By Joseph Conciatori
If you are like me, chances are you have personally identifiable information (PII) stored online, including your name, address, and Social Security number. We use it for everything from online banking to ordering from our favorite local restaurants and purchasing airline tickets. PII can also be found in our electronic medical records. While you may think this information is always secure, it is not. Hackers lurk throughout the dark web, lying in wait to steal your PII and utilize it for their own malicious purposes. The Federal Trade Commission (FTC) reports that 5.7 million Americans fell victim to identity theft in 2021, costing them a staggering $5.8 billion¹. You therefore need a solution that keeps identity thieves at bay.
Fortunately, the FTC’s Red Flags Rule is here to help. This federal regulation outlines that businesses must adopt and implement identity fraud programs to prevent and detect any instances thereof². In addition to requiring organizations to implement written identity theft prevention programs, the Red Flags Rule also offers them steps they can follow to prevent such crimes and mitigate any damage done². In this article, we will outline how the Red Flags Rule works along with best practices for addressing red flags within your business.
The Red Flags Rule encompasses five categories of red flags². The first includes alarms, alerts, warnings, and notifications from consumer reporting agencies². Meanwhile, the second includes all suspicious documents². Category number three consists of suspicious and/or unusual activities linked to covered accounts, while the fourth includes suspicious PII like discrepancies in last names or addresses². Finally, the fifth category includes notifications from customers, law enforcement authorities, and other parties regarding identity theft involving specific accounts². Now that you know the five categories of red flags for identity theft, we will highlight best practices for addressing them.
If you are a financial institution, like the bank pictured below, you must conduct periodic risk assessments to determine whether your business’s accounts are covered under the Red Flags Rule². Keep in mind, too, that if you do not comply with the Red Flags Rule, you will be required to pay $3,500 in civil fines, plus $2,500 directly to the FTC, for each violation². In short, regularly addressing your organization’s risks helps stop identity thieves in their tracks before they can become a detriment to your business.
(Image courtesy of https://live.staticflickr.com/2434/3688223706_910af383ca_b.jpg)
Another best practice for preventing identity fraud is to frequently check your employees’ and customers’ PII for any inconsistencies, as they may indicate identity theft³. For example, fraudulent information such as false addresses and invalid phone numbers is a major red flag³. You should also keep an eye out for any address or telephone number in your records that multiple people use to open accounts³. This demonstrates that addressing discrepancies is key for keeping identity thieves from stealing your employees’ and especially your customers’ sensitive information.
While conducting periodic risk assessments and addressing inconsistencies are crucial, you must also monitor your company’s bank accounts for suspicious activity³. For example, if your customer opens a new account but does not make any payments, or only makes the first payment, this is a sign that not all is right³. You should also watch for information that the customer is not receiving account statements either in the mail or via email, and about any unauthorized charges on their account(s)³. In summary, identifying the FTC’s Red Flags can easily help you prevent identity fraud from occurring.
To detect red flags within your organization, you should implement multifactor authentication (MFA) techniques across your business’s computer systems, including biometrics such as fingerprints or facial recognition, passwords, PINs (Personal Identification Numbers), tokens, and smart cards like the one pictured below³. However, keep in mind that certain types of personal information, such as your Social Security number, are easily accessible and thus unfit for you to use as reliable authenticators³. In short, MFA can protect your business’s sensitive information and keep identity thieves at bay.
(Image courtesy of https://www.securew2.com/blog/pki-smart-card-authentication-enterprise)
Still another best practice for preventing identity theft is to take heed when posting on your business’s social media accounts¹. For example, you should not share any photographs taken in front of your company’s address, lest identity thieves steal your sensitive corporate information and use it maliciously¹. This demonstrates that identity theft takes many forms, and you must be prepared to address them all.
Finally, if you spot any red flags, you must respond to them appropriately³. While your response may vary based on the degree of risk posed to your organization, several common responses include monitoring covered accounts for evidence of identity theft, contacting the customer, changing access methods such as passwords and security codes, and closing accounts where suspicious activity has occurred³. You can also reopen accounts with new account numbers, while in serious cases, you must notify law enforcement of the theft³. Any way you slice it, responding to red flags appropriately not only stops identity thieves from stealing your information, but it also saves you time, money, and headaches from not suffering the disastrous consequences thereof.
If you need security solutions to comply with the FTC’s Red Flags Rule and prevent identity theft, navitend can help. We offer multi-factor authentication, plus a variety of other managed IT services and support, for clients in New Jersey, New York, and eastern Pennsylvania. Our top priority is keeping your business’s data, devices, and networks secure 24 hours a day and seven days a week.
Navitend can help you. Call 973.448.0070 or setup an appointment today.
Sources:
¹National Council on Identity Theft Protection. “2022 Identity Theft Facts and Statistics.” Retrieved from https://identitytheft.org/statistics/.
²IS Systems, LLC. “What is the FTC Red Flags Rule and Who Must Comply?” by Mike Mariano. Retrieved from https://www.ispartnersllc.com/blog/what-is-the-ftc-red-flags-rule-and-who-must-comply/.
³Federal Trade Commission (FTC). “Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business.” Retrieved from https://www.ftc.gov/business-guidance/resources/fighting-identity-theft-red-flags-rule-how-guide-business#ednref11.
You can also view these helpful related articles on Cyber security
https://www.navitend.com/blog/article/best-practices-for-identifying-and-preventing-ddos-attacks
https://www.navitend.com/blog/article/brute-force-attacks-what-they-are-and-how-to-prevent-them
Contact us at 973.448.0070