Presentation is loading. Please wait.

Presentation is loading. Please wait.

Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.

Published byHarvey Charles Modified over 9 years ago

Similar presentations

Presentation on theme: "Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines."— Presentation transcript:

1

2 Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines issued in October 2007 pursuant to the Fair and Accurate Credit Transactions Act requires implementation of an Identity Theft Prevention Program by November 1, 2008.

3 What is ID Theft “Identity Theft” has the same meaning as under 16 CFR 603.2(a) “A fraud committed or attempted using the identifying information of another person without authority.”

4 Legislation covers three main areas: Address Discrepancies Recipients of credit reports now must take action upon receipt of Address Discrepancy Indicators (ADI) with credit reports. Red Flags Red Flag Rules require development and implementation of a written Identity Theft Prevention Program to detect, prevent and mitigate identity theft. Duty of Card Issuers Card issuers that receive a change of address notice may not issue new cards within 30 days unless the address is validated.

5 Legislation covers three main areas: Address Discrepancies Recipients of credit reports now must take action upon receipt of Address Discrepancy Indicators (ADI) with credit reports. Red Flags Red Flag Rules require development and implementation of a written Identity Theft Prevention Program to detect, prevent and mitigate identity theft. Duty of Card Issuers Card issuers that receive a change of address notice may not issue new cards within 30 days unless the address is validated.

6 What is a Red Flag? A pattern, practice, or specific activity that indicates the possible existence of identity theft. Affects both new and existing accounts. Red Flag Categories  Alerts, notifications or warnings from a CRA  Suspicious documents  Suspicious personal identifying information  Unusual use of, or suspicious activity relating to, the covered account  Notices from customer, victims of ID theft, law enforcement authorities, or other persons regarding possible ID theft in connection with covered accounts held by the organization

7 Red Flag Requirements Four basic elements of an Identity Theft Prevention Program (ITPP): Identify Detect Respond Update

8 Red Flag Requirements Four basic elements of an Identity Theft Prevention Program (ITPP): Identify Detect Respond Update

9 To achieve compliance: – Perform a risk assessment to identify all covered accounts – For each covered account, identify relevant red flags that may indicate possible identity theft – For each red flag, identify appropriate detection and response procedures to detect and prevent possible identity theft – Develop a written identity theft prevention program – Obtain board of directors approval of the program – Provide training to appropriate staff – Monitor changes in identity theft and update program periodically – Oversee service provider arrangements – Review the program at least annually

10 Five Common Mistakes and Pitfalls 1.Approach compliance like any other Rule 2.Simply update existing Information Security Program 3.Consider all accounts as covered, include all 26 Red Flags 4.Ignore service providers, business partners. 5.Forget to implement periodic Program update process

11 Five Common Mistakes and Pitfalls 1.Approach compliance like any other Rule 2.Simply update existing Information Security Program 3.Consider all accounts as covered, include all 26 Red Flags 4.Ignore service providers, business partners. 5.Forget to implement periodic Program update process

12 What are the consequences? Non-compliance penalties can include: Civil Money Penalty for Each Violation Cease and Desist Order Lowering of Examination Rating Negative Publicity, Loss of Business Consumer Lawsuit

13 Alerts, Notifications or Warnings from a Consumer Reporting Agency 1.Fraud or active duty alert 2.Credit freeze 3.Address discrepancy 4.Inconsistent activity pattern

14 Alerts, Notifications or Warnings from a Consumer Reporting Agency 1.Fraud or active duty alert 2.Credit freeze 3.Address discrepancy 4.Inconsistent activity pattern

15 Suspicious Personal Identifying Information 10.Personal ID info inconsistent with external information 11.Personal ID info inconsistent with other ID info 10.Personal ID info inconsistent with external information 11.Personal ID info inconsistent with other ID info

16 Suspicious Personal Identifying Information, continued 12.Personal ID info associated with known fraud 13.Personal ID info is type commonly associated with fraud 14.Duplicate SSN

17 Suspicious Personal Identifying Information, continued 15.Duplicate address or telephone number 16.Incomplete required info 17.Personal ID info inconsistent with info on file 18.Inability to correctly authenticate via challenge questions

18 Red Flag Scope Some rules are flexible: Creditors can tailor program to fit the size/complexity of operation Creditors can incorporate existing policies and procedures Creditors should consider all 26 example Red Flags across the five categories Creditors should include the Red Flags that make sense in the context of their businesses More fine print: Each financial institution is responsible for making subjective determination of applicability of regulations for their customers/accounts

19 Some Helpful Web Links http://www.bankersonline.com/redflags/sr222appj_suppa.html http://www.bankersonline.com/regs/222/222-90.html http://www.bankersonline.com/redflags/focus_sis_redflagchecklist.html http://www.fdic.gov/news/news/financial/2007/fil07100.htmlhttp://www.fdic.gov/news/news/financial/2007/fil07100.html for FDIC FIL- 100-2007 (Identity Theft Red Flags) http://www.occ.treas.gov/ftp/bulletin/2007-45.htmlhttp://www.occ.treas.gov/ftp/bulletin/2007-45.html to view OCC Bulletin 2007-45 (Identity Theft Red Flags and Address Discrepancies) http://www.ots.treas.gov/docs/7/777079.htmlhttp://www.ots.treas.gov/docs/7/777079.html to view OTS 07-079 (Agencies Issue Final Rules on Identity Theft Red Flags and Notices of Address Discrepancy)

20 Questions?

Download ppt "Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines."

Similar presentations

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.

© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
WELCOME Iowa State University Identity Theft Prevention Program

WELCOME Iowa State University Identity Theft Prevention Program
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.

1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.

Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.

The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.
Identity Fraud Prevention 1 Copyright Identity Management Institute®

Identity Fraud Prevention 1 Copyright Identity Management Institute®
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A. 2618 Centennial.

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
©2012 CliftonLarsonAllen LLP 1 111 Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator. The Red Flag Rule Detecting, Preventing, and Mitigating.

The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator. The Red Flag Rule Detecting, Preventing, and Mitigating.
Red Flags 101. What It’s All About Section’s 114 and 315 of the FACT Act were implemented in October 2007 and became effective January 1, 2008. These.

Red Flags 101. What It’s All About Section’s 114 and 315 of the FACT Act were implemented in October 2007 and became effective January 1, These.

Similar presentations

Ads by Google