slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The FTC’s Red Flag Rule PowerPoint Presentation
Download Presentation
The FTC’s Red Flag Rule

Loading in 2 Seconds...

play fullscreen
1 / 61

The FTC’s Red Flag Rule - PowerPoint PPT Presentation


  • 144 Views
  • Uploaded on

The FTC’s Red Flag Rule. FTC Red Flag Regulations . Why the Red Flag Regulations?. FTC Red Flag Regulations .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The FTC’s Red Flag Rule' - lindsay


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
The FTC’s

Red Flag Rule

ftc red flag regulations
FTC Red Flag Regulations

Why the Red Flag Regulations?

ftc red flag regulations3
FTC Red Flag Regulations

As many as 9 million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit, and even endanger their medical treatment. The cost to businesses – left with unpaid bills racked up by scam artists – can be staggering, too.

ftc red flag regulations4
FTC Red Flag Regulations

Companies, including many small businesses, have also had their identity stolen.

Sole proprietors report high incidences of stolen identities.

ftc red flag regulations5
FTC Red Flag Regulations

The Red Flag Rule picks up where data security leaves off.

It seeks to prevent identity theft by ensuring that your business or organization is on the lookout for the signs that a crook is using someone else’s information, typically to get products or services from you with no intention of paying.

ftc red flag regulations6
FTC Red Flag Regulations

The Red Flags Rule sets out how certain businesses and organizations must develop, implement, and administer their Identity Theft Prevention Programs.

ftc red flag regulations7
FTC Red Flag Regulations

A Red Flags Program must include four basic elements, which together create a framework to address the threat of identity theft.

ftc red flag regulations8
FTC Red Flag Regulations

Element One:

Identify the Red Flags

Your Program must include reasonable policies and procedures to identify the “red flags” of identity theft you may run across in the day-to-day operation of your business.

ftc red flag regulations9
FTC Red Flag Regulations

Element One:

Identify the Red Flags

Red flags are suspicious patterns or practices, or specific activities, that indicate the possibility of identity theft.

ftc red flag regulations10
FTC Red Flag Regulations

Element One:

Identify the Red Flags

If a customer has to provide some form of identification to open an account with your company, an ID that looks like it might be fake would be a “red flag” for your business.

ftc red flag regulations11
FTC Red Flag Regulations

Element One:

Identify the Red Flags

Consider:

• Risk Factors

• Sources of Red Flags

• Categories of Common Red Flags

ftc red flag regulations12
FTC Red Flag Regulations

Element One:

Identify the Red Flags

Risk Factors:

Different types of accounts pose different kinds of risk.

ftc red flag regulations13
FTC Red Flag Regulations

Element One: Identify the Red Flags

Risk Factors

Red flags for deposit accounts may differ from red flags for credit accounts.

The red flags for consumer accounts may not be the same as those for business accounts.

Red flags for accounts opened or accessed online or by phone may differ from those involving face-to-face contact.

ftc red flag regulations14
FTC Red Flag Regulations

Element One:

Identify the Red Flags

Sources of Red Flags

Consider sources of information, including how identity theft may have affected your business and the experience of other members of your industry.

ftc red flag regulations15
FTC Red Flag Regulations

Element One: Identify the Red Flags

Sources: (Credit Reports)

  • a fraud or active duty alert on a credit report
  • a notice of credit freeze in response to a request for a credit
  • report a notice of address discrepancy provided by a credit reporting agency
ftc red flag regulations16
FTC Red Flag Regulations

Element One: Identify the Red Flags

Sources: (Credit Reports, Credit Applications, Rush Orders)

  • a credit report indicating a pattern of activity inconsistent with the person’s history
  • a big increase in the volume of inquiries or the use of credit, especially on new accounts;
  • an unusual number of recently established credit relationships;
  • or an account that was closed because of an abuse of account privileges
ftc red flag regulations17
FTC Red Flag Regulations

Element One: Identify the Red Flags

Sources: (Counter Sales Identification)

  • identification that looks altered or forged
  • the person presenting the identification doesn’t look like the photo or match the physical description
ftc red flag regulations18
FTC Red Flag Regulations

Element One: Identify the Red Flags

Sources: (Credit Applications)

  • a bogus address, an address for a mail drop or prison, a phone number that’s invalid, or one that’s associated with a pager or answering service
ftc red flag regulations19
FTC Red Flag Regulations

Element One: Identify the Red Flags

Sources: (Contact by the Customer)

