Will red flags detour ID theft? The new "red flag" rules under the U.S. Fair and Accurate Credit Transactions Act (FACTA) going into effect May 1 require U.S. banks and creditors to implement a program to identify, mitigate, and prevent potential consumer identity theft.
| Author | Swartz, Nikki |
| Position | PRIVACY |
[ILLUSTRATION OMITTED]
According to the U.S. Federal Trade Commission (FTC), consumers lose an estimated $50 billion annually to identity theft and recovery expenses. During 2007, the FTC received 813,899 consumer fraud and identity theft complaints, an increase of 21% over 2006. The commission also estimates that losses to U.S. businesses and financial institutions stemming from identity theft total nearly $53 billion annually.
The FTC hopes to reduce such losses with its Identity Theft Red Flag program, an update to the Fair and Accurate Credit Transactions Act (FACTA) of 2003. To meet the "red flag' requirements, all organizations that handle consumer credit accounts and transactions must conduct an identity theft assessment of their business and, based on those findings, develop measures to identify, mitigate, and prevent the theft of consumer data. The rules also require organizations to update their programs periodically.
The FTC had originally ordered all creditors and financial institutions to comply by November 1, 2008. However, as the deadline approached, the majority was not prepared, and the FTC agreed to suspend enforcement until May 1, 2009, By that deadline, more than two million organizations must have a program in place to identify warning signs of a possible identity theft, along with defined responses to such incidents.
What Are the Red Flag Rules?
The red flag requirements issued by the FTC and five federal bank regulatory agencies apply specifically to Section 114 of the FACTA Identity Theft Red Flags and address retail and business customers, existing and new accounts, and financial institutions and creditors, including credit and debit card issuers, among others.
The FTC said financial institutions and creditors who "offer or maintain covered accounts" must implement a red flag, or identity theft prevention, program. "Red flag rules apply to financial institutions and creditors like banks, credit unions, auto dealers, mortgage brokers, utility companies, and telecommunications companies," an FTC spokesperson said.
Such companies must implement written programs--which must be in place by May 1--to provide for the identification, detection, and response to patterns, practices, and specific activities, known as "red flags," that could indicate identity theft for both new and existing accounts.
The FACTA final rules and guidelines implemented in Section 114 of the act lists 27 possible red flags that a business may use as starting points to formulate an identity theft program.
(See sidebar.) They fall into five categories:
-
Alerts, notifications, or warnings from a consumer reporting agency
-
Suspicious documents
-
Suspicious personally identifying information, such as a suspicious address
-
Unusual use of--or suspicious activity relating to--a covered account
-
Notices from...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
