FTC Red Flags identity theft protection rules to hit Nov. 1

FTC Red Flags rules aim to fight the growing identity theft blight.

red flags
Baring a last minute delay, the Federal Trade Commission is set to enforce its identity theft rules known as Red Flags on Nov. 1. 

The rules have been delayed three times already and were originally set to become practice Nov. 1, 2008.  

Under the Red Flags rules all companies or services that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers must develop a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program.

 The final rules require financial  and credit institutions that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts, the FTC said. 

The FTC stated that some industries and entities within the agency's jurisdiction were uncertain about their coverage under the Red Flags Rule. Many entities also argue that, because they generally are not required to comply with FTC rules in other contexts, they have not had enough time to develop compliance plans. Others have raised a stink about complying with the rules. 

As a result the  program hasn't been without its legal challenges. This month the House unanimously approved a measure to exempt health care, legal and accounting firms employing fewer than 20 people from Red Flags. That bill is now in committee

Also this month a US District court ruled that lawyers are exempt from the red flags rule requirements. The ruling gave a victory to an industry that objected to the FTC's definition of what constitutes a "creditor." The FTC said it may fight that ruling. 

Meanwhile the identity theft problem appears to grow unabated. The FTC in February released the list of top consumer fraud complaints for 2009 and showed that for the ninth year in a row, identity theft is the number one problem and it is showing no signs of letting up. For the ninth year in a row identity theft - particularly in Arizona and California -- was the number one consumer complaint filed with the Federal Trade Commission in 2008.  Of 1,223,370 complaints received in 2008, 313,982 - or 26%- were related to identity theft. 

The FTC 's list shows that credit card fraud was the most common form of reported identity theft at 20%, followed by government documents/benefits fraud at 15%, employment fraud at 15%, phone or utilities fraud at 13%, bank fraud at 11 %and loan fraud at 4%. The CSN received over 1.2 million complaints during calendar year 2008. 

Layer 8 in a box

Check out these other cool stories:

FBI: Ex- CEO of YouSendIt charged in denial of service of attack

Typewriter puts identity thieves in Federal prison

Ultra-endurance spy plane closer to reality

Feds whiffing on millions in electronics waste disposal

NASA Ares X blasts off carrying experiments, hopes of future unmanned space flight

10 NASA space technologies that may never see the cosmos

Top 10 cool satellite projects

Space agency wants volunteers to fly to Mars. Sort of.

Will high-tech trucks save Big Rig industry?

Can the Internet handle H1N1?

NASA's future: Now the battle begins

A $30 Billion US census?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)