Suche senden
Hochladen
FACTA Red Flag Ruling - Frost Report
•
0 gefällt mir
•
408 views
R
Robert Hutt
Folgen
Access provides FACTA employer and employee training
Weniger lesen
Mehr lesen
Bildung
Technologie
Melden
Teilen
Melden
Teilen
1 von 5
Empfohlen
Guidance on verification 01092020
Guidance on verification 01092020
Ziaullah Mirza
Prevention of doctor shopping
Prevention of doctor shopping
Doug Brockway
Fraud prevention in dme claims
Fraud prevention in dme claims
Doug Brockway
Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003
Credit Management Association
FACTA Red Flags 2010
FACTA Red Flags 2010
Credit Management Association
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform Brochure
Paul Stabile
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
bashirnakib
CRMS_Project-JF-edits
CRMS_Project-JF-edits
Hasan Fehmi Gencer, MBA, PMP, ITIL4
Empfohlen
Guidance on verification 01092020
Guidance on verification 01092020
Ziaullah Mirza
Prevention of doctor shopping
Prevention of doctor shopping
Doug Brockway
Fraud prevention in dme claims
Fraud prevention in dme claims
Doug Brockway
Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003
Credit Management Association
FACTA Red Flags 2010
FACTA Red Flags 2010
Credit Management Association
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform Brochure
Paul Stabile
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
bashirnakib
CRMS_Project-JF-edits
CRMS_Project-JF-edits
Hasan Fehmi Gencer, MBA, PMP, ITIL4
Chapter 7 risk based approach
Chapter 7 risk based approach
Quan Risk
Chapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml compliance
Quan Risk
DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07
Cherise Lloyd
Hacked Customer Accounts
Hacked Customer Accounts
Abbie Olson
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
Louise Malady
goAML
goAML
jwsong127
Risk based approach
Risk based approach
Pierre Simon, CCEP-I
Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets
Frank Lenisa
Fraud Monitoring Solution
Fraud Monitoring Solution
Ben Omoakin Oguntala, developingafrica(dot)net
Compuscan
Compuscan
Frank Lenisa
Advancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technology
Frank Lenisa
KYC Blockchain in Insurance Industry
KYC Blockchain in Insurance Industry
Nitin Patidar
Enterprise Fraud Risk Management
Enterprise Fraud Risk Management
Tommy Seah
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
WNS Global Services
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1
anthonywong
EastNets Compliance Solutions
EastNets Compliance Solutions
EastNets
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes Management
Virginia Fernandez
Role of blockchain in enterprise kyc
Role of blockchain in enterprise kyc
adityakumar2080
FACTA Red Flags Rule Compliance
FACTA Red Flags Rule Compliance
Credit Management Association
Red Storm Rising
Red Storm Rising
John Bonora
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptx
Boston Institute of Analytics
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
Brent Hillyer
Weitere ähnliche Inhalte
Was ist angesagt?
Chapter 7 risk based approach
Chapter 7 risk based approach
Quan Risk
Chapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml compliance
Quan Risk
DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07
Cherise Lloyd
Hacked Customer Accounts
Hacked Customer Accounts
Abbie Olson
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
Louise Malady
goAML
goAML
jwsong127
Risk based approach
Risk based approach
Pierre Simon, CCEP-I
Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets
Frank Lenisa
Fraud Monitoring Solution
Fraud Monitoring Solution
Ben Omoakin Oguntala, developingafrica(dot)net
Compuscan
Compuscan
Frank Lenisa
Advancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technology
Frank Lenisa
KYC Blockchain in Insurance Industry
KYC Blockchain in Insurance Industry
Nitin Patidar
Enterprise Fraud Risk Management
Enterprise Fraud Risk Management
Tommy Seah
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
WNS Global Services
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1
anthonywong
EastNets Compliance Solutions
EastNets Compliance Solutions
EastNets
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes Management
Virginia Fernandez
Role of blockchain in enterprise kyc
Role of blockchain in enterprise kyc
adityakumar2080
Was ist angesagt?
