1 / 14

Getting the Green Light on the Red Flags Rule

Learn about the Red Flags Rule, its application to financial institutions and creditors, compliance requirements, and steps to prevent and mitigate identity theft.

odessad
Download Presentation

Getting the Green Light on the Red Flags Rule

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Getting the Green Light on the Red Flags Rule March 18, 2010

  2. The Red Flags Rule • What is it? • Does it apply to us? • When do I have to be compliant? • What must we do to be compliant?

  3. What is the Red Flags Rule? • Government requirements to help fight identity theft. • Located at: www.ftc.gov/redflagsrule • You have until June 1, 2010 to develop and implement a written identity theft prevention program.

  4. To Whom Does the Requirement Apply? • Financial Institutions • Creditors – When government entities defer payment for goods or services, they are considered creditors. • Covered accounts like credit card accounts, cell phone accounts, checking and savings accounts - or – an account for which there is a foreseeable risk of identity theft.

  5. Definitions A FINANCIAL INSTITUTION is • National Bank • Federal Savings Association • Mutual Savings Bank • Credit Union • Any other person that directly or indirectly holds a transaction account belonging to a consumer.

  6. Definitions A CREDITOR is • Any person who regularly extends, renews or continues credit. • Any person who arranges for extension, renewal or continuation of credit. • Any assignee of the original creditor.

  7. Definitions A COVERED ACCOUNT is • A consumer account designated to permit multiple payments or transactions. • Any other account for which there is a reasonably foreseeable risk from identity theft.

  8. Does the Rule Apply to Government Entities? • Yes. Where municipalities provide services such as water, garbage pickup or electric, and bill (based on use) for the service after it was provided. • No. If you bill everyone the same flat fee, then it is considered a tax and you are not considered a creditor. • No. Tax bills, parking tickets and fines are not considered covered accounts even though they generate a liability. • Taking a credit card for payment does not automatically make your organization a creditor.

  9. Compliance with the Red Flags Requirements To comply, you must implement a written Identity Theft Protection Program to: - detect/identify red flags or risks - prevent - mitigate identity theft in connection with covered accounts. You also must update the program periodically.

  10. Step 1 – Identify Possible Identity Theft Identification of Red Flags – Have you . . . • Received notification from consumer reporting agencies? • Been presented with suspicious documents? • By a suspicious person? • Noticed suspicious activity on a covered account? • Received notice from a constituent, a victim of identity theft, or law enforcement authorities?

  11. Step 2 - Prevention Do you have procedures in place to . . . • Verify identity? • Authenticate customers? • Monitor transactions? • Verify validity of address changes?

  12. Step 3 - Mitigation To stop potential identify theft, you can . . . • Contact the customer • Change passwords • Close and reopen an account • Notify law enforcement • No response

  13. Compliance with the Red Flags Requirements • There is NOT a specific procedure for what your organization needs to have in place. Procedures vary by type of business. • Bad procedures will expose you to greater risk. • Checking identification (ID) is one way to verify the customer is who they claim to be. Keeping copies of that ID will expose your organization to privacy concerns. • Don’t collect more data than you need. • Don’t ask for a Social Security Number if you don’t need it.

  14. Red Flags – Internet Resources New “Red Flag” Requirements for Financial Institutions and Creditors Will Help Fight Identity Theft http://ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm The “Red Flags” Rule: Are You Complying with New Requirements for Fighting Identity Theft? http://ftc.gov/bcp/edu/pubs/articles/art10.shtm The Red Flags Rule http://ftc/gov/os/fedreg/2007/november/071109redflags.pdf Helpful examples of identity theft policies adopted by government entities: http://www.mrsc.org/subjects/pubworks/utibill/RedFlag.aspx FIND OUT ABOUT IDENTITY THEFT AND DATA SECURITY: The FTC’s Identity Theft Site http://www.onguardonline.gov/topics/identity-theft.aspx Protecting Personal Information: A Guide for Business http://ftc.gov/bcp/edu/pubs/business/idtheft/bus69.pdf Information Security Interactive Video http://www.ftc.gov/bcp/edu/multimedia/interactive/infosecurity/index.html

More Related