• United States




Red Flag Rules – a scramble among creditors

Apr 07, 20082 mins
Data and Information Security

I had dinner with a few CSO friends of mine the other night and heard a lot of grumbling about the “Red Flag Rules”. “Red Flag Rules” are provisions covered under Sections 114 and 315 of FACTA (the Fair and Accurate Credit Transactions Act of 2003) that require financial institutions to implement an identity theft prevention program to help stave off identity theft.

Specifically, FACTA amended the Fair Credit Reporting Act to require the federal banking agencies and the National Credit Union Administration jointly:

  • establish and maintain guidelines for use by each financial institution and each creditor regarding identity theft;
  • prescribe regulations requiring each financial institution and each creditor to establish reasonable policies and procedures for implementing these guidelines in order to identify possible risks to account holders or customers or to the safety and soundness of the institution or customers; and,
  • prescribe regulations applicable to card issuers to ensure that will flag typical indicators of fraud
  • notify consumers about significant address discrepancies on their credit reports which may indicate fraud

These rules went into effect this past January 1st and require full compliance by November 1, 2008. Interestingly enough, they don’t seem to have gotten much attention so it begs the question, “are financial institutions going to meet the deadline?” If you are a financial institution as determined by the Equal Credit Opportunity Act (anyone who arranges for the extension, renewal, or continuation of credit, including third-party debt collectors) you have a little less than seven months to get this all together. Better get going.

For more on CSO’s coverage of identity theft, check out Sarah Scalet’s article on “Five Ways to Fight Identity Theft“.