I'm reading the proposal on FACTA Red Flags and ID Theft.& thinking about what we would do when notified of this issue. A customer files an Reg. E error resolution or Reg. Z claim because his card was stolen and transactions were made against his account. Does this fall under that FACTA Red Flags and ID theft in proposal? Am I going too far with this?

I think it stays within Reg E or Z. Once an error is determiend, Regs E & Z provide for the process and timeframes to follow. What the ID theft provisions of the FACT will require is more complex. We will be building a set of internal controls ( red flags ) to monitor id theft. Reg E & Z are still valid and serve an important role. This is the future of compliance: building sytems of internal control. BSA and US Patriot Act is a good example. It will be critical for IT and Customer Service to be involved in the new ID theft provisions.

If your customer's card was stolen, you face both Regulation E and FCRA problems. You must comply with Regulation E's error correction rules. But also, the theft is an indication that there may be more problems. This meets the definition of identity theft. I would strongly recommend sending your customer information about identity theft and either a copy or or how to get the identity theft affidavit.