Thumbing their noses Customers take umbrage over bank policy requiring thumbprints

NH Business Review Staff,

Gail Jozitis isn’t the first person to walk out of a Bank of America with an empty wallet, incensed over the bank’s fingerprinting policy.

As is the case with all customers who don’t have an account with the bank, when she tried earlier this month to cash a check drawn on a Bank of America account, Jozitis was told she would have to provide a thumbprint in order to get the money.

“I told them, ‘In a pig’s eye!’ ” said Jozitis, 53, who lives in Litchfield. “How in the hell can they ask me for that? . . . Just because it’s their policy does not mean we have to go along with it.”

Until now, angry customers such as Jozitis could only guess what Bank of America does with all of the fingerprints it collects.

But last week, after years of publicly denying the practice, Bank of America admitted to The Telegraph that it stores the fingerprinted checks. However, it wouldn’t reveal where the prints are stored, how long they’re stored or who has access to them.

Regardless of those details, the idea that any entity has a database filled with fingerprints for an indeterminate amount of time makes privacy advocates and some lawmakers worried.

“The practice goes too far,” said state Rep. Neal Kurk, of Weare, cosponsor of a bill to outlaw the practice in New Hampshire. “Even if the FBI is not involved . . . the government could get that information. Not to mention, anyone could hack into that system and access that information.”

Controversial program

Bank of America, along with several other banks around the country, has used the “Thumbprint Signature” program for 10 years. It was originally developed by the Texas Bankers Association to fight check fraud and is now supported by bankers’ groups across the country.

The program was quietly rolled out in New Hampshire last fall. So far, Bank of America is the only bank in the state to implement the program.

As part of the program, non-account holders who want to cash a check drawn on Bank of America must provide two pieces of identification, along with a thumbprint on the check. If the person refuses, the bank won’t cash the check.

The bank says the practice is a deterrent to would-be fraudsters – proof that the person presenting the check is who he or she claims to be. It’s also a resource for law enforcement to identify a person if the check turns out to be fraudulent, the bank said.

The issue of who has access to bank records and for what purpose has been raised by civil and privacy rights advocates for several years.

“We’ve received quite a few complaints about the program,” said Beth Given, director of the Privacy Rights Clearinghouse, based in California. “The problem people have with the capture of fingerprints is that the data can be compiled into essentially a large database.”

The problem, she said, is not knowing what that information could ultimately be used for and by whom. Further, she said, people associate having fingerprints taken with being accused of a crime.

“People don’t like being treated like criminals,” Given said.

These questions were also raised last year by the American Civil Liberties Union of Massachusetts. The nonprofit civil-rights advocates issued a statement on Bank of America’s thumbprint program when it was rolled out in Massachusetts.

“While Bank of America says this measure is an effort to reduce and discourage check fraud, we believe the bank has taken a step that could endanger individual liberties,” the statement reads.

“Fingerprinting of customers is part of a recent trend in the taking and storing of biometric information. While technology is evolving at the speed of light, privacy laws that protect us from abuse have not kept up.”

The statement goes on to point out:

It’s unclear how the information is used.

Whether there are adequate prohibitions on the sale and sharing of this information.

Whether the information is stored properly or can be accessed by people who want to use the data for identity theft.

Whether there is evidence that the program is an effective deterrent to check fraud.

Further, under expansions of the Patriot Act, banks are required to get certain identifying information in order to help aid the government in routing out terrorists, if necessary.

Consumers such as Jozitis see the policy as an infringement of rights.

“I was raised to be grateful for the freedoms I have and not to take advantage of them or take them for granted,” she said. “And I do not have to go along with this.”

However, American Banking Association President Doug Johnson dismissed privacy concerns in the name of protecting against identity fraud.

“I think some of the privacy concerns are overstated to a certain degree,” he said, since the banks never use the thumbprints for anything other than purposes of comparison and identification in the context of check fraud.

Jerry Little, president of the New Hampshire Bankers Association, declined to comment on the policy, saying he never comments on individual banks.

He did say the association has spoken out against the passage of the bill that would prohibit banks from using biometrics to cash checks.

