Nothing says danger like a red flag. And that likely inspired the Federal Trade Commission (FTC) to name its anti-fraud regulation which requires certain creditors and financial institutions with covered accounts to implement programs to identify, detect, and respond to warning signs--the "Red Flags" Rule. After initial delays, the date the Rule will begin to be enforced is now November 1st, 2009.
The implementation of the Act comes at a time when consumers are growing wary of identification leaks and news stories of data breaches. According to the FTC, over 9 million Americans are victims of identity theft every year.
What does the Red Flags Rule require?
Among other things, the Act requires:
- applicable financial institutions and creditors to develop and implement written Identity Theft Prevention Programs to identify warning signs or "red flags'" of identity theft in daily operations
- issuers of credit cards and debit cards to assess validity of notifications of changes of address
Who does the Red Flags Rule apply to?
The Rule applies to "financial institutions" and "creditors", with "covered accounts".
The FTC defines "financial institution" as "a state or national bank, state or federal savings and loan association, mutual savings bank state or federal credit union, or any person that directly or indirectly hold a transaction account belonging to a consumer".
The FTC defines a "creditor" as a "business or organization that regularly defers payment for goods or services or provides goods or services and bills consumers later". Examples of FTC creditors include utility companies, health care providers, and telecommunication companies, depending on how payment is collected and when.
And last but not least, the FTC chalks out a "covered account" as either a consumer account--one that a business offers to customers that is primarily for personal, family, household purposes that permits multiple payments. The second kind is "any account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to consumers or to the safety and soundness of the financial institution or creditor from identify theft."
Check out the resources below to get a better idea of whether your business is in line to comply with the Red Flags Rule, and if so, how it can stay on the good side of the new law.
- Fighting Fraud with the Red Flags Rule: A How-To Guide for Business [PDF] (FTC.gov)
- FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule (FTC.gov)
- The Credit Corner: Red Flag Rules update (NationalMortgageProfessional)
- Online Crime Up 33% in 2008: Small Businesses Targeted- Quick Prevention Tips (FindLaw's Free Enterprise)
- Data Theft Soared in 2008; FACTA and the Duty to Dispose of Employee and Customer Data (FindLaw's Free Enterprise)
- 5 Ways to Protect Customer Information (FindLaw's Free Enterprise)
- White Collar Crimes (provided by DeLuca & Ricciuti)
- Fraud (provided by Parkman, Adams & White, LLC)