Skip to main content

The Federal Trade Commission has launched a Web site to help entities covered by the Red Flags Rule design and implement identity theft prevention programs. The Rule requires “creditors” and “financial institutions” to develop written programs to identify the warning signs of ID theft, spot them when they occur, and take appropriate steps to respond to those warning “red flags.”

The FTC and the federal financial regulatory agencies developed the Red Flags Rule under the Fair and Accurate Credit Transactions Act of 2003. The Rule is designed to reduce the overall incidence and impact of identity theft. “Fighting Fraud with the Red Flags Rule: A How-To Guide for Business,” available at, describes the entities that are covered by the Rule and provides information to help them develop identity theft prevention programs. The Web site also offers articles and guidance on specific elements of the Rule.

The Rule became effective on November 1, 2008. For entities under the FTC’s jurisdiction, however, the Commission has delayed enforcement of the Rule until May 1, 2009, to provide more time for them to develop their Red Flags Programs. (See FTC Enforcement Policy, Oct. 22, 2008 –


Contact Information

Office of Public Affairs