On November First of 2009, financial institutions and other creditors were ordered to comply with the Red Flag provisions of the Fair and Accurate Credit Transactions Act of 2003. The purpose of the Red Flag rules is to mitigate and prevent identity theft. Identity theft could be defined as any fraud involving people getting particular benefits by pretending to be someone else.
Broad in scope, the Red Flag rules define financial institutions as any organization that engages in insurance, banking, or similar activities, and a good amount of the definitions come with leeway to expand compliance demands. Any consumer account that involves multiple payments or transactions that is offered to organizations can be subject to the rules.
In a nutshell, the rules state that any financial institution or creditor that might be subject to a reasonable and foreseeable risk of identity theft should master an identity theft prevention program in order to remain in compliance. These programs should include identification on any activity that might be considered identity theft. They should go after red flags that have already been identified, and should take action to prevent and mitigate theft. Finally, period review and updating of red flags are necessary to comply with the Red Flag provisions.
Also, the Red Flag provisions mandate that an institution’s identity theft prevention program will be managed and written by senior company management. Training and overseeing this service are required.
Identity theft is an expensive and disparaging issue; business and consumer losses came to about $56.6 billion in 2005 alone. But when one considers how harmful identity theft can be to a business, not complying with these regulations can be even more expensive and harmful. Potential losses, costly investigations, regulatory fines and potential lawsuits are all negative consequences of non-compliance. It seems as though their best bet is to follow the rules.
Mallory Megan works for Rapid Recovery Solution and writes articles on medical collection agencies. Also published at Identity Theft Rules That Retailers Must Follow.