(18)
Chapter 7 risk based approach
Chapter 7 risk based approach
Chapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml compliance
DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07
Hacked Customer Accounts
Hacked Customer Accounts
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
goAML
goAML
Risk based approach
Risk based approach
Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets
Fraud Monitoring Solution
Fraud Monitoring Solution
Compuscan
Compuscan
Advancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technology
KYC Blockchain in Insurance Industry
KYC Blockchain in Insurance Industry
Enterprise Fraud Risk Management
Enterprise Fraud Risk Management
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1
EastNets Compliance Solutions
EastNets Compliance Solutions
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes Management
Role of blockchain in enterprise kyc
Role of blockchain in enterprise kyc
Ähnlich wie FACTA Red Flag Ruling - Frost Report
FACTA Red Flags Rule Compliance
FACTA Red Flags Rule Compliance
Credit Management Association
Red Storm Rising
Red Storm Rising
John Bonora
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptx
Boston Institute of Analytics
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
Brent Hillyer
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
HNI Risk Services
AML Manual AltosEscondidos
AML Manual AltosEscondidos
Altos Escondidos Panama
ZUU_AML_CFT Training Material V1.0_20211012.pdf
ZUU_AML_CFT Training Material V1.0_20211012.pdf
MicCheng2
KYC - Know Your Costumer and the Importance of Suitability
KYC - Know Your Costumer and the Importance of Suitability
MichaelSabaJD
Privacy update 04.29.2010
Privacy update 04.29.2010
stevemeltzer
Is Security Team 2 Glba
Is Security Team 2 Glba
guestfd062
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning Algorithm
IRJET Journal
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
Security B-Sides
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
Dan Frechtling
10 Stages in the Loan Origination Process.pdf
10 Stages in the Loan Origination Process.pdf
Habile Technologies
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
Cognizant
Employer 0409
Employer 0409
dgade
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
Jitske de Bruijne
Client Alert: CFPB
Client Alert: CFPB
Kelly Hart & Hallman LLP
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
Poyner Spruill LLP, Attorneys
New York - Virtual Currencies Compliance Conference
New York - Virtual Currencies Compliance Conference
Juan Llanos
Ähnlich wie FACTA Red Flag Ruling - Frost Report
(20)
FACTA Red Flags Rule Compliance
FACTA Red Flags Rule Compliance
Red Storm Rising
Red Storm Rising
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptx
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
AML Manual AltosEscondidos
AML Manual AltosEscondidos
ZUU_AML_CFT Training Material V1.0_20211012.pdf
ZUU_AML_CFT Training Material V1.0_20211012.pdf
KYC - Know Your Costumer and the Importance of Suitability
KYC - Know Your Costumer and the Importance of Suitability
Privacy update 04.29.2010
Privacy update 04.29.2010
Is Security Team 2 Glba
Is Security Team 2 Glba
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning Algorithm
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
10 Stages in the Loan Origination Process.pdf
10 Stages in the Loan Origination Process.pdf
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
Employer 0409
Employer 0409
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
Client Alert: CFPB
Client Alert: CFPB
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
New York - Virtual Currencies Compliance Conference
New York - Virtual Currencies Compliance Conference
Mehr von Robert Hutt
Guide to All States Gov\'t and Private Health Insurance Plans
Guide to All States Gov\'t and Private Health Insurance Plans
Robert Hutt
10 Top HR Practices For 2012
10 Top HR Practices For 2012
Robert Hutt
Essential.Health.Benefits.Individual.Coverage
Essential.Health.Benefits.Individual.Coverage
Robert Hutt
Noncash Contributions for Non Profits Form 990
Noncash Contributions for Non Profits Form 990
Robert Hutt
2012 Small Employer Health Insurance Survey Ehealthinsurance
2012 Small Employer Health Insurance Survey Ehealthinsurance
Robert Hutt
Health Care Reform in Indiana 10/11/2011 Symposium
Health Care Reform in Indiana 10/11/2011 Symposium
Robert Hutt
PPACA FAQs
PPACA FAQs
Robert Hutt
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
Robert Hutt
PPACA IRS Brochure
PPACA IRS Brochure
Robert Hutt
Advance Healthcare Directives for Indiana
Advance Healthcare Directives for Indiana
Robert Hutt
IRC 8941 Small Business Healthcare Credit
IRC 8941 Small Business Healthcare Credit
Robert Hutt
Small Business Survey of PPACA
Small Business Survey of PPACA
Robert Hutt
Healthcare Reform Flow Chart
Healthcare Reform Flow Chart
Robert Hutt
PPACA HR3590 Summary
PPACA HR3590 Summary
Robert Hutt
2009 Kaiser Employer Health Study
2009 Kaiser Employer Health Study
Robert Hutt
FSA Enrollment Made Easy
FSA Enrollment Made Easy
Robert Hutt
Tax Treatment of Corp Paid Health Insurance Premiums
Tax Treatment of Corp Paid Health Insurance Premiums
Robert Hutt
Why Pre-Paid Legal
Why Pre-Paid Legal
Robert Hutt
Mehr von Robert Hutt
(18)
Guide to All States Gov\'t and Private Health Insurance Plans
Guide to All States Gov\'t and Private Health Insurance Plans
10 Top HR Practices For 2012
10 Top HR Practices For 2012
Essential.Health.Benefits.Individual.Coverage
Essential.Health.Benefits.Individual.Coverage
Noncash Contributions for Non Profits Form 990
Noncash Contributions for Non Profits Form 990
2012 Small Employer Health Insurance Survey Ehealthinsurance
2012 Small Employer Health Insurance Survey Ehealthinsurance
Health Care Reform in Indiana 10/11/2011 Symposium
Health Care Reform in Indiana 10/11/2011 Symposium
PPACA FAQs
PPACA FAQs
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
PPACA IRS Brochure
PPACA IRS Brochure
Advance Healthcare Directives for Indiana
Advance Healthcare Directives for Indiana
IRC 8941 Small Business Healthcare Credit
IRC 8941 Small Business Healthcare Credit
Small Business Survey of PPACA
Small Business Survey of PPACA
Healthcare Reform Flow Chart
Healthcare Reform Flow Chart
PPACA HR3590 Summary
PPACA HR3590 Summary
2009 Kaiser Employer Health Study
2009 Kaiser Employer Health Study
FSA Enrollment Made Easy
FSA Enrollment Made Easy
Tax Treatment of Corp Paid Health Insurance Premiums
Tax Treatment of Corp Paid Health Insurance Premiums
Why Pre-Paid Legal
Why Pre-Paid Legal
Kürzlich hochgeladen
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Steve Thomason
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
Celine George
