Did you know that a new FTC rule governing how businesses monitor their accounts for possible identity theft “red flags” is scheduled to go into effect December 1, 2010? This Red Flags Rule requires “creditors” with “covered accounts” to implement written policies for identifying, detecting and responding to possible identity theft. The rule also requires an annual review and update of the written policies and procedures as well as staff training. Based on the FTC’s definition of a creditor and a covered account, a wide range of business are likely subject to this rule.
The enforcement has been delayed until December 1, 2010 due primarily to the confusion among businesses as to what the FTC considers “creditors” and “covered accounts”. These definitions are critical to identifying covered entities with respect to the Rule.
The Rule defines a creditor as any entity that regularly extends, renews or continues credit; that arranges for the extension, renewal or continuation of credit, or any assignee of an original creditor who is involved in the decision to extend, renew or continue credit. Specifically identified creditors include finance companies, utility companies and nonprofit or government entities that defer payment for goods or services.
The Rule further defines a covered account as an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions.
Using the definitions incorporated into the Rule, the FTC has created a wide umbrella of covered entities. Several covered groups have written to or filed suit against the FTC for exemption from the Rule.
For more information on the Red Flags Rule see the FTC’s website dedicated to the Red Flags Rule at http://www.ftc.gov/redflagsrule.