1 / 20

Are You Ready?

Are You Ready?.

tayte
Download Presentation

Are You Ready?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Are You Ready? • Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines issued in October 2007 pursuant to the Fair and Accurate Credit Transactions Act requires implementation of an Identity Theft Prevention Program by November 1, 2008.

  2. What is ID Theft “Identity Theft” has the same meaning as under 16 CFR 603.2(a) • “A fraud committed or attempted using the identifying information of another person without authority.”

  3. Legislation covers three main areas: Address Discrepancies Recipients of credit reports now must take action upon receipt of Address Discrepancy Indicators (ADI) with credit reports. Red Flags Red Flag Rules require development and implementation of a written Identity Theft Prevention Program to detect, prevent and mitigate identity theft. Duty of Card Issuers Card issuers that receive a change of address notice may not issue new cards within 30 days unless the address is validated.

  4. Legislation covers three main areas: Address Discrepancies Recipients of credit reports now must take action upon receipt of Address Discrepancy Indicators (ADI) with credit reports. Red Flags Red Flag Rules require development and implementation of a written Identity Theft Prevention Program to detect, prevent and mitigate identity theft. Duty of Card Issuers Card issuers that receive a change of address notice may not issue new cards within 30 days unless the address is validated.

  5. What is a Red Flag? A pattern, practice, or specific activity that indicates the possible existence of identity theft. Affects both new and existing accounts. Red Flag Categories Alerts, notifications or warnings from a CRA Suspicious documents Suspicious personal identifying information Unusual use of, or suspicious activity relating to, the covered account Notices from customer, victims of ID theft, law enforcement authorities, or other persons regarding possible ID theft in connection with covered accounts held by the organization

  6. Red Flag Requirements Four basic elements of an Identity Theft Prevention Program (ITPP): Identify Detect Respond Update

  7. Red Flag Requirements Four basic elements of an Identity Theft Prevention Program (ITPP): Identify Detect Respond Update

  8. To achieve compliance: – Perform a risk assessment to identify all covered accounts – For each covered account, identify relevant red flags that may indicate possible identity theft – For each red flag, identify appropriate detection and response procedures to detect and prevent possible identity theft – Develop a written identity theft prevention program – Obtain board of directors approval of the program – Provide training to appropriate staff – Monitor changes in identity theft and update program periodically – Oversee service provider arrangements – Review the program at least annually

  9. Five Common Mistakes and Pitfalls Approach compliance like any other Rule Simply update existing Information Security Program Consider all accounts as covered, include all 26 Red Flags Ignore service providers, business partners. Forget to implement periodic Program update process

  10. Five Common Mistakes and Pitfalls Approach compliance like any other Rule Simply update existing Information Security Program Consider all accounts as covered, include all 26 Red Flags Ignore service providers, business partners. Forget to implement periodic Program update process

  11. What are the consequences? Non-compliance penalties can include: Civil Money Penalty for Each Violation Cease and Desist Order Lowering of Examination Rating Negative Publicity, Loss of Business Consumer Lawsuit

  12. Alerts, Notifications or Warnings from a Consumer Reporting Agency Fraud or active duty alert Credit freeze Address discrepancy Inconsistent activity pattern

  13. Alerts, Notifications or Warnings from a Consumer Reporting Agency Fraud or active duty alert Credit freeze Address discrepancy Inconsistent activity pattern

  14. Suspicious Personal Identifying Information • Personal ID info inconsistent with external information • Personal ID info inconsistent with other ID info

  15. Suspicious Personal Identifying Information, continued Personal ID info associated with known fraud Personal ID info is type commonly associated with fraud Duplicate SSN

  16. Suspicious Personal Identifying Information, continued Duplicate address or telephone number Incomplete required info Personal ID info inconsistent with info on file Inability to correctly authenticate via challenge questions

  17. Red Flag Scope Some rules are flexible: Creditors can tailor program to fit the size/complexity of operation Creditors can incorporate existing policies and procedures Creditors should consider all 26 exampleRed Flags across the five categories Creditors should include the Red Flagsthat make sense in the context of their businesses More fine print: Each financial institution is responsible for making subjective determination of applicability of regulations for their customers/accounts

  18. Some Helpful Web Links http://www.bankersonline.com/redflags/sr222appj_suppa.html http://www.bankersonline.com/regs/222/222-90.html http://www.bankersonline.com/redflags/focus_sis_redflagchecklist.html http://www.fdic.gov/news/news/financial/2007/fil07100.html for FDIC FIL-100-2007 (Identity Theft Red Flags) http://www.occ.treas.gov/ftp/bulletin/2007-45.html to view OCC Bulletin 2007-45 (Identity Theft Red Flags and Address Discrepancies) http://www.ots.treas.gov/docs/7/777079.html to view OTS 07-079 (Agencies Issue Final Rules on Identity Theft Red Flags and Notices of Address Discrepancy)

  19. Questions?

More Related