A “red flag” is the Federal Trade Commission’s term for suspicious
activities or signs that should alert a business to possible security breaches
or identity fraud. It
is the basis for the Red Flags Rule, the nationwide standard of fraud prevention
service that will be enforced on November 1, 2009. And, although not
specifically outlined as such, a recent data breach provides an excellent
example of the preventative power of recognizing red flags.
In an article from CU Info Security, PayChoice a New Jersey payroll processor, was victim of a
data breach in September, in which attackers obtained e-mail addresses, login
IDs, and passwords for a payroll Web site. The red flag occurred later when
customers of PayChoice reported employees on their payrolls who that didn’t
actually work for them. PayChoice took immediate action.
Recognizing the possible fraud, PayChoice shut down its Online
Employer Web site and alerted its customers to potential fraud. They are
currently working with law enforcement specialists to find the hackers
responsible.