Red flag rulesCompliance With FTC Identity Theft LegislationIdeal forAssessingCommercialLegalHealthcareFinancialUtilityLegal BackgroundThe Red Flags Rule was established by the U.S. Federal Trade Commission (FTC), based on the 2003 Fair and Accurate Credit Transactions Act (FACTA). This law requires the establishment and maintenance of a program to identify, detect, prevent, and mitigate identity theft for “covered accounts” in day-to-day operations for both financial institutions and creditors. This definition is loose enough to apply to a wide range of companies that hold “transaction accounts” belonging to a consumer, such as brokerage firms or mutual funds, banks, savings and loan associations, mutual savings banks, credit unions, and even public utilities.Path to ComplianceThe path to successful Red Flags compliance is a four-part process:Identify: Institutions must identify likely business-specific identity theft “red flags”Detect: Institutions must define procedures to detect Red Flags in day-to-day operationsPrevent and mitigate: Institutions must define actions to take when red flags are identifiedMaintain: Institutions must define how their Red Flags program will be maintained and updatedPenalties and RisksWhile there are presently no criminal penalties for breach of Red Flags requirements, the FTC may impose a fine of $2,500 per individual incident (customer or transaction), in addition to state penalties of $1,000 per individual incident (customer or transaction, plus attorney’s fees). After receiving an initial regularly warning for non-compliance, organizations may be fined up to $11,000 per individual incident. For organizations with tens or hundreds of thousands of customers, a wide-spread breach may be financially disastrous — as well as extremely damaging to your company’s reputation.Policy DefinitionAerstone can work with your organization to develop the necessary privacy and security policies, and conduct the necessary staff training, that will ensure full compliance with FTC Red Flags requirements. Our application testing services can also help ensure the security posture of your public-facing systems, so that all your sensitive customer information is properly protected.Our Experience Sets Us ApartAerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and private industry. Contact Us TodayMore ProductsPCI ComplianceAerstone is a PCI Qualified Security AssessorFERPA CompliancePrivacy Assessments for EducationCMMC / DFARSCMMC Readiness Assessments for DoD Contractor Companies VIEW ALLLET'S TALKConnect with Aerstone's cybersecurity experts today.Let us know what you’re interested in and we’ll get back to you within 24 hours.Full Name *Email *Phone NumberWebsiteHow Can We Help? *LET'S GO!
