By May 1, any company that provides service in advance of payment (a “creditor”) must implement a written customer protection program to identify and detect identity theft. This program must be designed to detect a “Red Flag,” which is a pattern, practice or specific activity that indicates the possible existence of identity theft.
The FTC has identified five categories of Red Flags and provided a list of examples of the types of Red Flags that fall under each category. If you are providing interconnected voice or VoIP services, the Red Flag compliance program can be combined with your CPNI program required by the FCC's rules. The customer protection program must include policies and procedures for:
- (a) detecting warning signs or “Red Flags” of identify theft;
- (b) responding to any such Red Flags in a manner that will prevent or mitigate the identify theft; and
- (c) updating the Program.
The customer protection program must be managed by the Board of Directors or senior employees of the company if there is no Board. Also, the customer protection program must provide for staff training and oversight of your company’s service providers.
As a service to WISPA members, Rini Coran can provide you with Red Flag Guidelines for a flat fee. If you are interested, please contact Steve Coran at 202.463.4310 or scoran (at) rinicoran.com.