The sweeping changes in technology that have occurred over the last twenty years have enabled companies new and old to offer more sophisticated and innovative products and services to their customers. At the same time, many of these same companies have also faced unwelcome challenges as a result of new technologies, whereby personal identifying information of customers has become accessible to persons who seek to cause financial harm and reputational damage to innocent consumers, and the businesses that serve their needs.
A major issue being faced today by many companies is identity theft. Identity theft happens when someone steals your personal information and uses it without your permission. The techniques used to perpetrate this very serious crime can be so elaborate and practically invisible to the unsuspecting victim that life altering damage can be done before anyone (other than the thief)knows what has happened. Millions of Americans are victims each year, with the results being drained bank accounts and damaged credit, among other hazards. It can be a very costly endeavor to repair the damage, and many consumers are left feeling psychologically harmed and vulnerable.
To address these concerns, the “Red Flags Rule” was enacted in 2007, as part of the Fair and Accurate Credit Transaction Act (FACT), passed in 2003. The Federal Trade Commission (FTC) enforces the Red Flag Rule in conjunction with other US Government agencies. The Rule provides a roadmap for companies (financial institutions in particular) to follow with respect to the development and implementation of an identity theft prevention program. Essentially, a business must identify the various red flags of identity theft which may occur in its everyday operations. An ID theft program must be created to be able to detect those red flags that the business believes will signal a legitimate threat.
As no two companies are exactly alike with respect to specific areas of concern, the Red Flags Rule allows businesses the flexibility to create an ID theft program that will best serve its unique needs. The key to any ID theft program should of course be to prevent identity theft in the first place; in this regard the use of technology may serve no more important purpose.