GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Interchange: What gives?

Patti Murphy
The Takoma Group

News

Industry Update

Sun setting on PCI version 1.1

Bohemia, payments style

No wiggle room with Red Flag Rule

Processing for newbies

VeriFone turns triple play

Features

GS Advisory Board:
What's up in this downturn? - Part II

The payments doctor is in

ISOMetrics:
Interchange in brief

Industry Leader

Stuart C. Harvey Jr. –
In the zone

Views

Building relationships - priceless

Biff Matthews
CardWare International

Education

Street SmartsSM:
MLS compensation options

Jason Felts
Advanced Merchant Services

PCI vendors: Welcome to the jungle

Tim Cranny
Panoptic Security Inc.

What's your business?

Daniel Wadleigh
Marketing Consultant

Admit, own, fix your bloopers

Jeff Fortney
Clearent LLC

Reduce stress, raise retention

Curt Hensley
CSH Consulting

Be calendar-wise

Adam Atlas
Attorney at Law

Sweet-spot MLS training

Christian Murray
Global eTelecom Inc.

New Products

Mobile computing for feet on the street

Dolphin 9900 Mobile Computer
Honeywell International Inc.

Back office synergy online

Synergy Express
Jack Henry & Associates Inc.

Inspiration

Revamp that problem mindset

Miscellaneous

POScript

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

September 08, 2008  •  Issue 08:09:01

previous next

No wiggle room with Red Flag Rule

T he Nov. 1, 2008, deadline to comply with the FACTA (Fair and Accurate Credit Transactions Act of 2003) Identity Theft Red Flags Rule is looming. In light of that deadline, the Office of Thrift Supervision (OTS) unveiled new examination procedures Aug. 11, 2008, to determine deficiencies in financial organizations' ability to comply with FACTA's 37 red flags.

Additionally, OTS issued two prescriptive guidelines regarding address changes and discrepancies. Many financial institutions, therefore, are realizing they need to expedite implementation of the necessary policies and procedures.

Countdown for covered accounts

"The red flags apply to anyone that has a covered account," said Adam Elliott, President of ID Insight Inc. "This can be banks, issuers, insurance, retailers that offer credit or even 'bill me' pay options. In essence, anyone that grants credit. From a value chain perspective, this brings the processors into the fold."

Accounts covered under FACTA's Red Flag Rule are at possible risk of identity theft because they are credit card accounts, utility or cell phone bills, and medical insurance accounts that may contain Social Security numbers, driver's license numbers and other types of consumer data information.

"When something like this [Red Flag Rule compliance] comes up, the first thing the credit granters do is reach out to their processors to see what solutions they have that can help, since the processor is usually the one facilitating their fraud and risk services," Elliott added.

Six degrees of examination

Red flags are relevant indicators of a possible risk of identity theft. Section 114 of FACTA specifically explains rules about how to develop and implement a written ID theft prevention program. Red flag guidelines include 15 assessments related to three principal elements of the rule - address discrepancies, card or check requests within 30 days following address changes, and ID theft and red flag conformity.

In addition to overseeing and enforcing the two prescriptive guidelines, OTS examiners will undertake six procedures to test compliance with the 37 red flag guidelines. These procedures include:

Deadline carved in stone

The OTS requires that boards of directors approve their financial institutions' FACTA compliance programs by Nov. 1. The OTS also mandates that financial institutions implement programs to identify, detect and respond to ID theft indicators.

Elliott said this means all system changes, policies, procedures and training programs must be in place by the Nov. 1, 2008, deadline.

"One thing that came out of this OTS thing that caught our ears is that financial organizations are not making this a high priority. They think they can have a tentative plan in place and are counting on some flexibility until they get their first audit in February 2009," Elliott said. "But based on the OTS exam procedures, they want everything in place by November first, period."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems