Identity Theft Red Flags Rule

United States

2008

Consumer Protection

Privacy

Overview

The Identity Theft Red Flags Rule, adopted in 2008 under Section 114 of the Fair and Accurate Credit Transactions Act (FACTA), requires certain businesses and financial institutions to establish formal programs to detect, prevent, and mitigate identity theft. The rule was issued by the Federal Trade Commission (FTC) along with federal banking regulators and the National Credit Union Administration (NCUA).

It applies to banks, credit unions, lenders, utility providers, auto dealers, and other creditor organizations that maintain covered accounts involving consumer credit or deferred payment.

Key Obligations

Implement a written Identity Theft Prevention Program
Identify relevant red flags based on account types and operations
Detect and verify red flags through account authentication methods

Take appropriate actions to mitigate or prevent identity theft
Update the program periodically based on evolving risks
Oversee service provider compliance and train employees

FAQ

Related Regulations

GLBA Safeguards Rule Compliance

FCRA Credit Reporting Regulation

NIST CSF 2.0 Cyber Framework

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.

Criminal Screening

Thorough background checks and criminal record verification to ensure compliance and maintain security standards in your onboarding process.