|As institutions embrace automated services such as self-service password reset for purposes of reducing costs and boosting efficiency, these services are being targeted by attackers for the relative ease with which they can be used to gain access to registered accounts.
Thomas Varghese, Addressing Red Flags compliance
The Federal Trade Commission (FTC) has instituted new regulations known as “Identity Theft Red Flags” that promise to mitigate the havoc posed by identity theft to financial institutions and their customers. Effective May 1, 2009, these new regulations require financial institutions and creditors with covered accounts to implement programs that detect, prevent, and mitigate instances of identity theft.
Under the rules, entities must develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft. The FTC has issued guidelines that identify 26 different red flags to assist in designing identity theft prevention programs. These red flags are not a checklist, rather examples that financial institutions and creditors can model as a reference.