The
Federal Trade Commission (FTC), the federal bank regulatory agencies, and the
National Credit Union Administration (NCUA) have issued regulations (the Red
Flags Rules) requiring financial institutions and creditors to develop and
implement written identity theft prevention programs, as part of the Fair and
Accurate Credit Transactions (FACT) Act of 2003. The programs must be in place
by November 1, 2008, and must provide for the identification, detection, and
response to patterns, practices, or specific activities – known as "red
flags" – that could indicate identity theft.