Fraudulently changing physical mailing-address records remained the most-common method thieves used last year to take over existing deposit and credit accounts in the United States, but fewer victims of account takeovers reported address changes as a cause than in previous years, according to a new report. Asked how their accounts were taken over, 42% of victims surveyed in October told Javelin Strategy & Research thieves fraudulently changed the preferred mailing addresses to receive account statements and other communications from their financial institutions or credit issuers. That is 17 percentage points less than in 2007, when 59% of account-theft victims said thieves changed their physical address information. "That's a good sign that 'red flag' rules are starting to work," says Mary Monahan, Javelin managing partner and the report's author. The Federal Deposit Insurance Corp., the Federal Trade Commission, the National Credit Union Administration and other federal financial institution regulatory agencies issued final rules and guidelines on identity theft "red flags" in November 2007 under the Fair and Accurate Credit Transactions Act of 2003. The rules require financial institutions and other creditors to establish written programs to prevent identity theft, including verification that legitimate accountholders intended to make address changes. The regulation went into effect in January 2008, and all agencies except the FTC began requiring full compliance with the rules starting Nov. 1. The rules are common-sense measures issuers should be eager to implement voluntarily, Monahan tells CardLine. "These are simple things, and they don't cost a lot of money," she says, citing as examples sending a mailing back to the old address and using e-mail and phone alerts to confirm address changes with accountholders. More cardholders also are opting out of paper statements to receive e-mail alerts and to check account information online, but issuers may not want to rely too heavily on only electronic methods to confirm address changes, Monahan adds. Thieves changed preferred e-mail addresses in 12% of the account takeovers survey respondents mentioned last year, up from 9% in 2007. "Fraudsters are very quick to catch on that banks are starting to use e-mail address changes," Monahan says. "They catch on, so issuers have to use multiple methods."