As part of its ongoing effort to battle the growing identity theft blight, the Federal Trade Commission today outlined the programs banks and other financial institutions must offer for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.
Banks and other financial institutions typically account for about half of the identity theft complaints filed with the FTC and a recent survey showed Bank of America, JP Morgan, Capital One and Citibank topping the FTC list. That’s one of the reasons why under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program.
The FTC, federal bank regulatory agencies, and the National Credit Union Administration (NCUA) issued the Red Flags Rules as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003.
The final rules which must be in place by November 1, 2008, require financial and credit institutions that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts, the FTC said.
The program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft and enable a financial institution or creditor to:
· Identify relevant patterns, practices, and specific forms of activity that are “red flags” signaling possible identity theft and incorporate those red flags into the program;
· Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
· Ensure the program is updated periodically to reflect changes in risks from identity theft
Red Flags include such activities as:
· alerts, notifications, or warnings from a consumer reporting agency; suspicious documents;
· suspicious personally identifying information, such as a suspicious address;
· unusual use of – or suspicious activity relating to – a covered account; and
· notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts.
Of course it is unclear what would happen if an institution did not comply with the Red Flag requirements.
Last week in an effort to buttress its enforcement and better understand the scourge that is identity theft, the FTC said it plans to conduct a wide-ranging study of victims of the crime. The FTC is looking for people harmed by the crime and said the survey will examine the remedies available to victims under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Among other things, the FACT Act gave consumers the right to place fraud alerts on their credit files if they are, or suspect they may become, victims of identity theft; block information on their credit reports that resulted from identity theft; and obtain copies of their credit reports free of charge.
The FTC in February released the list of top consumer fraud complaints for 2007 and showed that for the seventh year in a row, identity theft is the number one problem and it is showing no signs of letting up. Of 813,899 total complaints received in 2007, 258,427, or 32%, were related to identity theft. Consumers reported fraud losses totaling more than $1.2 billion; the median monetary loss per person was $349, the report states.
Over the past five years, 43 U.S. states have adopted data breach notification laws, but such legislation has not cut down on identity theft.
Layer 8 in a box
Check out these other hot stories:
All hail the IBM mainframe: PSI genuflects, for a price
FTC recruiting identity theft victims
Rocket Racing League primed for blast off
NSFnet celebrates 20 years of Internet obscurity, inspiration
Layer 8 is Network World's daily home for the not-just-networking news.
Contact Layer 8
Layer 8 archive
|
|
Red Flag Rules
Your blog is interesting to say the least, but it doesnt touch on the depth of those regulations.
I am being told by everyone that doesnt want to face the truth that they dont have to comply with this law, WRONG, these rules are not for ONLY financial institutions, it is for anyone that uses credit in business, think about this... does your boss pay cash for your health insurance? How about your paycheck that is direct deposited? your employer has this same information that very well could be affected by this new law, and most business doesnt realize it.
Take a look at my blog and it is broken down further in the business area. http://geocities.com/debberchem@sbcglobal.net
Red Flag Rules
Good article, here are some additional facts. The final rulemaking for Section 114 of the Fair and Accurate Credit Transactions Act (FACTA) was announced on October 31st, 2007 and went into effect on January 1, 2008 with a final compliance date of November 1, 2008. Subject to the regulation are all financial institutions (banks, cu's) and a category called "creditors" which is any person or business who arranges for the extension, renewal or continuation of credit.
Specifically mentioned is utility companies, car dealers, telecom companies, health care companies, debt collectors, and there are others. It does not extend to anyone "using" credit in their business. It also does not apply to businesses who conduct single, non-continuing transactions where no ongoing customer relationship exists.
Of the businesses who ARE subject to the reg there are many that are not nearly ready for compliance. While there is no private cause of action, the rule creates a duty, violation of which may constitute actionable negligence. And when that negligence flows from a company's decision to violate or ignore a federal law designed to protect consumers, punitive damages are a very real threat.
NXG was the first to have information published about Red Flag and we remain the foremost authority on the subject, working with financial institutions, utilities, municipalies and health care companies. Visit www.redflagrules.net or www.nxgstrategies.com.
Red Flag Rules article & resources
Below is an article written regarding the new Red Flag rules & guidelines -
In addition, you can find a link to the final ruling and an online tool here -
Links for Red Flag Rules article & resources
Article - http://www.conetrix.com/articles/Identity-Theft-Red-Flags-the-readers-digest-version.aspx
Resources - http://www.conetrix.com/Identity-Theft-Prevention-Program.aspx