Creditors and financial institutions are required to develop and implement an Identity Theft Prevention Program by November 1, 2008. The Federal Trade Commission (FTC) has issued a list of 26 red flags to help give businesses a starting point in developing their program; this is not meant to be an all-inclusive checklist, but rather as a guideline to aid establishments in developing their program to suit the type, size, and complexity of their business.

• A fraud or active duty alert is included with a consumer report
• A consumer reporting agency provides a notice of credit freeze in response to a request for a consumer report
• A consumer reporting agency reports an address discrepancy
• A consumer report shows a change in the pattern of activity, such as: a recent and significantly higher number of inquiries or credit accounts, or a material change in the use of credit, especially in recently established accounts
• Identification documents appear to have been altered or forged
• Person does not match the description or look like the photo on the ID
• Information on the ID is not consistent with information the applicant provided
• Signature or other information on the ID is not consistent with what the establishment already has on file, such as a signature card or recent check
• Application appears to have been altered or forged, or destroyed and reassembled
• Personal information discrepancies, such as: applicant's address doesn't match address in consumer report, or the SSN provided has not been issued or it is the SSN of a deceased person (found listed on the Social Security Administration's Death Master File)
• There is a discrepancy with some of the information provided by the applicant, for example, there is a lack of correlation between applicant's SSN and date of birth
• Applicant gives personal identifying information that is known to be associated with fraudulent activity
• Applicant gives the type of identifying information that is known to be associate with fraudulent activity, such as: a fictitious address, or the address of a mail drop or prison, a false phone number, a pager, or answering service phone number
• The SSN is the same as the SSN provided by another person who also opened an account at the establishment
• The address or phone number is the same as, or similar to, the numbers of an unusually large number of people who've opened or applied for an account
• The applicant fails to provide all the required information on the application,even after notification that the application is incomplete
• Personal information is not consistent with the information the establishment has on file
• The applicant cannot provide authenticating information beyond what could be generally available with a wallet or consumer report
• Shortly after an address change, the creditor receives a request from applicant to send convenience checks or a new credit card, or to add an authorized user to the account
• Mail is returned undeliverable even though the account is still active and currently in use
• A new revolving account is quickly used to the limit for cash withdrawals or items that can easily be sold, such as jewelry or electronics. Or, no payments have been made or only the first payment was made and then they stopped
• New activity that is not consistent with previous activity on the account, such as: missed payments when account holder has no prior missed payments, suddenly using much of the available credit line or a material change in what the account is used for, or a material change in call patterns in connection with a cell phone
• An account that has been inactive for a lengthy period of time is used, taking into consideration relevant factors
• Creditor is notified of unauthorized charges or use of an account
• Creditor is notified that the customer is not receiving their statements in the mail
• Creditor is notified that it has opened a fraudulent account for an identity thief
  
  
  
  Source:
  Federal Trade Commission