Red Flags ID Theft Program Can't Get Green Light

Well this is getting kind of predictable. The Federal Trade Commission this week has delayed for the third time in less than a year the deadline for companies to enact its identity theft rules known as Red Flags, which were set to become practice Aug. 1.

Originally set to become required practice Nov. 1, 2008, the Red Flags program is touted as being one of the major ways the government plans to fight the growing identity theft blight. Under the Red Flags rules, all entities that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers must develop a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program.

The final rules require financial and credit institutions that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts, the FTC said.

The FTC stated that some industries and entities within the agency's jurisdiction were uncertain about their coverage under the Red Flags Rule. Many entities also argue that, because they generally are not required to comply with FTC rules in other contexts, they have not had enough time to develop compliance plans. Others have raised a stink about complying with the rules.

The Security, Privacy and The Law Website states that the FTC appears to be stepping up its outreach efforts with an "Expanded Business Education Campaign" that is intended to address those businesses that "remain uncertain about their obligations." This seems aimed at the recent statements from the American Bar Association (ABA), which has called on the FTC and Congress to exempt lawyers from the FTC's Red Flags Rules and threatened to sue the FTC to stop any enforcement action against the legal industry.

As it has stated in the past, the commission's delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule, the FTC said.

Meanwhile the identity theft problem appears to grow unabated. The FTC in February released the list of top consumer fraud complaints for 2009 and showed that for the ninth year in a row, identity theft is the number one problem and it is showing no signs of letting up. For the ninth year in a row identity theft - particularly in Arizona and California -- was the number one consumer complaint filed with the Federal Trade Commission in 2008. Of 1,223,370 complaints received in 2008, 313,982 - or 26%- were related to identity theft.

The FTC 's list shows that credit card fraud was the most common form of reported identity theft at 20%, followed by government documents/benefits fraud at 15%, employment fraud at 15%, phone or utilities fraud at 13%, bank fraud at 11 %and loan fraud at 4%. The CSN received over 1.2 million complaints during calendar year 2008.

Of 813,899 total complaints received in 2007, 258,427, or 32%, were related to identity theft. Consumers reported fraud losses totaling more than $1.2 billion; the median monetary loss per person was $349, the report states.

This story, "Red Flags ID Theft Program Can't Get Green Light" was originally published by Network World.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon