your user ID. Change your password every month or two. If someone has learned your password, change it immediately.

Online Banking Security Questions
If you use Regions Online Banking, do not give anyone the answers to your security questions. These questions are designed to protect your accounts from unauthorized access. One of these questions may be asked if our system detects an attempted login that falls outside of your usual pattern.

Divulging Personal Information on the Web
As you surf the Web and find sites that you enjoy, you may be asked to fill out forms and give personal information. Make sure you are aware of the company’s privacy policy. If you do not “opt-out,” they may sell or share your information with other parties.

Remember, Regions will not contact you by phone or by e-mail to ask for or to verify your Internet Banking Customer Number, PIN or any other sensitive information. If you contact the bank, however, we will ask for information that will allow us to verify your identity so we can ensure your privacy.

Monitor Your “Cookies”
“Cookies” are small files that Web sites place on the hard drive of your PC to access the next time you visit their site. For sites that you visit frequently, cookies keep track of what you’ve done there before and to make your browsing preferences more automated. Monitor all your cookie transactions by setting the security preferences on your browser to prompt you before accepting any cookies.

— In Netscape, select Edit > Preferences > Advanced, then check “Warn me before
accepting a cookie”.

— In Internet Explorer, select Tools > Internet Options > and click the Security tab. Click on Custom Level. Select Prompt for the sections “Allow cookies that are stored on your computer” and “Allow per-session cookies (not stored).”

— In Firefox/Mozilla, open the Edit menu > Preferences > Privacy & Security > Cookies, then choose between Disable or Enable options. If you want to be notified when a Web site tries to set a cookie, select “Warn me before storing a cookie.”

— In Safari, select Menu > Private Browsing.

Shopping on the Internet
Know the merchant. Purchase from only those companies that you feel comfortable with or those that take extra steps to communicate their honest intentions to you through well-displayed policies and seals from consumer organizations. The Federal Trade Commission maintains a Web site, consumer.gov, which includes buyer’s guides, tips, and links to helpful resources.

Use a credit card. It’s a good practice to pay with credit cards, because under federal law (and your credit card agreement) your liability for an unauthorized charge is limited to $50. When using a credit card online, do not give your credit card number unless you are entering it into a Web page that will encrypt the number.

Banking on the Internet
Bank Web sites are usually divided into two sections: the public Web site that anyone can access and the secure Web site that requires some combination of identification and passwords and can only be accessed by customers of the bank. As mentioned in the section on Browsers, if you are viewing or sending private information, look for secure or encrypted connections signaled by the “https” in the address bar of the browser or a closed padlock icon. Also, make sure that you don’t pass any personal information through a bank’s Web site except through a secure connection. If you do, you run the risk that someone else may intercept that information.

Before moving on to the next Web site, be sure to end your Internet banking session by logging out. If you don’t log out, your Internet banking session will continue until it automatically times out, which could take several minutes. In most cases, if you move on to another Web site without logging out, your banking information can still be accessed simply by clicking the Back button on the browser if you leave your computer unattended.

Paying Bills Online
You should pay your bills only through a secure Internet connection. As long as you protect the identity of your Internet banking ID and passwords, online bill payment is designed to be secure. All of Region's online bill pay payment processing is done through the Federal Reserve System, the same secure system used to process paper checks.

Browse the Internet Securely
Browsers are simply computer programs that your computer uses to communicate with Web servers and display Web pages. Information that you access on Web sites travels between your computer and a Web server through a series of computers and it’s not known to you which computers are going to handle your information. Therefore, several protection mechanisms have been created to ensure the secure transmission of your sensitive data. Encryption is one way of safeguarding your information when transmitted over the Internet. Encryption is the process of transforming data into a form unreadable to anyone except those who possess the decryption key.

— How does encryption work?
Before information leaves your computer, it’s coded using a special “key” that makes the information unreadable. While this scrambled information travels over the Internet, it is extremely difficult and impractical to decipher. Once it reaches its final destination, it’s decoded using another special “key” and turned back into a form that can be used.

Web browsers use either 40-bit or 128-bit encryption. With 40-bit encryption, there are billions of possible key combinations to unlock the code for each unique transmission, and only one of them works. 128-bit encryption is more than a trillion times more difficult to break than 40-bit encryption and even today’s ultra-powerful computers would take a very long time to figure out the keys necessary to decrypt a message. Regions uses 128-bit encryption throughout our Regions Online Banking Web site.

