Red Flag Response
The red flag compliance officer must evaluate which red flags have the greatest potential and prioritize verification and action policy when red flag detection occurs.
The first step in good identity theft detection is obtaining good documentation regarding the identity of the customer opening a “covered account”.
A minimum amount of required information should be obtained, including:
1) Full name of the customer
2) Date of birth
3) Address, residential or business address for an individual
4) Identification number, such as social security number, taxpayer identification number or passport identification number
The second step in good identity theft detection is verifying and authenticating the customers identity and documentation.These steps include:
1) Obtain unexpired government issued photo ID, such as a driver’s license, identification card or passport
2) Obtain government issued business documents, such as articles of incorporation, business license, resale permit, or partnership agreement.
3) Obtain information to make independent verification through a consumer reporting agency, public database, financial institution or financial statement.
Appropriate response to red flag incidents must also be addressed in the policy. If the dealership has had a data security exposure all red flags require closer scrutiny.
For a red flag incident which can be resolved, a written explanation in the file is all that may be required, with a signoff by the red flag compliance officer. The response should escalate when the red flag incident cannot be resolved through conventional policy methods.The red flag compliance officer will then have to decide a course of action:
1) Terminate the transaction as red flags are unable to be resolved
2) Keeping the transaction in house rather than outside vendor
3) Law Enforcement notification
Red Flag Rules Program Updates
Credit bureau reporting and notification of appropriate government agencies should be part of a comprehensive identity theft prevention program .Periodic updating of the red flag rules, as well as procedural audits and cyclical staff training will insure the red flag compliance officer achieves success.
These updates will include any new dealership experiences with identity theft, changes in methods of identity theft, changes in methods of prevention, detection and mitigation of identity theft and changes in the business model and/or structure of the dealership.
The red flag compliance officer always reports back to the dealer with audit results, modification orders and a training schedule for all staff. A dealer must then certify their red flag rules policy as complete and in compliance with all aspects of the red flag rules. Once in compliance, training of all staff must be conducted in a timely and ongoing manner.
The red flag compliance officer must make a periodic review of business practices and red flag rules and certify continued compliance with the red flag rules, the Identity Theft Prevention Program.
Current List of Red Flag Rules Instructors
Joseph Weatherman 415-730-3131
Azita Rezaei 415-730-3137
Jorge Elizalde 209-985-0426
Mike Ramos 714-797-5780
Sony Duong 714-677-0843
Claudia Patton 310-216-1438
Nancy Fong 714-401-2454