Skip to main content
FACTA Overview

Comply now, solutions for Red Flag Rules

Created by the U.S. Department of Treasury and the Federal Trade Commission, Section 114 of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 (FACTA) was enacted in November 2007. The legislation requires each financial institution, bank or creditor that stores consumer accounts to develop specialized identity theft prevention programs.

These policies and procedures require solutions — which must now be implemented by all specified financial institutions — that can identify patterns in consumer account behavior and flag those that could be of high risk. The deadline to be in compliance with the Red Flag rules has passed. Financial institutions are now required to comply with the Red Flag regulations. How do you ensure your organization is in compliance? The end result will help you achieve stronger online security, fewer losses from fraud and a renewed confidence in your brand.

Whether your organization would like to leverage a strong versatile authentication platform, fraud-monitoring solutions or a proven public key infrastructure (PKI), Entrust can help facilitate compliance with the Red Flag regulations. Entrust Identity Enterprise (formerly IdentityGuard) for strong multifactor authentication. Entrust Authority as the foundation for a public key infrastructure

FACTA Section 114

Let us help facilitate compliance with the Red Flag regulations

Entrust PKI & Identity-as-a-Service

  • Delivers a range strong authentication capabilities for appropriate deployment
  • Includes centralized policy enforcement across a range of different applications
  • Includes central logging and auditing of authentication attempts

Entrust TransactionGuard

  • Provides real-time fraud monitoring with no change to an application
  • Detects Red Flags in efficient manner
  • Evaluates sequence of events, rather than individual transactions

TLS/SSL Digital Certificates

  • Extended validation SSL certificates offer easy-to-see trust indicators to help end-users verify the identity of a given Web site
  • 128- or 256-bit SSL encryption
  • EV SSL certificates work with most popular browsers, including Microsoft® Internet Explorer® 7 and Firefox 3

Who is affected?

Enacted in November 2007, all financial institutions must now comply with the Red Flag identity theft regulations outlined in documents under the resources tab.

The definition of a “financial institution” includes, but is not limited to, the following:

  • Banks
  • Thrifts
  • Mortgage lenders
  • Credit unions and their non—functionally regulated operating subsidiaries
  • U.S. branches and agencies of foreign banks
  • U.S. commercial lending companies of foreign banks
  • Creditors


Official Title

Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 (FACTA)

Legislation Section



November 1, 2007

Mandatory Compliance



Summary The Red Flag regulation is in place to help financial institutions implement solutions and protocol that:

  • Identify relevant and/or suspicious patterns, practices and specific routines that can be “red flagged,” which will identify potential identity theft, then incorporate these rules into the solution;
  • Detect red flags that have been included in the solution;
  • Appropriately respond to any red flags that are detected to prevent and mitigate identity theft; and
  • Ensure the solution is updated periodically — ideally more often given the rapid changes in fraud attack vectors — to reflect changes and risks introduced by organized groups that perpetuate identity theft practices.


How does my organization comply?

Simple. As a part of your overall compliance effort, allow Entrust to implement a proven strong authentication solution that can help address key policies mandated by the Red Flag regulations.

Entrust Identity Enterprise

As a versatile authentication platform, Entrust Identity Enterprise can help to more strongly authenticate users across a range of different transactions. Given its central authentication role, the platform can identify potential “red flags” in a number of ways, including central logging and auditing, monitoring logins from black-listed IPs, or even a login from an unusual geographic location or unregistered device.

Entrust Authority PKI

The foundation of public key infrastructure, Entrust Authority PKI enables encryption, digital signature and authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms. These core capabilities can be leveraged to help organizations seamlessly comply with Red Flag regulations.

TLS/SSL Digital Certificates

An additional safeguard to help organizations comply with these new regulations, SSL digital certificates encrypt communication between a financial institution and an end-user when leveraging tools such as online-banking applications and Web portals. The newest type of certificate — extended validation (EV) SSL certificates — empowers users with easy to-see trust indicators that verify that they are on the correct site, helping reduce man-in-the-middle attacks, online fraud and identity theft.

Entrust Enters Exclusive Discussions to Acquire Onfido