The Federal Trade Commission (FTC) has once again delayed full enforcement of the new identity theft prevention measures known as the "Red Flags Rule." Many of the businesses compelled by the FTC to comply with these changes now have a little breathing room with a new deadline of June 1, 2010 to meet.
This is the fourth extension since the rules first came into existence. Initially, the enforcement of the Red Flags Rule was expected to occur by November 1, 2008, then extended through May, 2009. Then once again, compliance dates were extended through this November 2009. Now the FTC has again, at the request of Congress, delayed the full compliance date through June 2010. This latest extension of time doesn't apply to banks, credit card issuers, credit unions, and other businesses regulated by the National Credit Union Administration and federal bank regulatory agencies who were previously mandated to meet full compliance with the "Red Flags Rule."
Part of the Fair and Accurate Credit Transactions Act of 2003, the Red Flags Rule are designed to shore up identity protection in an effort to reduce the incidence of identity theft, which has reached phenomenal numbers and percentages. Finally, a viable effort to prevent easy access to an individual's financial resources is being made as directed by Congress to the FTC.
This federal mandate increases the requirements for customer identification procedures for several types of companies and financial institutions. The companies that are forced to comply with these changes are not determined by their line of business, but rather, by whether or not their business practices fall within certain parameters.
The Red Flags Rule will have repercussions for both customers and financial institutions. For companies, it is going to entail a great deal more work. For customers, it is going to involve the presentation of more forms of identification proof. That's not a bad thing. Consumers are going to be required to show this proof to financial companies more frequently -something that is a commonsense measure that should have been required long ago.
True, the financial companies might need to spend a bit more to incorporate these measures. Plus, the customers might need to be a bit more patient when accessing their accounts as they are asked to present additional forms of identification. However, this practice is a lot more secure than simply hoping that no one steals your identity and runs off with your money. Those businesses that store our information will now be required to better protect it and have a written plan in place for all employees that handle our sensitive date.
The measures themselves are referred to as the Red Flags Rule simply because they include a list of 26 red flags that "creditors" should be watching for when dealing with customers. These red flags were compiled through the joint efforts of the Federal Trade Commission, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Treasury Department's Office of Thrift Supervision, the Federal Deposit Insurance Corp., and the Federal Reserve System.
Each red flag rule is designed to help prevent identity theft by identifying or detecting specific activities or patterns that are indicative of identity theft and creating a response to prevent these practices from developing into full fledged theft of an individual's identity.
The 26 Red Flags as provided by the Federal Trade Commission are:
1. A consumer report that includes a fraud alert.
2. Notice of a credit freeze prompted by a request for a consumer report.
3. A notice of address discrepancy provided by a consumer reporting agency.
4. Unusual credit activity including new acquisitions or inquiries.
5. The documentation provided for identification purposes appears to be questionable.
6. The photograph presented for photo identification does not resemble the individual in person.
7. The individual opening an account provides inconsistent information from that included on the papers presented for identification.
8. The records held at the financial institution and those presented by an individual are not consistent.
9. The application appears to be altered in some way.
10. The Social Security Number is questionable due to address, appearance on Death Master File, or associated filing.
11. A lack of correlation appears between the Social Security Number sequence and the individual's date of birth.
12. Presented identification information is related to existing fraud case or activity.
13. Phone numbers associated with answering service or pager or suspicious addresses provided such as a mail drop box.
14. The Social Security Number has already been presented by another customer.
15. A frequently used address or phone number.
16. Additional information cannot be provided when requested.
17. Personal information that is presented is not consistent with the information that is on file.
18. Challenge questions cannot be answered.
19. Request for additional users on an account immediately after a change of address on the account.
20. New credit is used for certain types of purposes including cash advances or high-end electronics.
21. Payment patterns change drastically.
22. Inactive accounts are suddenly awakened to frequent use.
23. Returned mail for current accounts.
24. Customer complaint about statements not arriving in the mail.
25. Customer complaint about unauthorized charges to an account.
26. The financial institution receives notification that the account was fraudulently opened by an individual known for committing identity theft.
Each financial institution that is compelled by law to enforce the Red Flags Rule is required to create a formal written policy of response to each individual red flag. This formal policy must be carried out every single time potential red flags appear. In fact, the companies involved are required to document the steps that are taken along with the results in order to provide proof that they have ensured that the particular red flag in evidence isn't related to identity theft.
The premise behind the incorporation of such rules is that identity theft will become more difficult to achieve and consumers will be protected in a manner that actually does protect their data and finances. As with any change, the growing pains are bound to put some people off, but the end result truly is worth it in this case.
Identity theft can ruin lives. It can create years of frustration. It is certainly about time to incorporate safeguards that actually protect consumers should someone gain access to their stored personal information. While these measures are not going to do away with identity theft, they will help to reduce the risk and impact on some level.
Consumers must still have their own plan of action in place and be ready to act when notified their data has been breached, hacked, stolen or compromised. Taking a little time now -may save you a lot of time later! Take control of your data and identity -before someone else does.
