At which stage of the application process does the Red Flags Rule apply? The Red Flag Rule would apply whenever you detect a Red Flag in connection with an application. This could occur as soon as you receive an application, for example: if the application appears to have been altered or forged; or the consumer’s identification appears to be forged or is inconsistent with the information on the application. Is the social security number (SSN) check a requirement? No, but an invalid SSN may be a Red Flag – i.e., an indicator of possible identity theft – and obtaining and verifying a SSN may be a reasonable means of application risk management to detect this Red Flag when opening accounts. You may be able to utilize your existing procedures under your Customer Identification Program under the USA PATRIOT Act.
After reviewing more details around the "The President’s Identity Theft Task Force Report" (September 2008), and some of the activities surrounding it, I find myself again pondering how all of this may be impacting our clients. Does heightened consumer awareness around both identity theft Red Flags rules and government initiatives (like the task force report) put more pressure on various industries to have buttoned up identity theft prevention programs that are not only effective, but also "marketed" to consumers? Are consumers now expecting to see more blatant identity theft prevention measures in place each time they transact with a service provider…any service provider?Lots of questions here, so let me know if you are feeling residual pressures from your consumer base as a result of any of the latest initiatives or reports. I can say that we do have some clients that believe effective identity theft measures matter to their customers and use their protection measures as marketing messages. For example, the use of knowledge-based authentication questions during an application or transaction approval process is not only effective in preventing fraud, but also leaves customers with a sense of security and an understanding that their financial institutions are working to combat identify theft..
What to do when you see a Red Flag. Your Identity Theft Prevention Program should include appropriate responses when you detect a Red Flag. You must assess whether the Red Flag evidences a risk of identity theft. If so, your response must be commensurate with the degree of risk posed. Depending on the level of risk, an appropriate response may include contacting your applicant, not opening a new account or even determining that no response is necessary.