Before looking at its impact on security controls, we need a thorough understanding of what the Red Flags Rule actually covers. According to an article posted at the American Hospital Association News site, the rule consists of three parts:
- Debit and credit card issuers must develop policies and procedures to assess the validity of a request for a change of address that is followed closely by a request for an additional or replacement card.
- Users of consumer reports must develop reasonable policies and procedures to respond to any notice of an address discrepancy they receive from a consumer reporting agency
- Financial institutions and creditors holding consumer or other “covered accounts” must develop and implement a written identity theft prevention program that covers both new and existing accounts.
Click here to read more