The Fight Against Identity Theft

As the world goes digital, so does crime. The rise in personal information being used electronically has led to an exponential jump in identity theft and the ways that thieves can use your identity. While businesses have attempted to enforce individual security policies of their own to protect your information, the federal government has preferred a more standardized approach.

Bodies like the Federal Trade Commission (FTC) have created a series of rules for key businesses to follow when managing your private information. One of the most important versions, the Red Flags Rule, should be required reading for businesses and consumers alike. These regulations are key steps in creating widespread policies to stop identity theft in its tracks.

Red Flags Rule

The FTC’s Red Flags Rule sounds beguilingly simple. Organizations with a hand in financial transactions – such as banks, creditors, and investment companies – must implement programs to detect potential identity theft. The more accurately organizations can pinpoint these “red flags” the more quickly theft can be spotted, and more effectively it can be prevented in the future.

Beneath this simple mandate is a series of more complex regulations requiring detailed compliance. In fact, some regulations were so encompassing that the FTC pushed back its compliance deadline several times to make room for clarification and adjustment, until the final deadline was set at the start of 2011. Key to the Red Flags Rule is the creation of Identity Theft Prevention Programs.

Identity Theft Prevention Programs

Thieves access identity information through unguarded online portals, security hacks, employee theft, and such a bewildering array of other methods that the most effective way for companies to spot trouble is by looking for signs of irregularity. To do this, the FTC requires the creation of a “playbook” or Identity Theft Prevention program based heavily in software notifications and statistics. The FTC does not provide this playbook – it is up to each company to create its own version that meets Red Flags standards. Generally speaking, companies that hold a financial account for a customer fall under these requirements.

Essentials of the program remain the same across such organizations. The program must monitor consumer accounts for patterns and specific activities that indicate (based on previous studies) a chance that someone has stolen access to an account. Internal software monitoring and external sources like news reports or past experiences can be used to help spot potential breaches. This part of the program requires significant software overhaul and is likely the most expensive part of the regulation.

The program must then send alerts to proper business leaders and detail appropriate responses to mitigate any damage. Responses should be appropriate, although the FTC lets businesses decide many details for themselves. Responses should at least include notification and confirmation steps before carrying out the transaction. All Identity Theft Prevention Programs should be designed to be living policies, changing along with technology, markets, and theft activities.

An important result of these requirements is consumer involvement in identity protection. Financial organizations must communicate red flags to their customers to solve identity issues. This leads to customers becoming more informed and educated about account activity and the signs of identity theft. In this way, customers can be on the watch for identity theft even in organizations that do not need to follow the Red Flags Rule. When the system works properly, it empowers consumers as much as it protects organizations from liability problems.

Looking to the Future

The Red Flags Rule is just one example of the way the federal government is responding to identity theft. Future regulations may well require banks to issue smart cards or conduct credit monitoring. Consumers may need to use iris scan technology when making a transaction (ATM, bank, or online), or download required identity apps and software to protect themselves. The goal, as always, will be to not only spot identity theft the moment it occurs, but to prevent it from ever happening in the first place. The Red Flags Rule is a good starting place, especially when it comes to gathering information, but it is only the beginning of the latest fight against theft.

Find Out More:

Mondaq: United States: FTC Red Flags Rule – Protecting Against Identity Theft

NACUBO: FTC Red Flags Rule