The Green Sheet Online Edition
May 5, 2009 • 09:05:02
Red Flag enforcement delayed
The Federal Trade Commission has once again postponed enforcement of the Identity Theft Red Flag Rules of the Fair and Accurate Credit Transactions Act of 2003. The May 1, 2009, deadline was extended to Aug. 1, 2009. The FTC stated the further delay is intended "to give creditors and financial institutions more time to develop and implement written identity theft prevention programs."
FTC Chairman Jon Leibowitz said the extra time will "allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further."
Help on the Web
The agency has provided the following resources to help businesses determine if they are subject to the rule, answer common questions and help businesses build their programs.
- Dedicated Red Flags Web page: Fighting fraud with the Red Flags Rule, a how-to guide for business (www.ftc.gov/redflagsrule)
- Complying with the Red Flags Rule: A do-it-yourself prevention program for businesses and organizations at low risk for identity theft (www.ftc.gov/bcp/edu/microsites/redflagsrule/RedFlags_forLowRiskBusinesses.pdf)
- FTC Business Alert: New Red Flag requirements for financial institutions and creditors will help fight identity theft (www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm)
"These red flags are not a checklist, but rather, are examples that financial institutions and creditors may want to use as a starting point," the FTC business alert states.
The FTC's business alert indicates creditors are subject to the rules and describes creditors as including "finance companies, automobile dealers, mortgage brokers, utility companies and telecommunications companies. Where nonprofit and government entities defer payment for goods or services, they, too, are to be considered creditors."
Covered accounts subject to the rules are also any account "for which there is a foreseeable risk of identity theft - for example, small business or sole proprietorship accounts."
Programs to fit
Understanding that distinct business types carry various levels of risk and hold different kinds of consumer information, the FTC does not expect every enterprise to implement the same type of identity theft program.
You only need "a Red Flags policy in place that fits the nature, scope and complexity of your business and gets you to a procedure that you follow that would allow your business, you or your employees to pick up those reasonably foreseeable Red Flags," said Brian Bradley, Executive Vice President, Strategy and Emerging Markets, for MicroBilt Corp., a risk management provider.
"The intent was to deal with any businesses that have access to private consumer information, but the details just weren't there," Bradley said. "I think that it is not unusual for these regulations to be a little more open-ended than people would like."
Cost of failure
Bradley said furniture stores and doctors exemplify types of businesses that are not as accustomed or adept at detecting patterns that are indicative of risk as financial institutions and bankcard acquirers.
"It really doesn't have to be a significant investment of money or time to be able to comply," Bradley said. "It looks like a big job, but I think once it's demystified, once you look into it, it's pretty easy to put it into place and then to follow it and make it part of your standard process."
The FTC increased the fine for failure to have a proper identity theft program in place to $3,500 per transaction completed while a business is deemed out of compliance with the Red Flag Rules.
Though he thinks the FTC will work with businesses to help them get up to speed, Bradley also said, "I think that you can expect that [the FTC] will make examples of businesses that fail to have an ID theft program in place. ... In the egregious cases, you will probably see some enforcement action."
Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
