red flag rules response

Red Flag Response

The red flag compliance officer must evaluate which red flags have the greatest potential and prioritize verification and action policy when red flag detection occurs.

The first step in good identity theft detection is obtaining good documentation regarding the identity of the customer opening a “covered account”.

A minimum amount of required information should be obtained, including:

1)         Full name of the customer

2)         Date of birth

3)         Address, residential or business address for an individual

4)         Identification number, such as social security number, taxpayer identification number or passport identification number

The second step in good identity theft detection is verifying and authenticating the customers identity and documentation.These steps include:

1)         Obtain unexpired government issued photo ID, such as a driver’s license, identification card or passport

2)         Obtain government issued business documents, such as articles of incorporation, business license, resale permit, or partnership agreement.

3)         Obtain information to make independent verification through a consumer reporting agency, public database, financial institution or financial statement.

Appropriate response to red flag incidents must also be addressed in the policy. If the dealership has had a data security exposure all red flags require closer scrutiny.

For a red flag incident which can be resolved, a written explanation in the file is all that may be required, with a signoff by the red flag compliance officer. The response should escalate when the red flag incident cannot be resolved through conventional policy methods.The red flag compliance officer will then have to decide a course of action:

1)         Terminate the transaction as red flags are unable to be resolved

2)         Keeping the transaction in house rather than outside vendor

3)         Law Enforcement notification

Red Flag Rules Program Updates

Credit bureau reporting and notification of appropriate government agencies should be part of a comprehensive identity theft prevention program .Periodic updating of the red flag rules, as well as procedural audits and cyclical staff training will insure the red flag compliance officer achieves success.

These updates will include any new dealership experiences with identity theft, changes in methods of identity theft, changes in methods of prevention, detection and mitigation of identity theft and changes in the business model and/or structure of the dealership.

The red flag compliance officer always reports back to the dealer with audit results, modification orders and a training schedule for all staff. A dealer must then certify their red flag rules policy as complete and in compliance with all aspects of the red flag rules. Once in compliance, training of all staff must be conducted in a timely and ongoing manner.

The red flag compliance officer must make a periodic review of business practices and red flag rules and certify continued compliance with the red flag rules, the Identity Theft Prevention Program.

Current List of Red Flag Rules Instructors

Joseph Weatherman                415-730-3131

Azita Rezaei                             415-730-3137

Jorge Elizalde                          209-985-0426

Mike Ramos                             714-797-5780

Sony Duong                             714-677-0843

Claudia Patton                          310-216-1438

Nancy Fong                             714-401-2454