The Red Flags Rule has adapted new practices to protect small businesses from the constantly evolving state of identity theft. The American Veterinary Medical Association (AVMA) explains that the Red Flags Rule is a regulation issued by the Federal Trade Commission under the Fair and Accurate Credit Transactions Act. The Rule requires businesses to proactively detect and prevent identity theft concerning client data. The regulation was issued after rising concerns of online credit purchases, and a string of highly publicized hacks in the first half of the decade.
On a practical level, the rule demands that all businesses write an identity theft program that determines the course of action in various areas, as directly reported at the Security and Exchanges Commission.
- Updating the program
- Detecting breaches
- Identifying new types of identity theft
- Appropriate responses to red flag detection.
Recognizing Vulnerable Points
The entire regulation identifies key areas of vulnerability in identity theft. With this outline, businesses are able to create services and protective measures that cater to these highly vulnerable points: dubious documents in circulation, suspicious addresses, certain areas of a covered account, and notifications or warnings from a reporting agency.
Identifying the Program: What Does all This Mean?
The first step is figuring out if the business you are involved in is under the Red Flag Rules umbrella. Businesses that must comply include any business that extends credit (mortgage lenders, telecoms); any financial company (bank, security brokerages); and any business that allows delayed payments (law, schools, accounting).
After identifying the status, it is paramount to comply with immediacy. Establishing a new Red Flags report is not the last step. The program should fit with currently established training protocol, IT procedures and human resource programs.
The Compliance Program Standards
A single violation of the Red Flags Rule can cost up to $2,500. This could quickly compound to millions for firms with many accounts and each one counting as a separate violation. Companies employ various tactics to enhance security, including the obtaining of the minimum information from applicants for a credit check. Companies must further employ third party verification tools and checklist organized data to verify an identity. This is where CAPTCHAs (Completely Automated Public Turing Test To Tell Computers and Humans Apart) are so prevalent. ReCAPTCHA and SQUIGL-PIX have moved the technology forward and minimized hacker capabilities. The new regulation enforces many applicable companies to require physical documentation to assist in identity verification. For example, content distributor Textbroker.com requires all applicants to physically mail an address confirmation before developing content for them.
Main Ways to Protect from Identity Fraud
The Google cloud is a safe haven for many companies. The system never ages, fundamentally, and is made up of an estimated 1 million servers. On a more mainstream level, identity theft protection companies will safeguard businesses against various credit hacks using credit alerts, address monitoring and lost wallet services. Both these methods are widely embraced by independent website holders, small businesses, and major corporations.