Implementing the Red Flags Identity Theft Program

Financial institutions “usually suffer on average a $10 loss for every $1 lost by their customers” to identity theft[1] according to the American Bankers Association. Upgraded fraud-fighting procedures for organizations that extend credit are mandated by new federal rules and guidelines enacted in October. But even if banks cell phone companies utilities and other credit-issuing institutions weren’t required to implement these controls it only makes good business sense to protect their customers – and their organizations.

For the seventh year in a row identity theft[2] tops the Federal Trade Commission’s complaint list accounting for 36 percent of the 674354 complaints received between January 1 and December 31 2006. Identity theft increased more than 50 percent between 2003 and 2006 according to a Gartner Group study[3] with approximately 15 million Americans victimized in a twelve-month period ending in mid-2006. Average losses per victim doubled in most fraud categories. It’s one of the fastest growing crimes in America.

New rules for financial institutions
On October 312007 six federal agencies[4] issued final rules imposing identity theft requirements on financial institutions creditors credit and debit card issuers and users of consumer credit reports.  The new regulation enacts sections 113 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) and calls for every financial institution or creditor to develop and implement a written “Identity Theft Prevention Program.” The final rules became effective on January 1 2008 and full compliance is required by November 1 2008.

What do the rules require?
These new rules require three types of action.

”