Identity Theft Red Flags Survey: Are You on the Right Path?

Study Helps Institutions Benchmark Progress Toward Nov. 1 Compliance Deadline Take the Survey Now With just under five months to go before the Nov. 1 deadline, how close are financial institutions to compliance with the new Identity Theft Red Flags Rule?

This is the key question to be answered by a new survey from Information Security Media Group (ISMG), which seeks to shed new light on what tracks to be one of the banking industry's top regulatory challenges of 2008.

Aimed at gauging the Identity Theft Red Flags Rule progress of U.S. financial institutions - not just banks and credit unions, but insurance companies, mortgage brokers, auto dealers and other money-driven businesses -- this survey cuts to the heart of this new mandate, asking business leaders to weigh in on:

What have been their biggest Red Flags challenges?
What additional resources do they need to complete/manage compliance?
How will they ultimately measure the success of their efforts?

"No question, Red Flags is one of the top priorities of banking and security leaders," says Mike D'Agostino, Marketing Manager of ISMG, publisher of and "We hear about the topic everywhere we go, and it's proven to be one of the most popular content categories on our sites. We look forward to taking the pulse of the industry and giving institutions new data they can use to benchmark their own compliance efforts."

Results of this survey, which will be live through June 27, will be presented in a new webinar, ID Theft Red Flags Roundtable - Tips from Regulators and Practitioners on How to Meet Nov. 1 Compliance, set to debut July 9. In addition to the survey results, this session will include presentations from banking regulators and practitioners, discussing Red Flags expectations and how institutions are rallying to comply with the rule.

Story of the Year
First announced by regulatory agencies last fall, the Identity Theft Red Flags rule - compliance with it -- has proven to be the biggest story of the year.

Under this new rule, each financial institution's Identity Theft Prevention Program must include reasonable policies and procedures for detecting, preventing and mitigating identity theft. This program also must enable the institution to identify relevant patterns, practices and specific forms of activity that are 'red flags' signaling possible identity theft. The rule requires that:

Financial institutions and creditors implement a written identity theft prevention program;
Card issuers assess the validity of change of address requests;
Users of consumer reports reasonably verify the identity of the subject of a consumer report in the event of a notice of address discrepancy.

Among the challenges for financial institutions: Creating and documenting these programs, and then creating effective Identity Theft awareness efforts for board members, employees and customers.

A recent check-in with institutions of various sizes Identity Theft Red Flags Progress Report: How Does Your Institution Stack up? shows that progress toward compliance is being made, but there is still plenty of work to be done.

Identity Theft topic has consistently been in the news as a result of high-profile data breaches at TJX, Hannaford and other businesses. And news of breaches and threats consistently draw interest from business leaders and consumers alike. Identity Theft is a major content category at ISMG, and the Red Flags Rule was a significant discussion point last summer in the webinar "ID Theft: Regulatory Agencies' Perspectives on Threats & Countermeasures," which featured representatives of the FDIC, NCUA, OCC, OTS and FTC.

Latest Survey from ISMG
This Red Flags survey is the latest major research initiative from ISMG. The most recent study, The State of Banking Information Security 2008, was administered last winter, resulting in a report that set the agenda for banking institutions' regulatory, security and management challenges for the year. Identity theft, as well as vendor management and pandemic planning, emerged as a top priority and indeed has played out as a major initiative as 2008 has unfolded.

Unlike The State of Banking Information Security survey, which included qualitative responses from respondents, the Red Flags study may be taken anonymously, urging respondents to speak freely of this regulatory challenge they now face.

Following the Red Flags survey, ISMG will begin work on the State of Banking Information Security 2009.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.