Audit & Compliance
ID Theft Red Flag Rules
Identity theft has become more prevalent, and as a result, the NCUA and FTC jointly issued Identity Theft Red Flag Rules requiring credit unions and creditors with covered accounts to develop and implement written identity theft prevention programs. The rule also requires issuers of credit cards and debit cards to assess the validity of notifications of changes of address. The programs must provide for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. CU Rx reviews your credit union’s Identity Theft Red Flag program and procedures. From there, we’ll develop or update your written plans to ensure your members are protected. We also provide training for your staff as needed to ensure compliance.
The implementing rules also require credit and debit card issuers to assess the validity of notifications of changes of address under certain circumstances. Summarily, the joint rules provide guidance regarding reasonable policies and procedures that will help identify “red flags,” which are patterns, practices, or activities that indicate the possible risk of identity theft, along with rules requiring financial institutions and other creditors to implement the guidelines.
The guidelines list a number of “red flags” including:
- The existence of fraud alerts
- Altered and inconsistent information
- Account use that fits a pattern of fraud
- Notifications of unauthorized charges or fraudulent account charges
- Attempts to access accounts by unauthorized users
The rules allow for a risk-based, flexible approach that requires financial institutions and creditors to develop a program that is appropriate to the size and complexity of the institution, as well as the nature and scope of its activities.
- The type of accounts and products offered
- Interviews with staff
- Assessment of current mitigation strategies and procedures in place related to identity theft
Based on the risk assessment, CU Rx will tailor an ID Theft Red Flag Program that:
- Identifies patterns, practices, and specific activities that indicate the possible existence of identity theft and the necessary mitigation strategy for each
- Includes staff training to ensure all employees understand the Program and their responsibilities.