Data Privacy and Security
FACTA Red Flags
Click an active icon below to view FACTA Red Flags resources.
Topic Summary: FACTA Red Flags
Identity theft — the unauthorized use of the identifying information of another person to commit or attempt a fraud — is a serious problem for businesses and consumers. The Fair and Accurate Credit Transactions Act (FACTA) is a federal consumer-rights law intended to lower the risk of identity theft by regulating the way organizations handle consumer information.
FACTA requires companies to have an Identity-Theft Prevention Program and to train employees who handle consumer data to recognize and identify "red flags" — patterns, practices or activities that indicate the possible existence of identity theft. The training must also enable these employees to —
- Detect red flags when they occur;
- Respond appropriately to prevent and mitigate identity theft; and
- Ensure that red flags are updated periodically to reflect changes in the methods of identity theft.
The five categories of red flags under FACTA include —
- Warnings from consumer reporting agencies;
- Suspicious documents;
- Suspicious personal identifying information;
- Suspicious accounts or unusual use of an account; and
- Notice or alerts of possible identity theft from customers, law enforcement or other persons.
FACTA applies to companies of all sizes that maintain or service personal accounts for which there is a foreseeable risk of identity theft. Every company that handles consumer data should be alert for the red flags that apply to its business.
