The Red Flags Rule is a U.S. federal law that requires most every business and organization to develop and implement an identity theft prevention program. The purpose of the identity theft prevention program is to authenticate the identity of customers to reduce incidences of identity theft. Authentication is required when a new financial or credit account is opened or when a change is requested on an existing covered account. The law covers consumer and business accounts.
The broad definitions of “covered account” and “creditor” include most every business and organization. If a business or organization accepts payment for products or services after they are delivered, they are a creditor under the law and must comply. Those that only accept payment prior to or upon delivery are not creditors regardless of how payment is accepted—cash, check or credit card.
Compliance is risk based, meaning that entities must implement a compliance program that is reasonable and appropriate to cover the risks the organization is likely to encounter. For most entities, especially small businesses, compliance is simple, straightforward and will prevent fraud and financial loss by assuring the entity is doing business with a legal person or legal business, and not with an identity thief.
The Red Flags Rule was enacted on January 1, 2008 under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), the first revision to the Fair Credit Reporting Act (FCRA). Compliance under the Red Flags Rule was effective on November 1, 2008 for those entities under the purview of any of five federal banking and credit union regulators (OCC, Federal Reserve System, FDIC, OTS, NCUA). Compliance has been required on August 1, 2009 for those entities regulated by the Federal Trade Commission (FTC).
The law requires that entities regularly conduct a risk assessment to determine if they have covered accounts and to determine if they have any other accounts for which there may be a reasonably foreseeable risk to identity theft. If there are, a written identity theft prevention program is required to describe how the entity will authenticate customers that open new accounts, change existing accounts and access accounts electronically. The program also requires top-level management support and oversight as well as regular risk assessments and program review.
The law gets its name from methods commonly used to authenticate the identity of customers. For example, if new customers are authenticated by requesting picture identification and the picture and description of the person does not bear any resemblance to the person presenting the identification, this is a red flag.
You might also enjoy these:
Comments
This subject is becoming so much more important every year as we see so many Americans being targeted by identity thieves. It is now so big that Businesses across the world lose $221 billion a year due to identity theft. Since the FTC announced their plans to setup the Red Flags Compliance Rules, my colleagues and I have been working hard to assist companies with this, as we have all been involved in the Finance Risk Management industry for many years. If anyone needs any help with this, please do not hesitate to contact us and you can do this via our website at www.idsure.org. One of the biggest problem we find businesses and consumers have is actually identifying whether an "ID" like for example, a driver's license is a real one or not and this is how we can help. At a push of a button we can stop you being the target or stop others being the target of identity fraud.
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!