Archive for the ‘Financial Fraud’ Category

If you haven’t heard – the FTC moved the Red Flag fraud deadine out to June 1, 2010. Good news if your an entity that needs to comply, because the last deadline (November 1, 2009) already passed.

Bill Brenner has an article on InfoWorld about the extensions. And Ed is quoted in it:

Ed Moyle, founding partner at SecurityCurve, former VP of information security at Merrill LynchTruthfully, in the field, a lot of the folks I’ve come across are pretty much where they need to be from a regulatory standpoint (i.e. they’ve hit the bar required by the regulation). But just hitting that bar doesn’t mean a company is all the way there in terms of protecting customers from identity theft.

My recommendation to folks that think they have everything in hand on this is two-fold: First, make sure all the i’s are dotted and t’s crossed before the deadline to make sure they’re compliant with the reg. (i.e., make sure that they have the defined identity theft processes and that their staff are trained on what to do if someone calls in to report identity theft). Second, while the iron’s hot, look to see if there’s something that they can do to address identity theft proactively for example, maybe can they change the business processes to reduce the likelihood of identity theft? This isn’t always possible, but why not use compliance with the law as an opportunity to go over and above?