FACTA - Fair and Accurate Credit Transactions Act
 (Identity Theft Red Flags Rule)

The Fair and Accurate Credit Transactions Act of 2003 ("FACTA"), known as the “Identity Theft Red Flags Rule”, requires mandatory compliance by November 1, 2008. It requires certain organizations to adopt a written identity theft prevention program.  Altius IT provides a 10 step approach to meeting FACTA Red Flags Rule compliance requirements.

Altius IT's risk assessments and audits help organizations meet compliance requirements, enhance data security and privacy, safeguard information, and reduce legal liability. 

Risk assessments are the first step in identifying, managing, and reducing your risks.  Altius IT's suite of assessment and audit services is ideal for:

• Organizations complying with the Fair and Accurate Credit Transactions Act (FACTA)
• Identity theft prevention programs
• Ensuring system integrity
• Banks, credit unions, mortgage lenders, utility companies, phone companies, other creditors
• Organizations that collect and store personal and/or sensitive financial data

Identity Theft Prevention Programs

Altius IT's risk assessments help organizations meet compliance requirements.  We help organizations by reviewing identify theft prevention programs and their policies and procedures to ensure identify theft can be detected, prevented, and mitigated.  The Fair and Accurate Credit Transactions Act requires organizations to:

• Establish a formal and written identify theft program (approved by the Board of Directors)
• Establish policies and procedures
• Identify covered accounts
• Establish systems to monitor and detect red flags
• Develop a response system to analyze and respond to red flags

Policies and Procedures

Altius IT reviews policies and procedures to ensure relevant patterns, practices, and specific forms of activity that are signals for possible identity theft have been properly identified and documented. 

Covered Accounts

Covered accounts are typically a consumer account that is offered by a creditor or financial institution.  This account typically involves multiple transactions or payments.  Examples of covered accounts include:

• Credit cards
• Mortgage loans
• Checking accounts
• Cell phone accounts
• Other similar accounts

Theft of Customer Information

The following are some of the ways identity theft can occur:

• Stealing mail from a mail box
• Diverting mail to another address
• Impersonating the victim in person
• Intercepting electronic information
• Trash and dumpster diving
• Digital dumpster diving
• Stealing wallets (credit cards)
• Stealing data from a warehouse
• Fake e-mail messages (phishing)
• Diverting to a fake web site
• Social engineering

Red Flags

Altius IT reviews your relevant red flags that can be a pattern, practice, or specific activity that triggers a belief that a red flag occurred.  Specific red flag categories include:

• Alerts and warnings form consumer reporting agencies
• Suspicious documents
• Suspicious personal identifiers
• Suspicious activity (account lockouts, etc.)
• Notification from customer, victims of identity theft, law enforcement, etc.

Altius IT Risk Assessment Services

Altius IT’s risk assessment services includes a review of 50+ different subject areas:

• Your organization's written identity theft prevention program
• Entity type
• Account offerings
• Types of accounts
• Organization's experience with identify theft issues
• Supporting systems
• Well known risks and vulnerabilities
• Covered accounts
• Relevant red flags
• Red flag detection procedures
• Response procedures
• Staff training procedures

Deliverables

Altius IT can review your existing plan or help your organization meet compliance requirements by preparing a written Identity Theft Protection Program.