Part 3: Red Flags Rule Compliance

Continuing with our goal to educated businesses on proper compliance with the Red Flags Rule, today is an overview of the 4 step process.  We will cover each step in more detail in the coming weeks.  For now, here is an overview of the 4 steps:

Step 1: Identify relevant Red Flags- the potential patterns, practices, or specific activities indicating the possibility of identity theft.  These include taking into account risk factors and sources of red flags,.

Step 2: Detect Red Flags: Sometimes, using identity verification and authentication methods can help detect red flags. Consider whether business procedures should differ if an identity verification or authentication is taking place in person, by telephone, mail, or online.

Step 3: Prevent and mitigate identity theft: Upon spotting a red flag, be prepared to respond appropriately. The response will depend on the degree of risk posed. It may need to accommodate other legal obligations, like laws about providing and terminating service.

Step 4: Keep the program up to date: The Rule recognizes that new red flags emerge as technology changes or identity thieves change their tactics, and requires periodic updates to your program. Factor in personal experience with identity theft; changes in how identity thieves operate; new methods to detect, prevent, and mitigate identity theft; changes in the accounts offered; and changes in the  business community, like mergers, acquisitions, alliances, joint ventures, and arrangements with service providers.

Tune in again next week for more details.  Our goal is to help our business community with compliance which will, of course, also help protect every individual in the community as well from identity theft.  More at


by HV Shred