How to Comply with the Red Flags Rule

The Red Flags Rule, or RFR, is one of the identity protection rules found in the Federal Credit Reporting Act (FCRA). More specifically, RFR deals with protecting individuals from identity theft when it comes to the day-to-day operations of organizations and businesses. This article will detail how organizations and businesses can comply with RFR.

Effective as of December 31, 2010, RFR mandates that financial institutions and creditors implement an identity theft program that will detect, prevent and mitigate identity theft when covered accounts are opened or maintained.

To fully understand RFR, it is important to understand how it defines certain terms. Below important definitions of these important terms:

Red Flag

Red flags are patterns, practices or specific activities that indicate the possibility of identity theft. This is a broad definition that is intended to apply to as many practices, patterns and specific activities as possible. Those who want more specific guidance should consult the 26 illustrative examples of red flags listed in the RFR.

Financial Institutions

Financial institutions are:

  • National or state banks
  • Federal or state savings and loan
  • Mutual savings associations/banks
  • Federal or state credit unions
  • Anyone who holds a consumer transaction account, either directly or indirectly

Creditors

Creditors are anyone who regularly extends, renews or continues credit, or arranges to perform any of these actions. This includes assignees that participate in credit decision-making.

Covered Accounts

There are two types of covered accounts, and RFR applies to both new and existing accounts:

  • Consumer accounts include:
    • Consumer credit card accounts
    • Checking/savings accounts
    • Mortgage accounts
    • Auto loans
  • Any other account that involves a reasonably-foreseeable risk to the consumer of identity theft. This definition includes:
    • Small business credit accounts
    • Sole proprietorship credit accounts
    • Single-transaction accounts

The focus when looking at covered accounts is how covered accounts are opened and accessed. Opening and (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/QOlJPocaPGI/