— How do I check for encryption?
Microsoft Internet Explorer 5.0 (or higher) and Netscape Navigator 4.6 (or higher) use 128-bit encryption and let you know when encryption is in use by displaying a locked padlock icon along the bottom of the browser and the letters “https” in the address bar of the browser.

— How to get a compatible browser
If your browser doesn’t support 128-bit encryption, you can download a new browser for free from Netscape or Microsoft by using the URLs listed below:

  • Netscape: http://channels.netscape.com/ns/browsers/download.jsp
  • Microsoft Internet Explorer: http://www.microsoft.com/downloads/default.asp

More Browser Safety Tips

  • Never open more than one browser or visit another, non-secured Web site while engaging in a secure online transaction.
  • Always close and restart your browser before and after using a secure session.
  • Turn off your “scripting behaviors” in your Internet Explorer. Some Web sites will not open with the scripts disabled and you may have trouble with your Web mail service. If so, you will need to set up URLs to get these working again. Again, reference your computer manual for directions or contact your help line to walk you through this process.
  • Set up software and hardware firewalls. Firewall programs can be purchased relatively inexpensively.
  • Disconnect from the Internet when you are not actively using it. Leaving your Internet
    connection open is like leaving your front door wide open all day and all night. If you
    leave your Internet open, anything can come in, anytime! Again, make it a habit to close
    your session.

Control Spyware
Spyware is a hidden program that is installed on a computer without the consent of the owner to secretly gather personal data. The information can then be used by advertisers or even hackers. Spyware can monitor keystrokes, passwords, credit card numbers, Web sites visited, and more. Virtually anything on your computer is available to spyware unless you protect yourself.

It is very common that spyware programs are poorly written and in many instances contain bugs that cause malfunctions of your computer such as unexpected crashes or a noticeable slowdown in performance. One way of protecting your computer is to uninstall software that you are no longer using. This is a good practice and will enable you to notice any new software that was loaded without your authorization.

Another means of being proactive is to always review the privacy policy of the company and the fine print of the license agreement before installing software. Spyware companies work hard to disguise their intentions and it is just as important to know how legitimate companies plan to use the information they collect.
Keep in mind that installing antivirus programs does not fully protect your computer from spyware. Utilizing specialized anti-spyware software is the best means of protection.

For a listing of anti-spyware programs, go to:


What Regions Is Doing To Protect Your Identity
Regions follows strict information security procedures designed to protect the confidentiality of your information. We also use the latest technology to ensure the confidentiality of your banking data. Advances in security technology occur frequently, and Regions continually evaluates our security environment to ensure that it provides the highest level of privacy and safety for our customers. We put the highest priority on protecting the safety, soundness, and security of financial transactions and the systems that those transactions depend on. We have listed a few of the security measures in place for your protection below. We have also provided steps for you to take to ensure the security of data on your computer.

Regions’ Internet Banking Security

  • Regions’ Internet products use the latest encryption technology to secure your data over the Internet. Encryption is the process of transforming data into a form unreadable to anyone except those who possess the decryption key.
  • For your protection, Regions uses 128-bit encryption throughout our Regions Online Banking Web site. If your browser doesn’t support 128-bit encryption, you can download a new browser for free by using the URLs listed on page 11 under “How to get a compatible browser”.
  • Regions uses multifactor authentication to protect your accounts through Online Banking. If our system detects an attempted login that varies from your usual pattern, you will be prompted to answer one of your previously established security questions.
  • Regions uses digital certificates to assure that when you access our secured Web sites, you are actually communicating with Regions and not an imposter.
  • If you receive an e-mail asking you to log into Regions Online Banking and it does not link to our official Regions Online Banking site at regions.com, do not divulge any personal information in response to that e-mail or in any Web page that e-mail links to.
  • Remember, our e-mails will always link to Regions Web sites. When we link to Regions Online Banking from an e-mail, the Address bar at the top of your browser will always say https://www.regions.com/
  • Regions Online Banking is a secure site so there will always be a locked padlock displayed in the lower right hand corner of your browser. Please do not divulge any personal information to a Web site that does not display the locked padlock. Make sure you check for the other hints listed here, as this padlock can be faked.
  • When we link to applications from our e-mails, the information in the address bar at the top of the browser will always contain “regions.com.”
  • Regions’ servers are physically secured and monitored 24 hours a day. They are also
    protected by Internet firewalls.
  • A sign-on is required before access is allowed to your data. Your PIN (Personal Identification Number) is displayed as asterisks when you enter it.
  • To prevent unauthorized access to your accounts when you step away from your computer, your Regions Online Banking session automatically signs off after 10 minutes. It is best to sign off or close your browser after completing your banking session.


