The Red Flags Rule require many businesses and organizations to implement a written identity theft prevention program that is designed to detect the warning signs of identity theft in their day-to-day operations, according to the FTC. The commission will develop a template for businesses that have a low risk of identity theft, such as businesses that personally know their customers.
The definition of a “creditor” applies to any to any entity that regularly extends or renews credit or arranges for others to do so and includes all entities that regularly permit deferred payments for goods or services, including physicians, ASCs and hospitals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers, according to the release.
During outreach efforts last year, the FTC learned that some agencies and industries were uncertain about their coverage under the Red Flags Rule. As a result the agency published an alert and a Web site to help explain what programs are covered under the rule.
Read the FTC’s release on the Red Flags Rule enforcement delay .
