This is an excerpt from the Fighting Fraud with the Red Flags Rule How-to Guide for Business
The Red Flags Rule sets out how certain businesses and organizations must develop, implement, and administer their Identity Theft Prevention Programs.
Your program must include four basic elements, which help you to address the threat of identity theft.
#1 - Policies and Procedures for Identifying Red Flags
Your program must include reasonable policies and procedures to identify the "red flags" of identity theft you may run across in the day-to-day operation of your business.
Red flags are suspicious patterns or practices, or specifi c activities, that indicate the possibility of identity theft.
For example, if a customer has to provide some form of identifi cation to open an account with your company, an ID that looks like it might be fake would be a "red fl ag" for your business.
#2 - Detection of Red Flags
Your program must be designed to detect the red fl ags you’ve identified.
For example, if you’ve identified fake IDs as a red flag, you must have procedures in place to detect possible fake, forged, or altered identifi cation.
#3 - How Will You Deal with Red Flags?
Your program must spell out appropriate actions you’ll take when you detect red flags.
#4 - How Will You Re-Evaluate Your Program and Modify It, As Needed?
Identity theft is an ever-changing threat so you must address how you will re-evaluate your program periodically to reflect new risks from this crime.
Just getting something down on paper won’t reduce the risk of identity theft. That’s why the Red Flags Rule sets out requirements on how to incorporate your Program into the daily operations of your business.
Your board of directors (or a committee of the board) has to approve your first written program. If you don’t have a board, approval is up to an appropriate senior-level employee.
Your program must state who’s responsible for implementing and administering it effectively.
Because your employees have a role to play in preventing and detecting identity theft, your Program also must include appropriate staff training.
If you outsource or subcontract parts of your operations that would be covered by the Rule, your Program also must address how you’ll monitor your contractors’ compliance.
The Red Flags Rule gives you the flexibility to design a program appropriate for your company – its size and potential risks of identity theft.
While some businesses and organizations may need a comprehensive program that addresses a high risk of identity theft in a complex organization, others with a low risk of identity theft could have a more streamlined program.
The Red Flags Rule sets out how certain businesses and organizations must develop, implement, and administer their Identity Theft Prevention Programs.
Your program must include four basic elements, which help you to address the threat of identity theft.
#1 - Policies and Procedures for Identifying Red Flags
Your program must include reasonable policies and procedures to identify the "red flags" of identity theft you may run across in the day-to-day operation of your business.
Red flags are suspicious patterns or practices, or specifi c activities, that indicate the possibility of identity theft.
For example, if a customer has to provide some form of identifi cation to open an account with your company, an ID that looks like it might be fake would be a "red fl ag" for your business.
#2 - Detection of Red Flags
Your program must be designed to detect the red fl ags you’ve identified.
For example, if you’ve identified fake IDs as a red flag, you must have procedures in place to detect possible fake, forged, or altered identifi cation.
#3 - How Will You Deal with Red Flags?
Your program must spell out appropriate actions you’ll take when you detect red flags.
#4 - How Will You Re-Evaluate Your Program and Modify It, As Needed?
Identity theft is an ever-changing threat so you must address how you will re-evaluate your program periodically to reflect new risks from this crime.
Just getting something down on paper won’t reduce the risk of identity theft. That’s why the Red Flags Rule sets out requirements on how to incorporate your Program into the daily operations of your business.
Your board of directors (or a committee of the board) has to approve your first written program. If you don’t have a board, approval is up to an appropriate senior-level employee.
Your program must state who’s responsible for implementing and administering it effectively.
Because your employees have a role to play in preventing and detecting identity theft, your Program also must include appropriate staff training.
If you outsource or subcontract parts of your operations that would be covered by the Rule, your Program also must address how you’ll monitor your contractors’ compliance.
The Red Flags Rule gives you the flexibility to design a program appropriate for your company – its size and potential risks of identity theft.
While some businesses and organizations may need a comprehensive program that addresses a high risk of identity theft in a complex organization, others with a low risk of identity theft could have a more streamlined program.
No comments:
Post a Comment