• The sender’s email uses a generic service rather than a company name

• Large quantities of the same item are ordered

• The shipping address given differs from the company’s address or is a new location for the customer

ftc red flag regulations20
FTC Red Flag Regulations

Element One: Identify the Red Flags

Sources: (Contact with the Customer)

• The language used in the emails is flawed, consistently misspelled and reads like it’s from a foreign translation

• Multiple credit cards are used for the purchase

ftc red flag regulations21
FTC Red Flag Regulations

Element One: Identify the Red Flags

Sources: (Contact with the Customer)

• The purchaser attempts to get net 30 terms

• An alternative shipping method, faster than typical, is requested such as overnight air or rush pick-up

• Multiple rush orders are received from the same company in a short period of time

ftc red flag regulations22
FTC Red Flag Regulations

Element Two: Detect the Red Flags

Your Program must be designed to detect the red flags you’ve identified.

ftc red flag regulations23
FTC Red Flag Regulations

Element Two: Detect the Red Flags

If you’ve identified fake IDs as a red flag, you must have procedures in place to detect possible fake, forged, or altered identification.

For example, ask for a second form of ID.

ftc red flag regulations24
FTC Red Flag Regulations

Element Two: Detect the Red Flags

You may detect a Red Flag when you verify an order that originated with the sender using a generic email account or when you verify a new “ship to” address, or during your risk assessment as you authenticate customers, monitor transactions, or verify requests for changes of address.

ftc red flag regulations25
FTC Red Flag Regulations

Element Two: Detect the Red Flags

Your Program may include procedures to authenticate customers (confirming that the person you’re dealing with really is your customer), monitor transactions, and verify the validity of change-of-address requests or new ship-to addresses.

ftc red flag regulations26
FTC Red Flag Regulations

Element Three: Respond

Your Program must spell out appropriate actions you’ll take when you detect red flags.

ftc red flag regulations27
FTC Red Flag Regulations

Element Three: Respond

When you spot a red flag, be prepared to respond appropriately. Your response will depend upon the degree of risk posed.

ftc red flag regulations28
FTC Red Flag Regulations

Element Three: Respond

The Guidelines in the Red Flags Rule offer examples of some appropriate responses, including:

  • monitoring a covered account for evidence of identity theft
  • contacting the customer
ftc red flag regulations29
FTC Red Flag Regulations

Element Three: Respond

Some appropriate responses, including:

  • changing passwords, security codes, or other ways to access an account
  • closing an existing account
  • reopening an account with a new account number
ftc red flag regulations30
FTC Red Flag Regulations

Element Three: Respond

Some appropriate responses, including:

  • not opening a new account
  • not trying to collect on an account or not selling an account to a debt collector
  • notifying law enforcement
  • determining that no response is warranted under the particular circumstances
ftc red flag regulations31
FTC Red Flag Regulations

Element Four:

Administer & Update

Because identity theft is an ever-changing threat, you must address how you will re-evaluate your Program periodically to reflect new risks from this crime.

ftc red flag regulations32
FTC Red Flag Regulations

Element Four: Administer & Update

Your board may oversee, develop, implement, and administer the Program or it may designate a senior employee to do the job.

ftc red flag regulations33
FTC Red Flag Regulations

Element Four: Administer & Update

Responsibilities include assigning specific responsibility for the Program’s implementation, reviewing staff reports about how your organization is complying with the Rule, and approving important changes to your Program.

ftc red flag regulations34
FTC Red Flag Regulations

Element Four:

Administer & Update

The Rule requires that you train relevant staff only as “necessary” – for example, staff that has received anti-fraud prevention training may not need to be re-trained.

ftc red flag regulations35
FTC Red Flag Regulations

In review, the four elements are:

  • Identify
  • Detect
  • Respond
  • Administer & Update
ftc red flag regulations36
FTC Red Flag Regulations

The point?

Describe, in writing, how to incorporate the Red Flag Rule into the daily operations of your business.

ftc red flag regulations37
FTC Red Flag Regulations

Who must comply?

The Red Flags Rule applies to “financial institutions” and “creditors.”

ftc red flag regulations38
FTC Red Flag Regulations

Creditors must comply.

The definition of “creditor” is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later.

ftc red flag regulations39
FTC Red Flag Regulations

Creditors must comply.

