The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program to detect the warning signs – or “red flags” – of identity theft. By identifying red flags, you’ll be in a better position to spot an imposter trying to defraud you by using someone else’s identity to get products and services.
As a practical matter, most businesses and organizations that provide products and services to their customers and then bill them later are covered by the Rule. To find out if the Rule applies to you, read Fighting Fraud with the Red Flags Rule: A How-To Guide for Business.
The Red Flags Rule gives you the flexibility to design an Identity Theft Prevention Program appropriate for your business, given its size and potential risk for identity theft. While some companies need a comprehensive Program, businesses and organizations at low risk for identity theft may find that a streamlined Program fits the bill. If you’re at low risk for identity theft, this do-it-yourself template may be sufficient.