We continue in our efforts to help bring companies into compliance with the Red Flags Rule. By August 1, 2009, creditors will be required to have an identity theft prevention program in place. To address the compliance concerns of businesses, the FTC issued a practical guide entitled, Fighting Fraud with the Red Flags Rule: A How-To Guide for Business. This Guide provides useful and practical information for businesses such as:

  • Guidance regarding whether the Red Flags Rule applies to particular businesses or organizations;
  • Tips on spotting the red flags of identity theft, taking steps to prevent the crime, and mitigating the damage inflicted by identity theft; and
  • Implementation steps for a compliant written Identity Theft Prevention Program.

The Guide also explains how the Red Flags Rule fits with other data security measures being taken by businesses. While data security practices make it more difficult for identity thieves to access personal information they might use to open or access accounts, the Red Flags Rule requires businesses to direct their attention to certain red flags that suggests the occurrence of identity fraud. The Guide concludes that this two-front approach is necessary to combat the growing costs and problems associated with identity theft.

A copy of the guide can be found at: http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.pdf