The federal financial institution regulatory agencies and the Federal Trade Commission issued final rules on identity theft “red flags” and address discrepancies. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
The rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft in connection with new and existing accounts. The rules also require credit and debit card issuers to develop policies and procedures to assess the validity of a request for a change of address that is followed closely by a request for an additional or replacement card. In addition, the final rules require users of consumer reports to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency.
The rules were issued by the Federal Reserve, the FDIC, the Federal Trade Commission, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision. The final rules are effective Jan. 1, 2008. Covered financial institutions and creditors must comply by Nov. 1, 2008. The final rules are available at http://edocket.access.gpo.gov/2007/pdf/07-5453.pdf.