ISN Inc

Red Flags Rule Compliance

The "Red Flags" Rule, in effect since January 1, 2008, requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs - or "red flags" - of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate the damage it inflicts. The Red Flags Rule is enforced by the Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA).

Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. A creditor is broadly described as anyone who defers payment on a debt, or anyone who defers payment on goods or services. Accepting credit cards as a form of payment does not in and of itself make an entity a creditor. But creditors do include organizations such as finance companies, healthcare organizations, automobile dealers, mortgage brokers, utility companies and telecommunications companies.

Steps to prepare for the Red Flags Rule include:

• Develop & execute a more detailed information security program specific to preventing, identifying & mitigating "red flags"
• Required staff training
• Conduct regular vulnerability testing
• Written procedures for responding to and communicating information on a data security breach
• Increased record keeping for policies and procedures

Recommended Red Flags compliance solutions:

• Vulnerability Scannin
• Firewall
• Host Intrusion Detection and Prevention
• E-Security Training
• Web Content Filtering
• Email Content Filtering
• SPAM Filtering
• Email Anti-Virus
• Policy Compliance Audit
• Consulting Services