As identity theft continues to increase, the government is looking to private businesses to help stop the problem. The “Red Flags” Rule, enforced by the Federal Trade Commission, requires certain businesses and organizations to develop, implement and administer an identity theft prevention program. The program must list the relevant indicators of identity theft that might occur for that type of business, identify how the company will detect those red flags, what it will do if the red flags occur, and how the company will re-evaluate its program over time. Examples of red flags include customers asking about services they were charged for but did not receive, identification that appears to be fake or altered, and a customer who reports that his or her identity has been stolen.
All financial institutions and creditors must have a “Red Flags” program in place by August 1, 2009. Because the spirit of the law is to hopefully stop the spread of identity theft, the definition of “creditor” is quite broad; a “creditor” is any business or organization that allows customers to defer payment for goods and services that are primarily for personal, family or household use. This includes health care providers, mortgage brokers, retailers and any other business that allows consumers to purchase things on an account or with credit. Although the deadline for having a “Red Flags” program has already been extended, it is expected that the FCC will enforce to the upcoming deadline.
If your business falls within the broad definition of “creditor” and you do not yet have a “Red Flags” program, you should talk with your attorney to determine your options. Remember, August 1, 2009, is the deadline to have the “Red Flags” program in place.
