How to Comply With the Red Flags Rule

Identity Theft Prevention Program

• 1

  Create an identity-theft-prevention program. The program should contain written rules and procedures that would help in the detection of red flags. The FTC website has a free template for creating an identity theft prevention program. The template can be found at "Complying With The Red Flags Rule."

• 2

  Analyze any patterns, practices and other activity within your business that exhibit an identity-theft risk. These activities are to be identified as red flags. An example of a red flag is an inconsistency between a person's photo ID and his actual appearance.

• 3

  Integrate red flags into the identity-theft-prevention program to assist in the consistent monitoring of suspicious activity. Record any suspicious activity in the written rules and procedures of the program so they can be automatically detected. Also, train staff to be able to spot red flags.

• 4

  Detect red flags by monitoring your company's identify-theft program closely. Keep a written log of all activity regarding the identity and habits of customers. Train employees to detect suspicious activity and write down any suspect behavior.

• 5

  Respond to red flags with actions that encourage the mitigation and prevention of the identity-theft crimes. An example of a response is making sure employees ask for a second photo ID to confirm the customer's ID in question. Another response would be to refuse service to any customer with identity inconsistencies until the customer resolves the matter.

• 6

  Keep the identity-theft-prevention program updated to stay current with the inevitable changes in and evolution of identity theft crime.

• 7

  Record any actions or discoveries made by the identity-theft-prevention program in writing.

Fair and Accurate Credit Transaction Act of 2003

• 8

  Create guidelines and procedures regarding credit-card and debit-card identity theft and fraud. Procedures should entail rules regarding sudden address changes and address discrepancies shared by consumer-reporting agencies. An example of a procedure is to create a list of the proper questions to ask a consumer when red flags are found in his account.

• 9

  Investigate customer requests for additional or replacement cards following address changes. Assess the validity of the original address change by contacting the card holder. Ask for the customer's Social Security number, birth date, mother's maiden name, and ask for an address confirmation.

• 10

  Investigate address discrepancies shared by consumer-reporting agencies. Double-check the discrepancies shared by consumer-reporting agencies with the information you have on file for that customer. If no reason is found for the discrepancy, contact the customer and ask him for information to resolve the matter.

• 11

  Create and implement responses that encourage the prevention and mitigation of identity theft and fraud. For example, maintain a separate file for any consumers who have had address discrepancies in the past.