Red Flag Rule Assessment

The Federal Trade Commission (FTC) has published the final rule regarding fraudulent attempts to use personal data. The new regulations implemented Section 114 (Red Flag Guidelines) and Section 315 (Reconciling Address Discrepancies) of the Fair and Accurate Credit Transaction Act (FACTA). Red Flag Rules require financial and credit institutions that hold any consumer account or other account creating/holding institutions for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program. This rule extends to other industries such as healthcare, auto, and telecommunications providers. The Identity Theft Red Flag Rule applies to any covered financial institution, credit and debit card issuers, users of consumer reports, or creditor that:

· Collects and uses consumer confidential personal information

· Interacts with a credit reporting bureau

· Maintains “covered” accounts for individuals and/or businesses

The Red Flag Rules require the following key measures:

· An established, written Identity Theft Prevention Program

· Policies and procedures

· Initial risk assessment

· Regular compliance reporting

· Oversight of third-party service providers

· Mandatory staff training

· A periodic review of the program updated to reflect any changes

A Red Flag compliance program can mitigate the risk of penalties, provide proactive customer security measures, and keep the network updated for security measures in network administration, policies, procedures, and physical security. KRAA Security utilizes the RiskWatch application to streamline the assessment, provide meaningful metrics and a solid workflow to secure your environment.  RiskWatch is the most accurate and comprehensive way to conduct governance, compliance and risk assessments based on international standards including ISO 17799, ISO 27001, COBIT 4.0 and Sarbanes Oxley (SOX).