December 13, 2010
FTC’S RED FLAG RULE ENFORCEMENT
TO BEGIN ON DECEMBER 31, 2010
Clarification bill passes in Congress – limits who must comply
The FTC’s Red Flags Rule, a federal law that requires covered companies to implement an Identity Theft Prevention Program, will be fully enforceable on December 31, 2010. The Rule requires companies that provide branded credit cards or in-house credit accounts for consumers to create a program to detect and prevent identity theft.
Congress recently amended the Rule to narrow the application of the law by specifying the definition of “creditor.” According to the clarification, where the opening of a credit account presents no risk for identity theft (ie, no instant credit offered, only services (not goods) provided) there is no need to implement a Red Flag Rule program. The amendment was passed by Congress on December 7, 2010.
Companies that extend credit accounts that are subject to a reasonably foreseeable risk of identity theft are covered by the rule and must establish a program to address the risk. Businesses that offer credit arrangements for their customers (retail or wholesale), but do not provide branded credit cards or in-house consumer credit accounts should assess the vulnerability of these accounts to an identity thief. If a foreseeable risk exists, they are required to implement a Program. The Jewelers Vigilance Committee is available to assist with this determination.
JVC offers a do-it-yourself compliance kit with guidance and templates for those companies that must establish a Red Flags Rule Program. The program helps companies identify, detect and respond to the “red flags” of identity theft.
# # #