Tuesday, October 21, 2008
Nov. 1, 2008, is the deadline to comply with the Identity Theft Red Flag Rule of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). The rule's guidelines contain examination procedures for credit grantors to help prevent identity theft and fraud by recognizing antifraud deficiencies within their organizations.
Eduard Goodman, Chief Privacy Officer and General Legal Counsel for Identity Theft 911 LLC, said the essential purpose behind FACTA's Red Flag Rule is to shift the burden of dealing with identity theft from consumers (who ultimately pay for financial institution losses with higher interest rates and tighter credit availability) to the U.S. business community.
"What the Red Flag provisions are saying is that, as a business, if you handle a covered account – accounts that permit multiple payments or could be subject to risk of ID theft or fraud – then you've got to put a program in place to at least spot the ID theft," Goodman said, adding that companies also need to "know how to properly react when they do spot" potential fraud.
Goodman said the impetus behind Red Flag rule compliance efforts "is that over the past decade the identity theft problem has spiraled out of control and has cost financial institutions billions of dollars.
"These provisions are a result of organizations, namely the OCC [Office of the Comptroller of the Currency], the NCUA [National Credit Unions Association] and the FTC [Federal Trade Commission], that have recognized that this is no longer a consumer-only problem. But the reality is that businesses are still the ones granting credit to people fraudulently – to their own risk and demise."
It is unlikely any government agency will start enforcing the Red Flag Rule on Nov. 2. However, Goodman stressed that identity theft harms all credit grantors (including merchants who offer credit), which suffer due to reduced consumer confidence, causing the businesses to lose established and prospective customers.
"People I have spoken to in the payments industry said that few financial institutions are going to meet the Nov. 1 date," Goodman noted. "With that said, they are not off the hook, so if a regulator comes in to look at your business continuity plans in 2009, and you don't have a red flag plan in place, you could run into problems as far as specific fines.
"The FTC takes these issues very seriously because they look at it strictly as a numbers game. … I would not want to be the test case, especially after seeing some of the fines that have been levied against companies just for privacy issues – multiple millions."
Goodman believes Red Flag compliance is ultimately good for business. "With U.S. privacy provisions, the government has always sort of tried to take a hands-off approach," he said. "It's more about teaching companies to recognize the importance of spotting possible ID thieves. And with Red Flags in place, you're going to experience less fraudulent losses and have less money out of pocket in the end."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.