This message contains graphics. If you do not see the graphics, view this email as a Web page.
Fighting Fraud with Frank - December 4, 2008 - Face the FACTs

Red Flag D-Day is upon us. Make sure your organization is compliant.

After many years of analyzing and planning how to protect consumers against identity theft, the date for mandatory compliance of the FACT Act has arrived. In this issue of Fighting Fraud with Frank I have identified some of the basic fundamentals of the FACT Act, its importance to consumers and what it takes to be compliant.

What is the FACT Act?

In 2003, the Fair and Accurate Credit Transactions Act (FACT Act) was passed into law which required creditors and financial institutions to develop a written program that identifies and detects relevant warning signs of identity theft (“red flags”) and to take appropriate action once they are identified. In November 2007, final rules and guidelines were published by the FTC and 100% compliance was mandated by November 2008.

Why is the FACT Act important?

The FACT Act is important for two reasons:

  1. It reduces the rate of identity theft by preventing it from occurring
  2. Non-compliance to the program can result in lawsuits from consumers and government action against the company that is not compliant

Who needs to comply with the FACT Act?

The FACT Act applies to Financial Institutions

  • State and National Banks
  • Federal Credit Unions
  • Finance Companies
  • Auto Dealers
  • Mortgage Brokers
  • Utility Companies
  • Telecommunication Companies
  • Third parties that provide information to Financial Institutions

What are red flags and what needs to be monitored?

At the core of the rules and guidelines are “Red Flags”. Red Flags according to the Act were defined as patterns, practices or specific activity that would indicate the possible risk of identity theft. The rules and guidelines in the Act went further by defining examples of what needs to be monitored. These included such things as:

  1. Fraud Alerts on the consumer’s credit report,
  2. Problems with the Social Security numbers on the application, and
  3. Suspicious or forged documentation.

The Act provided examples of 26 Red Flags that should be incorporated into an organization’s program. These Red Flags can be divided into the following categories:

  • Consumer Alerts and Freezes – Flags specifically related to fraud alerts, freezes, discrepancies and unusual activity provided on a credit report by a credit reporting agency.
  • Altered Documents – Flags specifically related to identification documents provided for the account and whether they appear to be altered or are not consistent with other data available; (i.e. do the driver’s licenses, passports, etc. appear to be consistent or altered).
  • Suspect Personal Information – Flags specifically related to suspicious personal identification information. These examples include bad SSNs, known bad addresses and telephone numbers and information inconsistent with other information the institution has in its records.
  • Existing Account Activity – Flags specifically relating to fraud occurring on an existing account such as a dormant account that suddenly has activity or a credit card account suddenly purchasing significant quantities of easily convertible-to-cash merchandise.

In addition to these general Red Flags for organizations, there were special rules for credit card issuers which include notifying cardholders of changes of their address, examining documentation from cardholders for conspicuous fraud attempts and other factors.

What are the core elements a financial institution should implement to be compliant?

BasePoint has developed a 4 Step FACT Act Compliance Program which ensures that a lender, creditor or financial institution is compliant with the new rules and guidelines. The program establishes compliance along four dimensions:

  1. Assessment – A GAP Analysis of where an organization is relative to the FACT Act to establish baseline,
  2. Fraud Tool – Implementation of fraud solutions to automatically identify red flags,
  3. Process Implementation – Training and implementation of the analyst responsible for red flag detection, and
  4. Written Document of Compliance – A document which the organization can use to show their compliance.

What elements need to be a part of the written FACT Act Compliance document?

The foundation of FACT Act compliance is the development of a written plan which identifies how an organization defines, identifies, detects and resolves occurrences of red flags. The written process document must be filed and updated annually based on changes to any processes which were involved in the prevention of identity theft.

The written process document should include the following:

  1. Accounts Covered – A summary of the accounts the organization monitors in accordance with the FACT Act.
  2. Fraud Identification – A summary of the tools used to identify red flags and a description of the red flags that the solution identifies for the organization.
  3. Fraud Detection – A summary of the fraud detection process that is used based on the red flags indicated by the fraud tools.
  4. Fraud Resolution – A summary of the resolution process of how accounts or applications are resolved through the process. This involves how customers are contacted, how applications are declined, and any reporting of the transaction.
  5. Training – A description of where and how associates within the organization are trained to detect and resolve those red-flags identified by the fraud tool.

How long can it take to be compliant?

Lenders and financial institutions have been planning for FACT Act compliance for years by establishing processes, policies, tools and training programs to bring their organization into compliance. If needed, completion of the final steps for compliance to the FACT Act can typically be achieved in less than four weeks with the BasePoint program.

Author

Frank McKenna is Co-founder and Chief Fraud Strategist for BasePoint Analytics based in Carlsbad, CA. He may be reached at (760) 602-4971 x104 or via email at FMcKenna@BasePointAnalytics.com

Your privacy is important to us. If you no longer wish to receive email from BasePoint Analytics,
please email us to be removed from our mailing list.
If you would like to be added to our mailing list, please complete this form.

Additional Information

Ask Frank

Send your questions, comments, and/or ideas for future discussion topics to Frank.


BasePoint Launches Industry’s First Fully Automated Income Verification Service


Are you at risk for identity theft?
Find out for free at BasePoint's Identity Theft Risk Assessment


Frank McKenna, Co-founder and Chief Fraud Strategist of BasePoint Analytics

Frank McKennaFrank helped develop and introduce advanced predictive technology to detect mortgage fraud. Frank's vast experience in fraud management has enabled him to identify unique and effective tools to manage lender risk through pattern analysis and evaluating other parties in the transaction, such as mortgage brokers.