Home > News & Events > Financial Institution Letters




Financial Institution Letters

Identity Theft Red Flags
Interagency Final Regulation and Guidelines
FIL-100-2007
November 15, 2007


Summary: The FDIC, along with the other federal financial institution regulatory agencies and the Federal Trade Commission, has issued the attached final rule and guidelines on identity theft "red flags" and address discrepancies. The rule requires that financial institutions and creditors implement a written identity theft prevention program, that card issuers assess the validity of change of address requests, and that users of consumer reports reasonably verify the identity of the subject of a consumer report in the event of a notice of address discrepancy.

Highlights:

  • The regulation and guidelines implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
  • The regulation requires financial institutions and creditors to implement a written identity theft prevention program.
  • The regulation requires card issuers to assess the validity of change of address requests before issuing additional or replacement debit or credit cards.
  • The regulation requires users of consumer reports to reasonably verify the identity of the subject of a consumer report in the event the user receives a notice of address discrepancy from the consumer reporting agency.
  • The guidelines are intended to assist financial institutions in implementing the regulation.
  • Supplement A to the guidelines contains a list of 26 "red flags" that financial institutions and creditors may consider incorporating into their identity theft prevention programs.
  • The regulation and guidelines are effective on January 1, 2008, and mandatory compliance is required by November 1, 2008.

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
Chief Information Security Officer

Related Topics:

  • FIL-22-2006, Prohibition Against Discrimination in Credit
    Transactions, issued March 9, 2006
  • FIL-27-2005, Guidance on Response Programs for
    Unauthorized Access to Customer Information and
    Customer Notice, issued April 1, 2005
  • FIL-7-2005, Guidelines Requiring the Proper Disposal of
    Consumer Information, issued February 2, 2005
  • FIL-22-2001, Guidelines Establishing Standards for
    Safeguarding Customer Information, issued March 14,
    2001

Attachment:
Interagency Final Rule Regarding Identity Theft Red Flags
and Address Discrepancies

Contact:
Senior Policy Analyst Jeffrey Kopchik at (202) 898-3872
or JKopchik@fdic.gov, or Counsel Richard Schwartz at
(202) 898-7424 or rischwartz@fdic.gov

Printable Format:
FIL-100-2007 - PDF (PDF Help)

Note:
FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2007/index.html.

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1102, Arlington, VA 22226 (1-877- 275-3342 or 202-416-6940).




Last Updated 9/29/2008 communications@fdic.gov