Calling all creditors

Are you a creditor?  Are you covered by the Red Flags Rule, a regulation designed to help businesses spot the signs — or "red flags" — of identity theft?  Do you know how to tell?

While everyone should secure any personal information they maintain about their customers, the Red Flags Rule goes a step further by requiring businesses and organizations covered by the regulation to be on the look-out for suspicious signs of identity theft, like forged or altered IDs.  Earlier this year, the FTC amended the Red Flags Rule to implement changes brought about by the Red Flag Program Clarification Act of 2010.  In a nutshell, the Rule still applies to “financial institutions” and “creditors.”  But the Clarification Act limits the kinds of creditors covered by the Rule.

To help you determine if the Red Flags Rule applies to your company or organization — and if it does, what you need to do to comply — the FTC has updated its publication, Fighting Identity Theft with the Red Flags Rule:  A How-To Guide for Business. The Guide advises businesses to run through two sets of questions to determine if they are “creditors” covered by the Rule.

The first question.  Does your company or organization regularly:

  • defer payment for goods or services or bill customers?
  • grant or arrange credit?
  • participate in the decision to extend, renew, or set the terms of credit?

If you answer yes to any of those, move to: 

The second question.  Does your company or organization regularly and in the ordinary course of business:

  • get or use consumer reports in connection with a credit transaction?
  • give information to credit reporting companies in connection with a credit transaction?
  • advance funds to (or for) someone who must repay them, either with funds or pledged property (excluding incidental expenses in connection with the services you provide to them).

If you answer yes to any of those, you’re a “creditor” under the amended Rule.

Still not sure if your company or organization is covered?  The How-To Guide for Business answers questions we’ve heard about applying that two-part test.  And if you are a “creditor,” the Guide provides detailed information on how to comply with the Rule’s requirement to have a written identity theft program in place.

Why should the Red Flags Rule matter to your customers and your company?  The purpose of the Rule is to help curtail identity theft, which strikes about 9 million Americans (and a lot of businesses) each year.  By implementing a common-sense identity theft program, businesses and organizations covered by the Rule can look out for telltale signs of identity theft and take measures to prevent the crime.

 

1 Comment

>> Leave a Comment | Comment Policy

It seems ludicrous to me that I am asked to post personal identification information online for the energy company who has supplied my gas and lights for years I cannot imagine under what theory I am "a risk" for identity theft with that entity? Providing my SSN online is the highest risk of identify theft!

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.