This is the fourth extension since the rules first came into existence. Initially, the enforcement of the Red Flags Rule was expected to occur by November 1, 2008, then extended through May, 2009. Then once again, compliance dates were extended through this November 2009. Now the FTC has again, at the request of Congress, delayed the full compliance date through June 2010. This latest extension of time doesn't apply to banks, credit card issuers, credit unions, and other businesses regulated by the National Credit Union Administration and federal bank regulatory agencies who were previously mandated to meet full compliance with the "Red Flags Rule."
Part of the Fair and Accurate Credit Transactions Act of 2003, the Red Flags Rule are designed to shore up identity protection in an effort to reduce the incidence of identity theft, which has reached phenomenal numbers and percentages. Finally, a viable effort to prevent easy access to an individual's financial resources is being made as directed by Congress to the FTC.
This federal mandate increases the requirements for customer identification procedures for several types of companies and financial institutions. The companies that are forced to comply with these changes are not determined by their line of business, but rather, by whether or not their business practices fall within certain parameters.
The Red Flags Rule will have repercussions for both customers and financial institutions. For companies, it is going to entail a great deal more work. For customers, it is going to involve the presentation of more forms of identification proof. That's not a bad thing. Consumers are going to be required to show this proof to financial companies more frequently -something that is a commonsense measure that should have been required long ago.
True, the financial companies might need to spend a bit more to incorporate these measures. Plus, the customers might need to be a bit more patient when accessing their accounts as they are asked to present additional forms of identification. However, this practice is a lot more secure than simply hoping that no one steals your identity and runs off with your money. Those businesses that store our information will now be required to better protect it and have a written plan in place for all employees that handle our sensitive date.
The measures themselves are referred to as the Red Flags Rule simply because they include a list of 26 red flags that "creditors" should be watching for when dealing with customers. These red flags were compiled through the joint efforts of the Federal Trade Commission, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Treasury Department's Office of Thrift Supervision, the Federal Deposit Insurance Corp., and the Federal Reserve System.
Each red flag rule is designed to help prevent identity theft by identifying or detecting specific activities or patterns that are indicative of identity theft and creating a response to prevent these practices from developing into full fledged theft of an individual's identity.
The 26 Red Flags as provided by the Federal Trade Commission are:
1. A consumer report that includes a fraud alert.
2. Notice of a credit freeze prompted by a request for a consumer report.
3. A notice of address discrepancy provided by a consumer reporting agency.
4. Unusual credit activity including new acquisitions or inquiries.
5. The documentation provided for identification purposes appears to be questionable.
6. The photograph presented for photo identification does not resemble the individual in person.
7. The individual opening an account provides inconsistent information from that included on the papers presented for identification.
8. The records held at the financial institution and those presented by an individual are not consistent.
9. The application appears to be altered in some way.
10. The Social Security Number is questionable due to address, appearance on Death Master File, or associated filing.
11. A lack of correlation appears between the Social Security Number sequence and the individual's date of birth.
12. Presented identification information is related to existing fraud case or activity.
13. Phone numbers associated with answering service or pager or suspicious addresses provided such as a mail drop box.
14. The Social Security Number has already been presented by another customer.
15. A frequently used address or phone number.
16. Additional information cannot be provided when requested.
17. Personal information that is presented is not consistent with the information that is on file.
18. Challenge questions cannot be answered.
19. Request for additional users on an account immediately after a change of address on the account.
20. New credit is used for certain types of purposes including cash advances or high-end electronics.
21. Payment patterns change drastically.
22. Inactive accounts are suddenly awakened to frequent use.
23. Returned mail for current accounts.
24. Customer complaint about statements not arriving in the mail.
25. Customer complaint about unauthorized charges to an account.
26. The financial institution receives notification that the account was fraudulently opened by an individual known for committing identity theft.
Each financial institution that is compelled by law to enforce the Red Flags Rule is required to create a formal written policy of response to each individual red flag. This formal policy must be carried out every single time potential red flags appear. In fact, the companies involved are required to document the steps that are taken along with the results in order to provide proof that they have ensured that the particular red flag in evidence isn't related to identity theft.
The premise behind the incorporation of such rules is that identity theft will become more difficult to achieve and consumers will be protected in a manner that actually does protect their data and finances. As with any change, the growing pains are bound to put some people off, but the end result truly is worth it in this case.
Identity theft can ruin lives. It can create years of frustration. It is certainly about time to incorporate safeguards that actually protect consumers should someone gain access to their stored personal information. While these measures are not going to do away with identity theft, they will help to reduce the risk and impact on some level.
Consumers must still have their own plan of action in place and be ready to act when notified their data has been breached, hacked, stolen or compromised. Taking a little time now -may save you a lot of time later! Take control of your data and identity -before someone else does.
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
All of these items (flags) could easily enough be incorporated into a workable business plan. The FTC rules don't seem to be anything more than what should be expected. Why do businesses find it too difficult to manage? One would assume that lawsuits for data breaches would be more costly than protecting the data in the first place.