US agencies tighten rules over identity theft

WASHINGTON – Final rules for identity theft ‘red flags’ and address discrepancies have been issued by the federal financial institution regulatory agencies and the Federal Trade Commission.

The rulings, sent to the Federal Register for publication, will implement sections 114 and 315 of the 2003 Fair and Accurate Credit Transactions Act.

Recognising the problem of identity fraud has been slower in the US than in Europe, but the president’s Identity Theft Task Force has recently drawn attention to the billions lost to individuals and businesses through this particular financial crime.

Creditors and financial institutions holding new or existing consumer or other accounts considered at a reasonable risk of identity theft must implement an Identity Theft Prevention Program – to include reasonable policies and procedures for the detection, prevention and mitigation of identity crime.

This new element of risk planning must allow for the detection of certain ‘red flags’ worked into the programme, based on suspicious patterns, practices and activities, and leading to appropriate responses and regular updates.The agencies have provided guidelines and examples of red flags to help implementation.

The new rules also require credit and debit card issuers to develop their policies and procedures to validate customers’ address changes issued shortly before requests for replacement or additional cards.

Users of consumer reports must also develop policies and procedures for receiving a notice of discrepancy of an address from a consumer reporting agency.

The final rules will be effective as of January 1, 2008, with full compliance received from covered financial institutions and creditors by November 1, 2008.