Created by the U.S. Department of Treasury and the Federal Trade Commission, Section 114 of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 (FACTA) was enacted in November 2007. The legislation requires each financial institution, bank or creditor that stores consumer accounts to develop specialized identity theft prevention programs.
These policies and procedures require solutions — which must now be implemented by all specified financial institutions — that can identify patterns in consumer account behavior and flag those that could be of high risk.
Whether your organization would like to leverage a strong versatile authentication platform, fraud-monitoring solutions or a proven public key infrastructure (PKI), Entrust can help facilitate compliance with the Red Flag regulations.
- Entrust IdentityGuard for strong multifactor authentication
- Entrust TransactionGuard for seamless, real-time fraud-monitoring
- Entrust Authority as the foundation for a public key infrastructure
|FACTA Section 114||Entrust IdentityGuard||
|Entrust Authority PKI|
|FACTA Section 114||Entrust TransactionGuard||
|FACTA Section 114||SSL Digital Certificates||
Enacted in November 2007, all financial institutions must now comply with the Red Flag identity theft regulations outlined in documents under the resources tab.
The definition of a "financial institution" includes, but is not limited to, the following:
- Mortgage lenders
- Credit unions (and their non—functionally regulated operating subsidiaries)
- U.S. branches and agencies of foreign banks
- U.S. commercial lending companies of foreign banks
- Any person or business* who arranges for the extension, renewal, or continuation of credit.
* In addition to banking institutions, retailers, utilities, car dealers and many other businesses are subject to this regulation.
Official Title: Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 (FACTA)
Legislation Section: 114
Enacted: November 1, 2007
Mandatory Compliance: Now
The Red Flag regulation is in place to help financial institutions implement solutions and protocol that:
- identify relevant and/or suspicious patterns, practices and specific routines that can be "red flagged," which will identify potential identity theft, then incorporate these rules into the solution;
- detect red flags that have been included in the solution;
- appropriately respond to any red flags that are detected to prevent and mitigate identity theft; and
- ensure the solution is updated periodically — ideally more often given the rapid changes in fraud attack vectors — to reflect changes and risks introduced by organized groups that perpetuate identity theft practices.
Many organizations want to answer a straightforward question: How does my organization comply? Simple. As a part of your overall compliance effort, allow Entrust to implement a proven strong authentication solution that can help address key policies mandated by the Red Flag regulations.
As a versatile authentication platform, Entrust IdentityGuard can help to more strongly authenticate users across a range of different transactions. Given its central authentication role, the platform can identify potential "red flags" in a number of ways, including central logging and auditing, monitoring logins from black-listed IPs, or even a login from an unusual geographic location or unregistered device.
Another approach is to leverage the capability of a proven fraud-monitoring platform. As a zero-touch fraud detection solution, Entrust TransactionGuard is ideally suited to address critical elements of the Red Flag requirements. This capability is fundamentally rooted in the solution’s approach to monitoring an entire online transaction sequence for all users, which will allow your organization to easily detect red flags efficiently and subsequently report on those transactions.
The foundation of public key infrastructure, Entrust Authority PKI enables encryption, digital signature and authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms. These core capabilities can be leveraged to help organizations seamlessly comply with Red Flag regulations.
An additional safeguard to help organizations comply with these new regulations, SSL digital certificates encrypt communication between a financial institution and an end-user when leveraging tools such as online-banking applications and Web portals. The newest type of certificate — extended validation (EV) SSL certificates — empowers users with easy-to-see trust indicators that verify that they are on the correct site, helping reduce man-in-the-middle attacks, online fraud and identity theft.
Comply now. Contact Entrust.
The deadline to be in compliance with the Red Flag rules has passed. Financial institutions are now required to comply with the Red Flag regulations. How do you ensure your organization is in compliance?
Contact Entrust to discover how our solutions can help your organization meet the upcoming deadline. The end result will help you achieve stronger online security, fewer losses from fraud and a renewed confidence in your brand.