LOGIN | SIGNUP

• Credit
• Data Breach
• Fraud
• Identity Theft
• Other News
• Privacy
• Reviews
• Scams
• Tips
• Truston

See our certifications »

» White Label Identity Theft & Credit «

 

« Previous Post | Blog Home | Next Post »

Identity Theft Red Flag Rules

Posted on Nov 18, 2008 by Tom Fragala

As of November 1, 2008, new Red Flag Rules are in effect to help protect consumers from identity theft. These rules are part of the federal FACT Act of 2003.

According to the FTC:

The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) have issued regulations (the Red Flags Rules) requiring financial institutions and creditors to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. The programs must be in place by November 1, 2008, and must provide for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

The concept is that by having government mandated processes for watching for well-defined suspicious activity, identity thieves will be stopped sooner and consumers will be notified of possible/attempted fraud.

The Red Flags Rules apply to financial institutions and creditors with certain covered accounts. All those terms are defined specifically in the law. For example, a financial institution is defined as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a transaction account belonging to a consumer.

A transaction account is a deposit account from which the owner makes payments or transfers such as checking and savings accounts.

A creditor is any entity that extends, renews, or continues credit or arranges for these.  So this would include credit cards, mortgages, loans, equity lines, cell phone accounts, utilities. It's good to see the last two, because phone/utilities fraud is the #2 most common type of identity theft.

Read more at FTC.gov.

Note that businesses are NOT covered, which is a warning to the huge number of small LLC and S Corp entities out there.

If you are a business or financial institution that falls under the red flag rules, there are many solutions that will help you get into compliance (belatedly). I know of several personally including Secure Identity Systems and Identity Force. I believe that Affinion Security Center will also provide services for this.

Update: I read today on FTC.gov that covered accounts are those for which there is "a foreseeable risk of identity theft, for example, small business or sole proprietorship accounts." So perhaps there are some protections for certain businesses. I doubt it covers incorporated ones like LLCs or S Corps.

Update 2: I heard from Tom Harkins, Chief Strategy Officer of FNB Merchants/SIS and an ID theft/security expert that provides Red Flag Rules consulting. He tells me that the all businesses and corporations should be covered accounts under the rules.