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
Sayali Powar
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
GeoBlogs
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
SafetyChain Software
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
RKavithamani
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Thiyagu K
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
NirmalaLoungPoorunde1
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
ssuser54595a
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
Marc Dusseiller Dusjagr
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Chameera Dedduwage
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
JemimahLaneBuaron
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
GaneshChakor2
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
Kürzlich hochgeladen
(20)
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
FACTA Red Flag Ruling - Frost Report
1.
The FACTA Red
Flag Rule: Understanding the Rule and Recommendations for Compliance “We Accelerate Growth”
2.
Introduction At the end
of 2007, the Federal Trade Commission (FTC) and five federal bank regulatory agencies (FDIC, OCC, Federal Reserve, OTS and NCUA) jointly issued the final rules and guidelines implementing sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT Act). Under these regulations, the “Red Flag Rule” was adopted which requires the development, implementation, and maintenance of an Identity Theft Prevention Program by covered companies that hold any customer accounts. 1 These requirements were effective January 1, 2008 with a mandatory compliance date of November 1, 2008. In this research note we will discuss the regulation, implications, and our recommendations for compliance. General Scope of the Red Flag Rule The Red Flag Rule requires all financial institutions and creditors to implement an Identity Theft Prevention Program to detect, prevent and mitigate identify theft for covered accounts. 1 The Program must be documented and updated periodically. Updates must reflect changes in risks to customers or to the safety and soundness of the financial institution or creditor from identity theft. The Program must also have the approval of the Board of Directors or a designated Senior Management employee. The Board of Directors shall also have supervision of the implementation of the Program as well as training of the staff and oversight of service providers. The four general elements that the Program must contain are “reasonable policies and procedures” to: • Identify and incorporate Red Flags for covered accounts • Detect Red Flags that are included in the Program • Respond to those Red Flags appropriately • Update the Program periodically to reflect the risk to the customer or to the safety of the financial institution or creditor from identify theft Identifying Red Flags Each financial institution or creditor is responsible for creating the list of its own Red Flags. There is no qualification or mandate for certain Red Flags to be included in the list. The regulation does offer general guidelines and categories in identifying Red Flags but in essence, a financial institution or creditor must include every possible situation in which a Red Flag might occur. 1. Covered account is defined as (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or (2) any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft. © 2008 Frost & Sullivan Page 2
3.
The regulation includes
five broad Red Flag categories, included in the following table. Also included are examples of each category. Category Example 1. Alerts, notifications, or other warnings A credit freeze or fraud alert reported by a received from consumer reporting credit reporting agency agencies or services providers Documents that seem to be forged or 2. Presentation of suspicious documents manipulated Photo identification information that is 3. Presentation of suspicious personal inconsistent with accessible information on file identifying information with the financial institution or creditor (ie, different SSN or date of birth) 4. The unusual use of, or suspicious activity An inordinate amount of withdrawals and related to a covered account suspicious amounts from the covered account 5. Note from customers, victims of identify A call from a customer indicating an unusual theft, law enforcement authorities, or other persons regarding possible identify activity pattern in his account that is dissimilar theft in connection with covered accounts from recent history held by the financial institution or creditor Detecting Red Flags After creating the exhaustive list of possible Red Flags the more challenging aspect is determining processes and procedures of their detection. Financial institutions or creditors that are subject to new and changing regulations should view Red Flag detection as a means to an end of achieving overall enhanced information security and IT security governance. A holistic view of information security and Red Flag detection helps align IT investment with business objectives - securing customer data, transactions, and identities, thus improving customer confidence. There are several broad requirements for detecting Red Flags. The Red Flag requirements do not require a degree in which technology should be used but it is Frost & Sullivan’s recommendation that technology should be leveraged to optimize detection. • Obtaining and verifying information of a person opening a covered account. Using the policies and procedures of the Customer Information Program (CIP) under the USA Patriot Act can serve as general guidelines. Verifying a customer’s information before the account is open is key but can prove difficult for financial institutions and creditors. A system that is able to provide verification which is not cumbersome to the potential client and is real-time can greatly reduce operating costs and improve the customer experience. Software solutions that provide verification questions by scanning public databases and records, give financial institutions and creditors an unbiased approach to authentication which complies with the Red Flag guidelines not to rely on information “which generally would be available from a wallet or consumer report.” • Authenticating existing covered accounts. Authenticating a person’s identity by comparing a picture ID to the person is no longer completely trusted. With the advent of technology, more advanced verification is needed. The use of software that not only verifies user ID and password but also authenticates individuals based on their risk levels will give the financial institution or creditor and customer a more optimal solution in authentication. © 2008 Frost & Sullivan Page 3
4.