A Victim of ID Theft
If you begin to get suspicious bills or phone calls from creditors about unknown debts, you may have been the victim of identity theft.
After verifying that the suspicious credit has, in fact, been opened using your personal information, you will need to do the following tasks:

  1. The first thing to do is call the local police and file a report and make sure to get a copy of the police report. You may need this copy to validate claims.
  2. Call all of your credit card companies and explain the situation, and close your existing accounts and open new ones. The same should be done with your bank accounts and investment accounts.
  3. Contact your local Department of Motor Vehicles. You may want to get a new driver’s license. Also, you will want to verify that a duplicate license was not recently issued in your name to an imposter.
  4. Contact the Social Security Department at 1-800-269-0271 if you suspect your number was used to obtain fraudulent accounts.
  5. Place a fraud alert on your credit reports and review each report by contacting the three credit bureaus listed below:
    — Equifax: 1-800-525-6285
    — Experian: 1-888-EXPERIAN (397-3742)
    — TransUnion: 1-800-680-7289
  6. Contact the U.S.Postal Inspectors Office or your local Post Office to report any crime
    involving stolen mail or use of the mail as part of a fraud scheme.
  7. Contact your health insurer to notify them of the theft, and to get a replacement card.
    Imposters may use your insurance card to obtain benefits. Your own health may be at risk if the imposter’s health information is added to a profile under your name if they receive treatment.
  8. File a complaint with the Federal Trade Commission. To file a complaint or to learn more about the FTC’s Identity Theft initiatives, visit consumer.gov/idtheft. If you don’t have access to the Internet, you can call the FTC’s Identity Theft Hotline (toll-free): 1-877-IDTHEFT (438-4338); TDD: 202-326-2502; or write:

    Identity Theft Clearinghouse
    Federal Trade Commission
    600 Pennsylvania Avenue, NW
    Washington, DC 20580

Use the Regions Identity Theft Action Register provided in this kit to document your process.


How You Should Handle Your Regions Accounts
You should first review all of your accounts for any suspicious activity or transactions either online at regions.com or by calling 1-800-REGIONS (734-4667). If you have determined that your Regions accounts have been compromised or you suspect that a Regions account exists that you did not open, please contact a Regions Banker at 1-888-987-6540.

If you determine that your Regions accounts have not been compromised we recommend that you:

  • Place a security password on all accounts. Doing so will assist us in keeping your information secure. Each time you contact us we will request your security password.
  • Review the address, phone number, and e-mail address on your accounts to ensure that we have the most accurate information.
  • Verify that you have, in your possession, all checks and cards issued on your accounts.

Information adapted from the federal bank, thrift, and credit union regulatory agencies.

The Identity Theft Assistance Corporation (ITAC)
Regions is a Founding Member of the Identity Theft Assistance Corporation (ITAC), which provides free services designed to ease the burden of identity theft victims. If you contact Regions to report identity theft regarding a Regions account, ITAC can assist you with concerns that you may have about fraudulent accounts being established at other banks. ITAC has also developed a “Uniform Affidavit for Identity Theft” which is included in this Identity Theft Kit. By completing the Uniform Affidavit for Identity Theft and the ITAC agreement you will receive assistance from ITAC in resolving your identity theft claim.


ITAC Description of Services and Agreement
The Identity Theft Assistance Center (ITAC) can help you find out if fraud has occurred at other financial companies and put you in touch with those companies.
You must sign and return this page in order to use the ITAC.

By signing below, you indicate that you read and understood the ITAC Description of Services and Agreement, and that you agree to its terms. You instruct and authorize the ITAC and any company performing services for the ITAC to (1) obtain credit report(s) from consumer reporting agencies (credit bureaus), (2) file a fraud alert on you behalf with the major nationwide credit bureaus, and (3) disclose the information the ITAC gathers from you and other sources to other financial services companies, government agencies (such as the Federal Trade Commission), and state and/or federal law enforcement agencies.

Signature ______________________________________________________________

Date Signed ____________________________________________________________

Please complete and return the signature page and the Uniform Affidavit for Identity Theft by faxing it locally to (205) 261-5642 or Toll Free to 1-866-209-5924, or by mail to the Regions Customer Protection CenterSM at:

Regions Customer Protection CenterSM
P.O. Box 413
Birmingham, AL 35201