Red Flags Rule Compliance
The "Red Flags" Rule, in effect since January 1, 2008, requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs - or "red flags" - of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate the damage it inflicts. The Red Flags Rule is enforced by the Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA).
Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. A creditor is broadly described as anyone who defers payment on a debt, or anyone who defers payment on goods or services. Accepting credit cards as a form of payment does not in and of itself make an entity a creditor. But creditors do include organizations such as finance companies, healthcare organizations, automobile dealers, mortgage brokers, utility companies and telecommunications companies.
Steps to prepare for the Red Flags Rule include:
- Develop & execute a more detailed information security program specific to preventing, identifying & mitigating "red flags"
- Required staff training
- Conduct regular vulnerability testing
- Written procedures for responding to and communicating information on a data security breach
- Increased record keeping for policies and procedures
Recommended Red Flags compliance solutions:
To speak with an expert about Red Flags Rule compliance you can fill out the Contact Me form on the left or call us at 800.234.2175 Option #2.
|
Click Here to download our Red Flags Rule Compliance information Sheet |