• Monitoring transactions
of existing covered accounts. The method used to monitor transactions must be sensitive to not just signal an alert of an issue. It must also be able to correlate the degree of the possible alert with other changes to the customer’s portfolio to deduce the actual risk factor that alert has to the customer. An invisible system that is dynamic and self-learning can greatly reduce the number of false alerts and also quickly stop real identity threats and related patterns. • Verifying the validity of change of address request for existing covered accounts A change of address is one of the first things that occur before fraudulent activity begins on an account. In fact, the Red Flag Rule specifically addresses a change of address in relation to debit or credit cards. The regulation requires reasonable policies and procedures to validate if a request for a replacement card is followed by a request for a change of address within 30 days. The card issuer may not issue the card until it has satisfied at least one of the following provisions: (1) notifying the cardholder by mail or by another means already agreed upon and providing means for the cardholder to respond (2) using another means of evaluating the validity of the change of address. Software that is able to validate customer’s information by another means, such as adaptive questioning, can alleviate the possible cycle time in issuing a new card. • Conducting regular information risk assessments throughout the infrastructure Risk assessment services along with discovery and classification services ensure that threats, vulnerabilities and risks are properly identified and classified within a financial institution or creditor’s infrastructure. Likewise, security policy review services ensure that policies and procedures implemented to detect Red Flags are adequate to support compliance objectives. Ultimately, financial institutions or creditors should align their information risk management strategies with industry best practices and technology solutions to implement effective identity theft and security governance frameworks. Preventing and Mitigating Identity Theft The regulation states that the Program established by the financial institution or creditor must be commensurate with the degree of the risk posed and also should consider aggravating factors that might elevate the identify theft risk. An example given in the regulation is when a financial institution or creditor becomes aware that a customer inadvertently provided account information to someone fraudulently claiming to represent that financial institution or creditor in the form of a fraudulent website. In such a scenario, appropriate responses can include: a. Monitoring a covered account for evidence of identity theft; b. Contacting the customer; c. Changing any passwords, security codes, or other security devices that permit access to a covered account; d. Reopening a covered account with a new account number; e. Not opening a new covered account; f. Closing an existing covered account; g. Not attempting to collect on a covered account or not selling a covered account to a debt collector; h. Notifying law enforcement; or i. Determining that no response is warranted under the particular circumstances. Conclusion While many financial institutions and creditors have put processes in place to deal with identify theft, the overwhelming majority have not. The Red Flag Rule is now mandating that such processes be formalized into an Identity Theft Prevention Program to detect, prevent and mitigate identify theft for covered accounts. © 2008 Frost & Sullivan Page 4
5.
A holistic approach
to information security can help to integrate compliance efforts with business objectives to efficiently focus resources on IT governance and threat management. To achieve this, financial institutions and creditors avoid creating internal silos to comply with new regulations one at a time, and instead protect information throughout the information lifecycle to ensure compliance with multiple common regulatory requirements. Ultimately, this provides focus on establishing effective governance procedures that can be centrally managed to ensure responsiveness to the changing regulatory environment. It is Frost & Sullivan’s recommendation that a combination of technology based solutions that are adaptive, real-time, and self-learning should be leveraged to optimize the detection and response of identify theft through the application of identity verification, authentication, monitoring, and anti-fraud capabilities. About Frost & Sullivan Frost & Sullivan, the Growth Consulting Company, partners with clients to accelerate their growth. The company's Growth Partnership Services, Growth Consulting and Career Best Practices empower clients to create a growth focused culture that generates, evaluates and implements effective growth strategies. Frost & Sullivan employs over 45 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from more than 30 offices on six continents. For more information about Frost & Sullivan’s Growth Partnerships, visit http://www.frost.com. C O N TA C T U S 877.GoFrost (877.463.7678) • myfrost@frost.com • www.frost.com © 2008 Frost & Sullivan Page 5