Vol. 14, No. 15 - September 8, 2008
This issue of the CSAA Signals is brought to you by our sponsor:
Table of Contents
It was reported at the September 4, 2008 Alarm Industry Communications Committee (AICC) meeting that the Federal Trade Commission (FTC) has published rules requiring financial institutions and creditors to develop and implement written identity theft prevention programs by November 1, 2008. Under the rules, “creditors” are defined broadly as entities that regularly extend, renew or continue credit.
What are the rules?
The rules require companies to implement procedures to detect, prevent and mitigate identity theft with respect to new and existing “covered accounts.” A “covered account” is a continuing relationship: (a) that a financial institution or a creditor offers or maintains with a person to facilitate the person’s purchase of products or services primarily for personal, family or household purposes; and (b) that involves or is designed to permit multiple payments or transactions.
A “covered account” also includes any other continuing relationship that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk of injury (including risk of financial, operational, compliance, reputation and/or litigation injury) from identity theft: (a) to the customer of the account; or (b) to the safety and soundness of the financial institution or creditor.
The core of the program is the listing of various patterns, practices and specific activities (called “Red Flags”) which may indicate the possible theft of the identities of: (a) existing customers maintaining “covered accounts” with the Company; and (b) new or purported new customers opening “covered accounts” with the Company. The rules require companies to periodically conduct a risk assessment to determine whether it offers or maintains “covered accounts.”
The Blooston law firm, AICC Counsel, has developed a template, "Identity Theft Prevention Program” to assist companies in complying with the FTC’s rules. For more information, please contact Ben Dickens at 202-828-5510 or Mary Sisak at (202) 828-5554.
To read the FTC’s Business Alert, visit http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm.
As we reported previously, CSAA's Alarm Verification and Notification Procedures Standard (CS-V-01) is entering an ANSI Comment period (BSR/CSAA CS-V-01-200x, Alarm Verification and Notification Procedures Update). The Comment Period will end on September 14, 2008.
A copy of the draft can be found at www.ltfiore.com/files/ANSI_CSAA_CS_V_01_2004-ltf-2-02-08DRAFT.doc.
Please use the following form to make any proposed changes: http://www.csaaintl.org/Form_for_Proposals_on_CSAA_Standards_Documents.doc
For additional information, please contact Louis T. Fiore at firstname.lastname@example.org.