IDENTITY THEFT
UNDERSTANDING RED FLAG REGULATIONS
On Tuesday, October 31st, the Federal Trade Commission (FTC) adopted its “Identity Theft Red Flags and Address Discrepancies” Regulations. The final rules especially target the incidence of requests for changes of address followed closely by a request for an additional or replacement card as a common ID theft method of operation to watch. The rules also include an additional two dozen guidelines to help institutions root out other suspicious activity that warrants attention. The Red Flag Regulations will be the next compliance challenge for any business that originates or arranges credit or collects a debt.
The new regulations are an expansion of the Fair and Accurate Credit Transaction Act of 2003 (FACTA) and require businesses to create and implement a policy to identify and evaluate identity theft risks or "red flags" in an applicant's credit file.
Effective business policies and practices that spot attempted and actual identity theft early have great potential for relieving this national crime wave. Every year identity theft claims millions of victims. Victims spend millions of dollars and countless hours to clear their name. Add to this the emotional toll on victims that cannot be equated to dollars. Financial institutions and creditors write off billions annually in loss due to identity theft and other fraud. The magnitude and seriousness of fraud cannot be overstated.
Under the Red Flag Regulation, financial institutions, creditors and other businesses arranging credit or collecting debts must “periodically” determine whether it offers or maintains “covered accounts”. Each business that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account.
To learn more about Red Flag Regulations click here.
FLAG SPOTTING
Among more than 30 Red Flags, businesses should incorporate in their ID theft prevention programs, the proposed rule includes these Red Flags:
- Inconsistent activity patterns including, recent and significant increases in inquiries; an unusual number of newly established credit accounts and a significant change in credit use.
- Documents that appear altered; information not consistent with information on file; and photographs that aren't consistent with physical descriptions or appearance.
- Social Security Numbers (SSN) that can't be verified as issued or listed on the Social Security Administration's Death Master File; and a missing correlation between the SSN range and date of birth.
- Mail sent to the customer is returned as undeliverable although transactions continue to be conducted in connection with the customer's account; electronic messages are returned.
- Previously inactive accounts suddenly becoming active.
The name of an employee of the financial institution or creditor has been added as an authorized user on an account.
View Our Other Articles From This Issue of {see} Magazine