|
|
|
|
Red Flags for Business The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations. As a practical matter, the Rule applies to you if you provide products or services and bill customers later. Created by the U.S. Department of Treasury and the Federal Trade Commission, Section 114 of the Identity Theft Red Flags ad Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 (FACTA) was enacted in November 2007. The legislation requires each financial institution, bank or creditor that stores consumer accounts to develop specialized identity theft prevention programs. This regulation may affect anyone providing services where the consumer is invoiced monthly or provides the consumer with a payment plan. The new Red Flags Law became effective on January 1, 2008 with an original mandatory compliance date of November 1, 2008. However the FTC has suspended the enforcement deadline until November 1, 2009. Businesses failing to create and maintain a good faith compliance effort around a Red Flags program run the risk of fines for each violation of the law and exposure to a public relations disaster. Cost Effective Customized Solution Compliance +, LLC will provide a senior consultant to review the red flag rules with you, conduct a Risk Assessment, and develop a custom Red Flag Policy and Procedure Manual. Any adjustments required in current procedures will be discussed and solutions determined to satisfy compliance. Q&A on Red Flags offering: 1. What kinds of policies and procedures are included? · Overview Identity Theft Policy · Registration/Check in · Red Flags Review · Investigation of Suspected Identity Theft · Staff Training 2. How much of my staff’s effort is needed? An hour or so is needed to perform a Risk Assessment of your current practices concerning registration and financial transactions.
3. What are Red Flags? A Red Flag refers to a pattern, practice, or specific activity that indicates the possible existence of identity theft. Red Flags fall into five categories: 1. Alerts, notifications, or warnings from a consumer reporting agency 2. Presentation of suspicious documents 3. Suspicious personally identifying information, such as a suspicious address 4. Unusual use of – or suspicious activity relating to – a covered account 5. Notifications or Reports from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts.
4. How flexible is the Red Flag Rule? The Red Flag Rules require a risk-based approach. Each creditor must conduct a risk assessment in order to develop and implement a program that is appropriate to the size and intricacy of the organization and the nature and scope of its activities. 5. How does this differ from HIPAA? HIPAA protects data. Red Flags is different in that it assumes someone already has stolen someone else’s identity and is trying to fraudulently use it. |
Send mail to
webmaster@complianceplusllc.com with
questions or comments about this web site.
|
