140 likes | 147 Views
Learn about the Red Flags Rule, its application to financial institutions and creditors, compliance requirements, and steps to prevent and mitigate identity theft.
E N D
Getting the Green Light on the Red Flags Rule March 18, 2010
The Red Flags Rule • What is it? • Does it apply to us? • When do I have to be compliant? • What must we do to be compliant?
What is the Red Flags Rule? • Government requirements to help fight identity theft. • Located at: www.ftc.gov/redflagsrule • You have until June 1, 2010 to develop and implement a written identity theft prevention program.
To Whom Does the Requirement Apply? • Financial Institutions • Creditors – When government entities defer payment for goods or services, they are considered creditors. • Covered accounts like credit card accounts, cell phone accounts, checking and savings accounts - or – an account for which there is a foreseeable risk of identity theft.
Definitions A FINANCIAL INSTITUTION is • National Bank • Federal Savings Association • Mutual Savings Bank • Credit Union • Any other person that directly or indirectly holds a transaction account belonging to a consumer.
Definitions A CREDITOR is • Any person who regularly extends, renews or continues credit. • Any person who arranges for extension, renewal or continuation of credit. • Any assignee of the original creditor.
Definitions A COVERED ACCOUNT is • A consumer account designated to permit multiple payments or transactions. • Any other account for which there is a reasonably foreseeable risk from identity theft.
Does the Rule Apply to Government Entities? • Yes. Where municipalities provide services such as water, garbage pickup or electric, and bill (based on use) for the service after it was provided. • No. If you bill everyone the same flat fee, then it is considered a tax and you are not considered a creditor. • No. Tax bills, parking tickets and fines are not considered covered accounts even though they generate a liability. • Taking a credit card for payment does not automatically make your organization a creditor.
Compliance with the Red Flags Requirements To comply, you must implement a written Identity Theft Protection Program to: - detect/identify red flags or risks - prevent - mitigate identity theft in connection with covered accounts. You also must update the program periodically.
Step 1 – Identify Possible Identity Theft Identification of Red Flags – Have you . . . • Received notification from consumer reporting agencies? • Been presented with suspicious documents? • By a suspicious person? • Noticed suspicious activity on a covered account? • Received notice from a constituent, a victim of identity theft, or law enforcement authorities?
Step 2 - Prevention Do you have procedures in place to . . . • Verify identity? • Authenticate customers? • Monitor transactions? • Verify validity of address changes?
Step 3 - Mitigation To stop potential identify theft, you can . . . • Contact the customer • Change passwords • Close and reopen an account • Notify law enforcement • No response
Compliance with the Red Flags Requirements • There is NOT a specific procedure for what your organization needs to have in place. Procedures vary by type of business. • Bad procedures will expose you to greater risk. • Checking identification (ID) is one way to verify the customer is who they claim to be. Keeping copies of that ID will expose your organization to privacy concerns. • Don’t collect more data than you need. • Don’t ask for a Social Security Number if you don’t need it.
Red Flags – Internet Resources New “Red Flag” Requirements for Financial Institutions and Creditors Will Help Fight Identity Theft http://ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm The “Red Flags” Rule: Are You Complying with New Requirements for Fighting Identity Theft? http://ftc.gov/bcp/edu/pubs/articles/art10.shtm The Red Flags Rule http://ftc/gov/os/fedreg/2007/november/071109redflags.pdf Helpful examples of identity theft policies adopted by government entities: http://www.mrsc.org/subjects/pubworks/utibill/RedFlag.aspx FIND OUT ABOUT IDENTITY THEFT AND DATA SECURITY: The FTC’s Identity Theft Site http://www.onguardonline.gov/topics/identity-theft.aspx Protecting Personal Information: A Guide for Business http://ftc.gov/bcp/edu/pubs/business/idtheft/bus69.pdf Information Security Interactive Video http://www.ftc.gov/bcp/edu/multimedia/interactive/infosecurity/index.html