FTC whiffs on enforcing Red Flags identity theft rule

The Federal Trade Commission took a step backward today by delaying the program banks and other financial institutions must offer for the identification, detection, and response to patterns, practices, or specific activities - known as  the "Red Flags Rule" - that could indicate identity theft until May 1, 2009.

The FTC said it granted the additional time to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs.  The FTC did say the delay does not affect other federal agencies' enforcement of the original November 1, 2008 deadline.

The Red Flag program is one of the major ways the government plans to fight the growing identity theft blight.  Banks and other financial institutions typically account for about half of the identity theft complaints filed with the FTC and a recent survey showed Bank of America, JP Morgan, Capital One and Citibank topping the FTC list.

That's one of the reasons why under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program.

The FTC, federal bank regulatory agencies, and the National Credit Union Administration (NCUA) issued the Red Flags Rules as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003.

The final rules which were to be in place by November 1, 2008, require financial  and credit institutions that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts, the FTC said.

The FTC stated that some industries and entities within the agency's jurisdiction were uncertain about their coverage under the Red Flags Rule. Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule's requirements too late to be able to come into compliance by November 1, 2008. The Commission's delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule, the FTC said.  

The FTC news follows a scathing report by  the Government Accountability Office this week that took issue with which Social Security Numbers and other personal identification is available in public records across the country. Among other things the study noted that  85% of large counties and 41% of small counties in the US make records that may contain SSNs generally available in bulk or online.  On top of that, many record keepers do not or cannot restrict the types of entities that can obtain public records and may not know how records are being used. Finish that observation off with the notion that some businesses are sending records with SSNs offshore, primarily to India and the Philippines, even though not much is known about how such data are protected overseas.

The FTC in February released the list of top consumer fraud complaints for 2007 and showed that for the seventh year in a row, identity theft is the number one problem and it is showing no signs of letting up. Of 813,899 total complaints received in 2007, 258,427, or 32%, were related to identity theft. Consumers reported fraud losses totaling more than $1.2 billion; the median monetary loss per person was $349, the report states.     

Layer 8 in a box

Check out these other hot stories:

Cisco's Chambers gets corporate jet benefits but will he need them?

Protecting your Social Security Number online is an exercise in futility

Feds gain little victories in protracted identity theft war

Lunar spacecraft compete for $2 million NASA prize

Are we being chiseled further at the gas pump?

Calling all star gazers

Is the tech industry immune to current financial mess?

FTC wilts mega "male enhancement" spam operation

FTC warns: Financial quagmire bringing out the scammers

The world's 23 toughest math questions

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.