Is Your Organization Prepared for the Red Flag Deadline?

Learn what steps you need to take before the November 2008 deadline

Even with the November 2008 deadline approaching, many organizations are not fully aware or have not started to comply with the new Red Flag Regulations. Who are they for? What do they do? Whom do they protect? What do I need to do to comply?

Created by the U.S. Department of Treasury and the Federal Trade Commission, Section 114 of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 (FACTA) was enacted in November 2007. The legislation requires each financial institution, bank or creditor that stores consumer accounts to develop specialized identity theft prevention programs.

These policies and procedures require solutions — which must be implemented by November 1, 2008 — that can identify patterns in consumer account behavior and flag those that could be of high risk.

>> Want to know more about Red Flag? Click here.

Specifically, the Red Flag Regulations require each financial institution and creditor that holds any consumer account — or any other account for which there is a reasonably foreseeable risk of identity theft — to develop and implement an "Identity Theft Prevention Program" for combating identity theft in connection with new and existing accounts.

The program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft and must enable a financial institution or creditor to:

  • identify relevant patterns, practices and specific forms of activity that are "red flags" signaling possible identity theft, and incorporate those red flags into the program;
  • detect red flags that have been incorporated into the program;
  • respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
  • ensure the program is updated periodically to reflect changes and risks from identity theft.

According to a March 2008 report by Gartner1, financial institutions are spending more on fraud and authentication solutions, but not because of the looming Red Flag deadline. Of the 50 U.S. banks surveyed, 60 percent "already consider themselves to be compliant with the Red Flag regulations of the U.S. Fair and Accurate Credit Transactions Act of 2003."

While, according to Gartner, these findings simply highlight trends and aren't concrete conclusions, many financial institutions are, in fact, in non-compliance. As found by their study, 40 percent of the U.S. banks surveyed are not ready for the Red Flag deadline in November.

What's important, however, is whether or not your financial institution is secure. The November 2008 deadline is on the horizon. U.S.-based banks should take stock of their security policies and solutions now and make the necessary changes.

1"Bank Spending on Fraud and Authentication Rises, but Not Due to Red Flag Regulations," Gartner, Inc., Avivah Litan, March 2008
Contact Us