The Red Flags Rule is a system developed by the FTC to prevent identity theft. Financial institutions and creditors must have a written program to identify and prevent identity theft, including identifying red flags, having a plan for detecting them, and committing to updating the plan. The rule affects businesses that let people pay later for services, resulting in delays in enforcement.
The Red Flags Rule is an identity theft prevention system developed by the Federal Trade Commission (FTC) in the United States. Under the rule, financial institutions and individuals or companies who could be considered creditors must take a variety of steps to identify and prevent identity theft. The goal of the red flag rule is to protect consumer safety by requiring individuals with private identifying information and financial records to have a system in place to deal with identity theft.
The red flag rule requires that those subject to the rule have a written program for dealing with identity theft. The company could use a generic model or develop its own. The program requires four components. The first is identifying any red flags, activities or events that could indicate that someone is attempting to commit identity theft. These can vary by business and industry. The company also needs to have a plan in place for detecting these red flags.
Some examples of red flags may include suspicious documents, unusual account activity, queries about an account, or alerts from credit bureaus. There may also be concerns specific to a particular business, such as evidence that someone is using falsified insurance information to obtain health care, or an inability to provide proof of ownership of a home or vehicle before ordering services.
A prevention and action plan must be part of the program under the Red Flag Rule, to ensure that the company takes prompt action in the event of suspected identity theft and works to remedy obvious deficiencies. Finally, the company must commit to updating the plan. Updates should include new information and policies and should occur on a regular basis. This shows that the company is keeping up with identity theft issues and has plans in place to address them.
Identifying financial institutions such as banks and credit unions is easy, but determining which types of creditors are subject to red flags is somewhat more complicated. The rule affects people like veterinarians, who can provide services on credit or accept payment plans. Most businesses that let people pay later for services could be classified as creditors, ranging from utilities that bill after the fact to accountants who bill their customers. The scope of the Red Flag Rule has resulted in numerous delays in enforcement as industry lobbyists have argued that compliance would be difficult for small businesses, especially those run by the self-employed.
Protect your devices with Threat Protection by NordVPN