The Rule also defines a “creditor” as one who regularly grants loans, arranges for loans or the extension of credit, or makes credit decisions.

ftc red flag regulations40
FTC Red Flag Regulations

The definition includes anyone who regularly participates in the decision to extend, renew, or continue credit, including setting the terms of credit – for example, a third-party debt collector who regularly renegotiates the terms of a debt. If you regularly extend credit to other businesses, you also are covered under this definition.

ftc red flag regulations41
FTC Red Flag Regulations

Covered Accounts:

What does it mean to “regularly” extend credit?

There’s no bright line definition for “regularly.” 

But if the activities that meet the definition of “creditor” are more than just an isolated occurrence for your business, the Red Flags Rule applies to you.

ftc red flag regulations42
FTC Red Flag Regulations

Covered Accounts

Once you’ve concluded that your business or organization is a financial institution or creditor, you must determine if you have any “covered accounts.”

ftc red flag regulations43
FTC Red Flag Regulations

Covered Accounts

Look at both existing accounts and new ones.

Two categories of accounts are covered.

ftc red flag regulations44
FTC Red Flag Regulations

Covered Accounts: Consumer Account

The first kind is a consumer account you offer your customers that’s primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions.

ftc red flag regulations45
FTC Red Flag Regulations

Covered Accounts: Consumer Account

Examples are credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts.

ftc red flag regulations46
FTC Red Flag Regulations

Before you decide

you don’t have to comply …

ftc red flag regulations47
FTC Red Flag Regulations

Covered Accounts:

The second kind of “covered account” is “any other account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.”

ftc red flag regulations48
FTC Red Flag Regulations

Covered Accounts:

The second kind of “covered account” is “any other account that a creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.”

ftc red flag regulations49
FTC Red Flag Regulations

Covered Accounts:

Examples include small business accounts, sole proprietorship accounts, or single transaction consumer accounts that may be vulnerable to identity theft.

ftc red flag regulations50
FTC Red Flag Regulations

Covered Accounts:

Q: Am I a creditor under the Rule if I extend credit to other businesses?

A: Yes, you’re a creditor whether you have consumer or business customers.

ftc red flag regulations51
FTC Red Flag Regulations

Covered Accounts:

Q: Do I have covered accounts if I’m a business creditor?

A: It depends.  If you’re a creditor with only business- to-business accounts, you have to assess whether those accounts pose a reasonably foreseeable risk from identity theft.  If they do, they’re “covered accounts” under the Rule.

ftc red flag regulations52
FTC Red Flag Regulations

Covered Accounts

In determining if accounts are covered under the second category, consider how they’re opened and accessed.

For example, there may be a reasonably foreseeable risk of identity theft in connection with business accounts that can be accessed remotely – such as through the Internet or by telephone.

Your risk analysis must consider any actual incidents of identity theft involving accounts like these.

ftc red flag regulations53
FTC Red Flag Regulations

Is your business or organization at low risk for identity theft?

ftc red flag regulations54
FTC Red Flag Regulations

Here are some factors to help you decide if your risk level is low:

Do you know your customers personally?

Perhaps you are familiar with everyone who walks into your office or places an order with your company. It’s unlikely that an identity thief can defraud you by impersonating someone you already know. That would place your business at low risk for identity theft.

ftc red flag regulations55
FTC Red Flag Regulations

Low risk level:

Have you ever experienced an incident of identity theft?

You’ve been in business for some time now, and no one has complained that someone stole his identity and used it to get products or services at your business. That might suggest your business is at low risk for identity theft.

ftc red flag regulations56
FTC Red Flag Regulations

Low risk level:

Are you in a business where identity theft is uncommon?

If there are no reports in the news and no talk among people in your line of work about identity theft, your industry may not now be the target of identity thieves, and your organization may be at low risk for identity theft.

ftc red flag regulations57
FTC Red Flag Regulations

In the event of a knowing violation, which constitutes a pattern or practice of violations, the FTC may commence a civil action to recover a civil penalty in a federal district court. Penalties imposed by the FTC for violations of FACTA may not exceed $3,500 per infraction.

ftc red flag regulations58
FTC Red Flag Regulations

Key to compliance:

Create a written Red Flag program

ftc red flag regulations59
FTC Red Flag Regulations

Sample policies:

March issue of Business Credit magazine

FTC’s Low Risk Program Template

ftc red flag regulations61
FTC Red Flag Regulations

Red Flag Rule went into effect on

January 1, 2008

Enforcement scheduled to begin

November 1, 2009