Part I of a Four-Part Procedure for Compliance with Identity Theft Prevention Requirements
If your organization is involved in the financial services industry, or in any way has a regular practice of "extending, renewing or continuing credit" to your customers, then June 1st, 2010 is an important deadline for you.
The Joint Committee of the OCC, Federal Reserve Board, FDIC, OTS, NCUA and the Federal Trade Commission passed the final legislation for Section 114 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). The specific parts of FACTA which relates to preventing identity theft are known as the "Red Flag Rules".
This Red Flag Rules require that organizations handling "covered" transactions must develop and implement a written "Identity Theft Prevention Program" to DETECT, PREVENT and MITIGATE identity theft.
Enforcement for organizations subject to oversight by the Federal Trade Commission has been extended four times and is now pushed forward to June 1st, 2010.
Who Must Comply?
Banks, thrifts, mortgage lenders, credit unions, US branches and agencies of foreign banks, US commercial lending companies of foreign banks, and certain "creditors" which are defined as "any person or business who arranges for the extension, renewal, or continuation of credit". This specifically includes utility companies, car dealers, telecommunications companies, health care companies, and debt collectors. Many other types of organizations could also fall into this definition.
Which transactions are considered as "Covered"?
• A personal account that involves or is designed to permit multiple payments or transactions such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account, and
• Any other account for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.
What are the Requirements?
Part 1: LIST YOUR RED FLAGS
Organization must IDENTIFY relevant patterns, practices and specific forms of activity that are "red flags" signaling possible identity theft, and incorporate those red flags into their program.
1. Examples provided in Section 114, subpart J, Appendix A of FACTA.
2. The financial institution's or the creditor's own experience, and
3. Relevant identity theft methods and changes in identity theft risks.
Businesses must continue to monitor - and take steps to countermand - new and evolving methods that criminals are using to obtain and use the personal information of others.
In my next article, I wil outline Part II of the four-part procedures required under FACTA - "Detect Red Flags"
UVeritech, established in 2000, is a leader in multi-layer fraud prevention and counterfeit money detection solutions such as UV Scanners, Automated Currency Detection, Image Capture, Verification and Authentication, pioneered POS counterfeit fraud detection scanners in enterprise accounts such as Wells Fargo, Bank of America, JPMC, Bank One, Regions, Compass, Citizens, PNC, and over 1000 credit unions. UVeritech is also a leader in government, hospitality, rental and the retail industries. For more information, call: 800.883.8822.