U.S. Bank Regulators To Require Identity Theft 'Red Flag" Measures For Banks And Card Issuers
Federal bank regulators issued a notice of proposed rulemaking concerning identity theft "red flags" and address discrepancies under under sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
According to the FDIC press release accompanying the NPR, the proposed regulations would require each financial institution and creditor to develop and implement an identity theft prevention program that includes policies and procedures for detecting, preventing, and mitigating identity theft in connection with account openings and existing accounts. The proposed regulations include guidelines listing patterns, practices, and specific forms of activity that should raise a "red flag" signaling a possible risk of identity theft.
Under the proposed regulations, an identity theft prevention program established by a financial institution or creditor would have to include policies and procedures for detecting any "red flag" relevant to its operations and implementing a mitigation strategy appropriate for the level of risk. The proposed regulations also would require credit and debit card issuers to develop policies and procedures to assess the validity of a request for a change of address followed closely by a request for an additional or replacement card.
Additional proposed regulations would require users of consumer reports to develop reasonable policies and procedures that they must apply when they receive a notice of address discrepancy from a consumer reporting agency.
Links to proposed regulations: Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003: Part 1 - PDF
Comments