FTC to Suspend Enforcement of ‘Red Flags’ Rule

October 26, 2008 at 10:58 am 4 comments

The Red Flags Rule was to go into effect on November 1st, 2008. Developed pursuant to FACTA (Fair and Accurate Credit Transactions Act), financial institutions and creditors with applicable accounts must have had identity theft prevention programs in place to identity, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. 

Under FACTA, a “creditor” is defined as any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. “Credit” includes a right granted to defer payment for any purchase. So any person that provides a product or service for which the consumer pays after delivery is a creditor. A “financial institution” is defined by FACTA to include all banks, savings and loan associations, credit unions, and any other person that holds a consumer transaction account as defined by section 19(b) of the Federal Reserve Act.  

The difficulty was that the law’s definition of a “creditor” or “financial institution” was not entirely clear to many businesses. Therefore, they were not aware that they were engaged in activities that would have caused them to fall under the Red Flags Rule. When contacted through FTC outreach efforts, the FTC realized that these businesses were unprepared or did not even know that they were required to be in compliance. Therefore, the FTC will delay enforcement of the Rule for six months to allow these businesses sufficient time to establish and implement appropriate identity theft prevention programs in compliance with the Rule. 

Suggestion:  Unsure whether or not you should be in compliance? Better be safe than sorry and bring yourself into compliance. (Besides, you should have an identity theft plan in place in any case!) You will need to take several actions to protect yourself. Contact us if you would like more information on how to be in compliance or need training to do so (info@identitytheftforum.net)




Entry filed under: Uncategorized. Tags: , , , , , , , , , .

Congress Passes Stronger Identity Theft Laws Even Twitter Gets Phished!

4 Comments Add your own

  • 1. John Barksdale  |  October 26, 2008 at 11:08 am

    As a victim of financial identity theft, I blame creditors and financial institutions for their sloppy credit verification standards. If a business extends credit to a financial identity thief, why should the victim be burdened? The company and credit bureaus should sort it out with the identity thief. After all, their sloppiness created the problem. I’ve shared my personal identity theft story at http://identitythefthurts.com

  • 2. Melanie  |  December 8, 2008 at 9:18 am

    I totally agree with the Red Flags Rule and am disappointed that it’s been suspended. I understand that not all businesses are ready, but there could have been a “grace period” where if a business was not in compliance, it was issued a warning and given 60-90 days to be in compliance or something along those lines.

    I do think it’s critical that people be protected and am only surprised that it’s taken this long for the Red Flags rule (or something like it) to be enacted.

    If individuals take it upon themselves to hire a credit monitoring service, then in conjunction with Red Flags, there will be much better ID protection going on than in the past.

    Thanks for advising your readers of this delay…whether or not institutions are (currently) responsible for helping prevent ID theft, it’s probably in anyone’s own best interest to take matters into their own hands too, and not to automatically assume their institution is offering protection (or is itself protected).


  • 3. claytonpop  |  December 11, 2012 at 8:45 am

    I think credit unions have been improving on their verification standards recently because of these problems. I have noticed that I have a whole array of different security questions I have to answer before I can even look at my information.

  • 4. new games ds  |  October 4, 2014 at 11:25 am

    I know this if off topic but I’m looking into starting my own blog
    and was curious what all is needed to get set up? I’m assuming having a blog like yours would cost
    a pretty penny? I’m not very web smart so I’m not 100% certain. Any tips or
    advice would be greatly appreciated. Many thanks


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed



Get every new post delivered to your Inbox.

%d bloggers like this: