The Federal Trade Commission (FTC) and other federally financed regulatory agencies published their final rules and guidelines for regulating the fraudulent attempt to use private information without authority. The new regulations implemented Section 114 (Red Flag Guidelines) and Section 315 (Reconciling Address Discrepancies) of the Fair and Accurate Credit Transactions Act. The final rule became effective on January 1, 2008, and required financial institutions and creditors to develop and implement an identity theft prevention program by November 1, 2008.
The Identity Theft Red Flags Rule applies to any covered financial institution, credit and debit card issuers, users of consumer reports, and creditors that:
The identity theft prevention program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. The regulations require an institution to have:
Compliance with the Identity Theft Red Flags Rule is mandatory, but implementing an identity theft prevention program can lead to other positive results for your organization.
The objective of the Identity Theft Red Flags Rule is to establish, implement, and document an identity theft prevention program. The motivation is to achieve a common minimum-security level that protects account information. Foundstone Professional Services offers five services to assist you in achieving compliance:
Meeting the Identity Theft Red Flags Rule requirements could necessitate additional resources. With the help of Foundstone Professional Services, compliance will lead to a distinctly controlled environment, yielding the addition of several security controls within an organization.