The regulations that are being proposed would require each financial institution and creditor to develop and implement an identity theft prevention program. The program must include policies and procedures for detecting, preventing, and mitigating identity theft in connection with account openings and existing accounts.
The proposed regulations include guidelines listing patterns, practices, and specific forms of activity that should raise a "red flag" signaling a possible risk of identity theft. Under the proposed regulations, an identity theft prevention program established by a financial institution or creditor would have to include policies and procedures for detecting any "red flag" relevant to its operations and implementing a mitigation strategy appropriate for the level of risk.
An example of such a "red flag" would be a change of address followed closely by a request for an additional or replacement card. The proposed regulations would require credit and debit card issuers to develop policies and procedures to assess the validity of such a request.
