Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Regulatory Compliance FTC Delays Red Flags Rule Until August 1, 2009

FTC Delays Red Flags Rule Until August 1, 2009

The Federal Trade Commission has again delayed the enforcement of the "Red Flags" Rule to give business more time to prepare programs to comply with the law. The FTC is making available new materials to help business better understand the rule's requirements, and templates designed to assist in creating identity theft prevention programs that are appropriate to the size of a particular business.

What are the "Red Flag" Rules?

The rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.

They require "each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft in connection with new and existing accounts. The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft."

What are basic elements of an Identity Theft Prevention Program?

According to the FTC's Red Flags Rule How To Guide for Business, there are four basic elements of and Identity Theft Prevention Program?

First, your Program must include reasonable policies and procedures to identify the "red flags" of identity theft you may run across in the day-to-day operation of your business. Red flags are suspicious patterns or practices, or specific activities, that indicate the possibility of identity theft. For example, if a customer has to provide some form of identification to open an account with your company, an ID that looks like it might be fake would be a "red flag" for your business.

Second, your Program must be designed to detect the red flags you've identified. For example, if you've identified fake IDs as a red flag, you must have procedures in place to detect possible fake, forged, or altered identification.

Third, your Program must spell out appropriate actions you'll take when you detect red flags.

Fourth, because identity theft is an ever-changing threat, you must address how you will re-evaluate your Program periodically to reflect new risks from this crime.