Did you ever get a phone call from your bank asking about suspicious credit card activity? If so, you’ve benefitted from identity theft protection. New government regulations will soon require more businesses to implement a written Identity Theft Prevention Program. The effective enforcement date was recently extended by the Federal Trade Commission because some businesses didn’t realize they were subject to the new rules. Could yours be one of them?
The purpose of a written Identity Theft Prevention Program is to detect, prevent and mitigate instances of identity theft. Those goals are accomplished in part by identifying “red flags” or patterns, practices or specific activities that could indicate identity theft. As a result, this regulatory initiative is often referred to as the Red Flag Rules.
The Red Flag Rules apply to “financial institutions” and “creditors” with “covered accounts.”
The idea is simple, but the definitions of the bold faced terms are not, especially the meaning of the term “creditors.” According to the FTC a creditor is any entity that regularly extends, renews, or continues credit, or regularly arranges for the extension, renewal, or continuation of credit, or is an assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.
I know, it’s a lot of legalese. That’s part of the problem. No one is exactly sure what it means.
While accepting a credit card as a form of payment doesn’t automatically make your business a “creditor,” some examples cited by the agency that would fall under the definition include business that provide services and bill later, including many doctors, lawyers, and other professionals. It’s the “buy now pay later” aspect of the creditor definition that casts a wide net, catching many businesses off guard – perhaps yours too.
As a result, the FTC has recently extended the enforcement date of the Red Flag Rules until August 1, 2009. There is some guidance in the form of a free download titled “Fighting Fraud with the Red Flags Rule: A How-To Guide for Business and more materials, including templates, will be made available in the near future to provide low-risk business entities an opportunity to use the templates in developing their own Identity Theft Prevention Program. Stay tuned.