The bill, introduced into the New Hampshire House of Representatives in January, would prohibit banks from asking for fingerprints, DNA or blood to cash a check. The bill has been retained in committee.

Changing stories

Since the inception of the national “Thumbprint Signature” program, Bank of America has publicly maintained that it doesn’t store the thumbprint information, nor does it have a database of thumbprints.

Press releases and news accounts of the program dating back several years often quote Bank of America spokespeople as saying the bank doesn’t maintain a database of fingerprints.

As recently as July 15, Bank of America spokeswoman Tara Burke reiterated that point twice.

“We do not maintain a database of the thumbprints,” Burke said in a voicemail message. “The thumbprint goes on the check and then it’s sent to the national clearinghouse. We do not maintain a database of it. If a check is found to be fraudulent, the thumbprint is recovered and then provided to law enforcement authorities.”

This was also stated in an e-mail she sent the same day:

“We do not store the fingerprints on file. They’re on the checks which are sent to The Clearing Center. . . . You would need to contact them to see about storage and access,” Burke wrote.

But by July 20, after several Telegraph interviews with the clearinghouse, the story had changed.

“We store the checks with the thumbprints electronically,” Burke said in an interview that day. “Bank of America stores them; it’s not a third party. They are stored with Bank of America.”

When asked how long the checks with the thumbprints were stored and who has access to them, Burke said the bank doesn’t “break out that information for privacy reasons. It’s a matter of security.”

In those five days, confusion also ensued about the clearinghouse’s role in storing fingerprints.

The Clearing House, owned by 20 of the largest banks in the country – including Bank of America and Wells Fargo – acts as a go-between from one bank to another, handling money transfers, clearing checks and handling automated or online deposits and payments.

It also offers a program through which it will run a background check for prospective bank employees based on the candidate’s fingerprints.

When first asked about Bank of America’s thumbprint program and what The Clearing House’s role in the process was, company Vice President Sue Goold said all thumbprinted checks from all participating banks are sent from the banks via The Clearing House to the FBI.

“The bank images them and then truncates or destroys the check after they process the image,” Goold said. In the case of fraud, “They then get the information through us to the FBI and back through us. Then they do their own thumbprint comparison at the bank. The process differs a bit by bank, but the idea is that the bank can immediately start working with local law enforcement.

“It’s a backup. In most cases, they would try to identify someone that walked into a bank by the camera footage.”

She went on to say that Bank of America is on the “leading edge” of thumbprinting and the use of biometrics.

When asked about the practice of sending the thumbprinted checks to the FBI, Burke’s response via e-mail was, “We follow The Clearing House procedures.”

However, Goold, along with her press spokesman, Greg Berardi, later retracted her statements, saying they don’t send any fingerprints to the FBI except those sent to them as part of the fingerprint background program the company offers.

Goold and Berardi said there was some confusion when Goold made the statement in the previous conversation.

Bank of America “may or may not be” sending checks with thumbprints “to the FBI, but whether they are or not, we wouldn’t know, we never see the information,” Berardi said. “We were confused. . . . We are not in the business of sending fingerprints. We don’t do it.”

Three FBI spokesmen said they weren’t aware of any program in which banks send single thumbprints to the FBI to be checked against the thumbprint database, and said it was unlikely that the practice exists, since a 10-finger print is generally needed for identification purposes.

Burke declined to comment on the bank’s interaction with the FBI.

“If a check is found to be fraudulent, the thumbprint is recovered and provided to law enforcement authorities as appropriate,” she wrote in an e-mail on July 20. “We don’t provide details or steps to how we recover the thumbprint.

“As for working with the FBI, we don’t disclose details.”

CLARIFICATION: Bank of America keeps electronic file images of all cashed checks, some of which contain fingerprints. It does not keep a searchable database solely of fingerprints. The information was unclear in a story on Page A-1 of The Sunday Telegraph. The bank also maintains that fingerprints it collects are never distributed to a third party unless a check is suspected to be fraudulant, in which case they’re passed on to law enforcement.

More news from NHBR: