Identity fraud training is one of the main requirements of the Red Flags Rule and there is a good reason for this Federal requirement because once red flags which lead to fraud have been identified through risk assessments and procedures are developed to detect and mitigate such fraud red flags, employees must be provided appropriate training to properly follow established identity theft prevention policies and procedures.
Front line staff are often the ones who face identity thieves as they commit their planned fraud using someone else’s identity. Depending on how transactions are initiated, these front line employees must be aware of how identity fraud occurs, how to detect fraud, and what to do when they detect or even suspect fraud. Internet transactions processors also face online identity fraud as increasingly transactions and communications occur online without physical interaction while certain related processes might occur off line to complete the requests. Depending on whether transactions are initiated offline or online, defined procedures and requirements for identity theft prevention might vary and must be addressed in fraud training materials.
As we discuss the need to provide fraud training to front line employees, we must step back for a moment and note that individuals who track and analyze fraud trends, assess identity theft risks, draft policies and procedures, train employees, and oversee the identity theft prevention program also need to receive fraud training in order to effectively perform their job duties in support of the identity theft program.
Many laws have already laid out private data safeguard and breach management requirements however identity fraud prevention is just beginning to be addressed through the Federal Red Flags Rule. As we start to acknowledge that loss of private information and subsequently identity fraud are inevitable and on the rise, we have arrived at a junction where similar to the Sarbanes-Oxley Act, we have Federal requirements to proactively address identity theft prevention thorough specific steps and one such requirement is fraud training for all employees who are in a position to support any and all aspects of the identity theft prevention program to detect and mitigate fraud.
Fraud training can be administered by qualified internal or external staff through a variety of means. Although the law requires employee training, it does not specify the format and length of the training however as fraud occurs, employee knowledge as well as effectiveness and adequacy of provided training will be assessed by regulators or attorneys to identify whether lack of employee knowledge regarding policies and procedures has led to the recurring identity fraud cases and determine any regulatory violations.
The penalties for violating any aspect of the Red Flags Rule as stated on the FTC website is as follows:
"The FTC can seek both monetary civil penalties and injunctive relief for violations of the Red Flags Rule. Where the complaint seeks civil penalties, the U.S. Department of Justice typically files the lawsuit in federal court, on behalf of the FTC. Currently, the law sets $3,500 as the maximum civil penalty per violation. Each instance in which the company has violated the Rule is a separate violation. Injunctive relief in cases like this often requires the parties being sued to comply with the law in the future, as well as provide reports, retain documents, and take other steps to ensure compliance with both the Rule and the court order. Failure to comply with the court order could subject the parties to further penalties and injunctive relief."
One specific conclusion that can be drawn from the above statement is that the government regulators will continue to audit the organization which was found to be non-compliant to make sure that they have implemented all identified deficiencies. Therefore it is necessary for management to ensure that their identity theft prevention program is fully in place and operating effectively before the regulators do.
The Certified Red Flag Specialist (CRFS) designation is the identity fraud certification developed to provide the necessary fraud training for preventing identity theft, reducing fraud costs, and complying with the Red Flags Rule. The CRFS identity fraud certification not only provides the required training for identity theft management and compliance but it also includes an examination to assess and certify the knowledge of candidates regarding identity fraud prevention requirements.
For any fraud training or certification questions, please visit Identity Management Institute.