While everyone should secure any personal information they maintain about their customers, the Red Flags Rule goes a step further by requiring businesses and organizations covered by the regulation to be on the look-out for suspicious signs of identity theft, like forged or altered IDs. Earlier this year, the FTC amended the Red Flags Rule to implement changes brought about by the Red Flag Program Clarification Act of 2010. In a nutshell, the Rule still applies to “financial institutions” and “creditors.” But the Clarification Act limits the kinds of creditors covered by the Rule.
To help you determine if the Red Flags Rule applies to your company or organization — and if it does, what you need to do to comply — the FTC has updated its publication, Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business. The Guide advises businesses to run through two sets of questions to determine if they are “creditors” covered by the Rule.
The first question. Does your company or organization regularly:
- defer payment for goods or services or bill customers?
- grant or arrange credit?
- participate in the decision to extend, renew, or set the terms of credit?
If you answer yes to any of those, move to:
The second question. Does your company or organization regularly and in the ordinary course of business:
- get or use consumer reports in connection with a credit transaction?
- give information to credit reporting companies in connection with a credit transaction?
- advance funds to (or for) someone who must repay them, either with funds or pledged property (excluding incidental expenses in connection with the services you provide to them).
If you answer yes to any of those, you’re a “creditor” under the amended Rule.
Still not sure if your company or organization is covered? The How-To Guide for Business answers questions we’ve heard about applying that two-part test. And if you are a “creditor,” the Guide provides detailed information on how to comply with the Rule’s requirement to have a written identity theft program in place.
Why should the Red Flags Rule matter to your customers and your company? The purpose of the Rule is to help curtail identity theft, which strikes about 9 million Americans (and a lot of businesses) each year. By implementing a common-sense identity theft program, businesses and organizations covered by the Rule can look out for telltale signs of identity theft and take measures to prevent the crime.