Certified Red Flag Specialist (CRFS)®

CRFS-RCertification Overview

The Certified Red Flag Specialist® (CRFS) designation is the leading registered workplace identity fraud prevention training and certification program developed based on US government approved techniques as outlined in the Red Flags Rule and rigorous examination by Identity Management Institute® (IMI).

As consumer information continues to be stolen in data breach incidents, companies increasingly face the threats and consequences of identity theft regardless of how or from where the victims’ personal information was obtained. Defrauding businesses is the main objective of identity thieves and well trained professionals can help organizations detect signs of identity theft (red flags) and prevent fraud in order to minimize losses, protect potential identity theft victims, and comply with the regulations.

There are many regulations, standards and guidelines which address the protection of consumers’ private information, however, when such efforts fail and consumer records fall into the wrong hands, businesses must be on the lookout for identity theft warning signs to detect and prevent fraud during business transactions. Therefore, employees must be properly educated and trained to adequately identify, detect, and respond to identity theft red flags with the latest techniques.

Identity Management Institute is an independent international organization which developed and administers the CRFS® training and certification program which is aligned with various regulatory requirements and guidelines, especially the US Red Flags Rule regulation which requires high risk organizations to implement an Identity Theft Prevention Program (ITPP) and includes comprehensive identity fraud prevention and detection standards.

IMI also manages the largest identity theft discussion group to support professional networking and encourage global collaboration.

Watch this video to learn more about the Certified Red Flag Specialist® (CRFS) program:


Application Process

To become a CRFS, candidates must be members of Identity Management Institute and pass an examination. If you are not currently a member, you can apply for membership as you apply for certification. Additional information about the examination is provided below or you may click here to apply for the CRFS designation.


CRFS Practice Test

Take a short practice test to learn more about the format and content of the final exam questions, discover your identity theft prevention knowledge level, and, receive explanations for the answers.

Who Should Become a CRFS®?

Many individuals are well positioned to help organizations detect and prevent identity fraud and must consider earning the Certified Red Flag Specialist® designation. Such professionals include employees, auditors, consultants, compliance officers, fraud management staff, and examiners of high risk organizations which must implement an effective identity theft prevention program to reduce fraud risks and comply with the laws.

Also, trained operations staff can help their organizations reduce identity theft risks by learning about customer identification and authentication, transaction authorization, and account or trend monitoring processes to detect and prevent identity theft.

In summary, CRFS professionals are recognized identity theft red flag experts who understand the components of an identity theft prevention program and can detect signs of identity theft during transactions and prevent fraud.

High Risk Companies

Many industries and companies face increasing identity theft risks with dire consequences of high fraud costs, lost customers, reduced productivity, and non-compliance with regulations. The following types of companies typically offer and maintain high risk accounts such as credit cards, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking or saving accounts, insurance and medical accounts, and any other accounts for which there is a foreseeable risk to customers or to the safety and soundness of the organizations including financial, operational, compliance, reputation, or litigation risks:

  • Banks,
  • Mortgage brokers,
  • Finance companies,
  • Investment firms,
  • Insurance companies,
  • Healthcare providers,
  • Automobile dealers,
  • Utility companies, and
  • Telecommunications companies.

CRFS Benefits

The Certified Red Flag Specialist designation is a registered program which demonstrates that an individual has been awarded the leading certification in the workplace identity fraud prevention field based on government approved techniques and rigorous examination. The capabilities that CRFS professionals possess include Identity Theft Prevention Program (ITPP) design, implementation, management and reporting, business and service provider risk assessments, policies and procedures management, staff training, as well as red flag expertise to identify, detect, and prevent identity theft.

Critical Risk Domains™

The CRFS Critical Risk Domains (CRDs) define the specific knowledge areas used to train, test, and certify candidates as follows:

  1. Identity Theft Overview
  2. Risk Assessments
  3. Identity Theft Red Flags
  4. Identity Theft Prevention Program
  5. Layered Security Controls

Download the program overview document for more details.

Application Process

The CRFS designation can only be obtained through an examination. All interested candidates must submit an application for certification and be IMI members. If you are not currently a member, please apply for membership as you apply for certification.

practice-testAbout the Examination

The exam consists of 100 multiple choice questions and can be taken online at any time within a year of receiving the study guide. 70 out of the 100 questions must be answered correctly to pass the exam and become certified. Registered candidates can schedule the exam for up to 3 times at no additional charge which can be taken on any day and from anywhere on desktop computers or mobile devices with Internet access. Take a short practice test now to learn more about the CRFS exam format.

Application Cost

The CRFS application fees are $295 for current IMI members which include the study guide and the exam. Learn about membership.

Certification Training

Registered candidates will receive a study guide to assist them with their CRFS exam preparation efforts. Group training and examination discounts are available and can also be administered onsite for all international locations. Please contact IMI for details.


CRFS Video Training

A video training is available to teach CRFS exam candidates as well as currently certified members or those who are contemplating to become certified about core topics of the CRFS program and workplace identity theft prevention. Click here to preview the video course.

Certificate Maintenance

Certified professionals must earn continuing education, adhere to the IMI code of ethics, and renew membership annually to maintain certification.

Payment Processing

IMI uses recognized online payment services to request and process credit card payments securely. Alternatively, candidates may mail a cashier’s or company check with their applications.

Red Flags Rule Compliance

Red Flags Rule

Red Flags Rue Compliance Services

The US Red Flags Rule requires that all organizations subject to the regulation develop and implement a formal, written and updated Identity Theft Prevention Program (“Program”) to detect, prevent and mitigate identity theft.

The Red Flags Rule applies to financial institutions and creditors with covered accounts as defined below:

  • A financial institution is typically defined as bank, savings and loan association, credit union, or any other entity that holds a transaction account belonging to a consumer.
  • A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not make an entity a creditor.
  • A covered account is an account used mostly for personal, family, or household purposes, which involves multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts. A covered account is also an account for which there is a foreseeable risk of identity theft such as small business or sole proprietorship accounts.
  • A transaction account is a deposit or other account from which the owner makes payments or transfers. Transaction accounts include checking accounts, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts.

Visit the Red Flags Rule compliance page to learn about our regulatory compliance services.