The document outlines the goals of presenting information on the FTC's Red Flag Rules for identity theft prevention and compliance. It aims to provide an overview of the rules' requirements (the WHAT), demonstrate how the idBUSINESS compliance module can help meet them (the HOW), and explain the importance of compliance (the WHY). Specifically, it discusses the rules' application to businesses that hold covered accounts, the necessary elements of a compliance program, and penalties for noncompliance. It then demonstrates the idBUSINESS module's tools for conducting risk assessments, training employees, and responding to incidents to help organizations achieve and maintain Red Flag compliance.
4. Our goals today
‣ To give you the WHAT…
‣ The FTC’s Red Flag Rules
5. Our goals today
‣ To give you the WHAT…
‣ The FTC’s Red Flag Rules
‣ ...review the HOW…
6. Our goals today
‣ To give you the WHAT…
‣ The FTC’s Red Flag Rules
‣ ...review the HOW…
‣ demo the idBUSINESS Red Flag Compliance
Module
7. Our goals today
‣ To give you the WHAT…
‣ The FTC’s Red Flag Rules
‣ ...review the HOW…
‣ demo the idBUSINESS Red Flag Compliance
Module
‣ but also give you the WHY
8. Our goals today
‣ To give you the WHAT…
‣ The FTC’s Red Flag Rules
‣ ...review the HOW…
‣ demo the idBUSINESS Red Flag Compliance
Module
‣ but also give you the WHY
‣ Why information security should be a part of
your business
9. Frame of reference
Fewer than 30% of covered entities were
compliant with the law on May 1, 2009
An estimated 11 million US businesses are
covered entities
11. What this means
‣ Lack of awareness and understanding
‣ Does not mean that FTC won’t be enforcing
12. What this means
‣ Lack of awareness and understanding
‣ Does not mean that FTC won’t be enforcing
‣ Early birds will get the worm
‣ Opportunity for competitive advantage
13. The facts
30%
40%
60%
70%
Business has suffered breach Thief is employee or knows employee
Business has yet to incur a breach Thief is unknown
• Since 2/15/05, over 251,000,000 Americans have had
identities or other personal information compromised
14. The facts
The average breach and its impact on customer confidence is growing.
58% of customers said they lost confidence in a
business following that business’ breach.
31% immediately severed their relationship with
the business upon notification of the breach.
Source: Ponemon Institute, 2008.
16. The Red Flag Rules
‣ Sections 114 & 315 of the Fair and Accurate
Credit Transactions Act
17. The Red Flag Rules
‣ Sections 114 & 315 of the Fair and Accurate
Credit Transactions Act
‣ Applies to you if:
18. The Red Flag Rules
‣ Sections 114 & 315 of the Fair and Accurate
Credit Transactions Act
‣ Applies to you if:
‣ you hold “covered accounts”
19. The Red Flag Rules
‣ Sections 114 & 315 of the Fair and Accurate
Credit Transactions Act
‣ Applies to you if:
‣ you hold “covered accounts”
‣ your customer records present a “reasonably
foreseeable risk of identity theft”
22. Red Flag Compliance
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
23. Red Flag Compliance
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
24. Red Flag Compliance
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
4. Must deliver compliance report on at least an annual basis
25. Red Flag Compliance
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
4. Must deliver compliance report on at least an annual basis
5. Must contain mechanism to train employees
26. Red Flag Compliance
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
4. Must deliver compliance report on at least an annual basis
5. Must contain mechanism to train employees
6. Must contain an incident response capability
27. Red Flag Compliance
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
4. Must deliver compliance report on at least an annual basis
5. Must contain mechanism to train employees
6. Must contain an incident response capability
7. Must ensure that vendors and suppliers are also compliant
28. “What happens
if I don’t comply?”
• Noncompliance carries several penalties
– Civil Liability
– Class-Action Lawsuits
– Federal Fines
– State Fines
29. The solution
‣ The idBUSINESS Red Flag Compliance Module
‣ Built on real-world forensic fieldwork
‣ Includes tools & benefits that actively involve
employees in your compliance efforts
‣ Transitions information security from a
compliance issue into a competitive advantage
36. The Red Flag
Compliance Module
‣ Access individual identity recovery protection using
FraudStop and Restore from ID Experts
‣ Available as employee benefit, cafeteria-style add-on,
customer blanket, or new revenue stream
‣ In the event of a breach, one-click access to best-in-
breed data breach services and forensic services
37. So I’m compliant...
‣ NOW WHAT?
‣ Don’t let it sit on a shelf
‣ Talk to your employees
‣ Talk to your customers
‣ Use your policy as a business-building tool