What about Email as a Transaction? Complying with the FTC Red Flag Rules

If your company acts as a creditor, hopefully by now you have heard about the 26 FTC Red Flag Rules that you must be in compliance with by November 1st, 2008. The FTC reports that an identity is stolen every 4 seconds; and in 2007 identity theft was the number one consumer fraud complaint received by the FTC. So, it is easy to see why these rules and the associated penalties for non-compliance have been formed. 

If an organized approach to compliance, including a data flow and gap analysis, is not yet a part of your overall risk assessment process and you do not have a solid understanding of the role IT plays in complying with these rules, then you are putting yourself in a high risk situation. If this sounds like where you are at in your preparation then you could be facing an unlimited liability scenario, not too mention a serious risk to your customers’ identities. 

Understanding how data flows in an organization; how transactions are monitored; how to recognize anomalies, and how to mitigate these risks provides the necessary information to make informed decisions in your customer identity risk strategy. A large part of this identity risk strategy that speaks directly to the Red Flag Rules is how to monitor business transactions. Although it may not get the same attention as online transaction services, email as a transaction is a huge risk of which you should be aware as email is often used to transmit a customer’s personal information necessary to complete a transaction. 

Estorian’s LookingGlass has risen to the challenge of ensuring your company can meet its FTC Red Flag Rule transaction monitoring obligations as it pertains to email.  Estorian’s LookingGlass gives companies the ability to monitor email transactions by:

  • Ensuring email transactions are valid. LookingGlass looks at email header and metadata providing valuable information on the validity of the email transaction. This allows Red Flags such as change of addresses, PIN numbers, SSN numbers etc. to become easily searchable through the Looking Glass interface.   
  • Transaction alerting thresholds can be set. With LookingGlass, alerts can be set that allow you to be aware when your defined monitoring thresholds are reached in real-time.  Whether this is in the form of customer names or other personally identifiable information associated with fraud, you can set notifications that meet your compliance needs. 
  • Provide a centralized easily accessible repository for email transactions. Using LookingGlass eliminates the need for PST files for email transactions thus eliminating transaction file limitations and risk of loss.  All email transactions are easily retained for accessing, reviewing and compliance reporting. 

With the costs and liabilities associated with customer data breaches increasing, it makes sense that companies take the appropriate and proactive steps necessary in complying with the FTC Red Flag Rules. Recognizing email as a transaction and mitigating transaction monitoring risks through the use of Estorian’s LookingGlass provides the necessary granular controls needed for email transaction monitoring compliance. After all, if you plan on keeping your customers and staying in business, having an identity risk strategy that involves email transactions is paramount to keeping your customers’ identities protected.  

Click Here to Signup for the DCIG Newsletter!


DCIG Newsletter Signup

Thank you for your interest in DCIG research and analysis.

Please sign up for the free DCIG Newsletter to have new analysis delivered to your inbox each week.