The person responsible for your program should report at least annually to your Board of Directors or a designated senior manager. The Red Flags Rule is published at 16 C. See also 72 Fed. The preamble B pages 63,, — discusses the purpose, intent, and scope of coverage of the Rule. The text of the FTC rule is at pages 63,, The Rule includes Guidelines B Appendix A, pages 63,, — intended to help businesses develop and maintain a compliance program.
The Supplement to the Guidelines — page 63, — provides a list of examples of red flags for businesses and organizations to consider incorporating into their program. See 16 C. See 15 U.
See 12 U. Transaction accounts include checking accounts, negotiable orders of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts. See also Regulation B. For purposes of the Red Flags Rule, a creditor —. This Rule may be a helpful starting point in developing your program. You are here. Red Flags are suspicious patterns or practices, or specific activities that indicate the possibility of identity theft.
If you have identified fake IDs as a red flag, for example, you must have procedures to detect possible fake, forged, or altered identification. If you answer: No to all, the Rule does not apply. Yes to one or more, ask: Does my business or organization regularly and in the ordinary course of business: get or use consumer reports in connection with a credit transaction? Yes to one or more, you are a creditor covered by the Rule.
Two categories of accounts are covered: A consumer account for your customers for personal, family, or household purposes that involves or allows multiple payments or transactions.
FAQs I review credit reports to screen job applicants. Does the Rule apply to my business on this basis alone? I am a professional who bills my clients for services at the end of the month. Am I a creditor just because I allow clients to pay later? In my business, I lend money to customers for their purchases. The loans are backed by title to their car. Anyone who lends money — like a payday lender or automobile title lender — is covered by the Rule.
Their lending activities may make their business attractive targets for identity theft. No one in our organization ever sees the credit reports. Is my business covered by the Rule? Your business is — regularly and in the ordinary course of business — using credit reports in connection with a credit transaction. This definition includes all student accounts. Program Administrator: the individual designated with primary responsibility for oversight of the program. See Section IV below.
In order to identify relevant Red Flags, the University considers the types of accounts that it offers and maintains, methods it provides to open its accounts, methods it provides to access its accounts, and its previous experiences with identity theft.
The University identifies the following Red Flags in each of the listed categories:. Name discrepancy on identification and insurance information;. Personal information inconsistent with information already on file;. Notice or report from a credit agency of a credit freeze or an active duty alert on an applicant;. Receipt of a notice of address discrepancy in response to a credit report request. Suspicious Documents. Identification document or card that appears to be forged, altered or inauthentic;.
Other document with information that is not consistent with existing student information; and. Application for service that appears to have been altered or forged. Suspicious Personal Identifying Information.
Identifying information presented that is inconsistent with other information the student provides example: inconsistent birth dates ;. Identifying information presented that is inconsistent with other sources of information. Identifying information presented that is the same as information shown on other applications that were found to be fraudulent;.
Identifying information presented that is consistent with fraudulent activity such as an invalid phone number or fictitious billing address ;.
Entities that are required to adopt identity theft programs also must provide for the administration of the program, including staff training and oversight of service providers.
The rules do not single out specific red flags as mandatory, require specific policies and procedures to identify possible red flags, or provide a specific method of detecting red flags. The rules do, however, include guidelines and examples of red flags to help firms administer their programs. An identity theft program should be appropriate to the size and complexity of the entity and the nature and scope of its activities.
An SEC-regulated entity will generally qualify as a financial institution if it holds a transaction account belonging to an individual.
An account may be a transaction account and therefore the entity holding the account may qualify as a financial institution if the individual account owner can personally make payments or transfers of money from his or her account to third parties, or can direct the SEC-regulated entity to make such payments or transfers to third parties.
0コメント