FTC Red Flags Rule in Effect as of January 1, 2011
On January 1, 2011, the Federal Trade Commission (FTC) began enforcing its Fair and Accurate Credit Transactions Act of 2003 (FACT Act) Red Flags Rule. The FTC had delayed the enforcement of the law numerous times, but the delay that was set to end on December 31, 2010 lapsed. The rules require creditors, including many small businesses, to have in place programs to recognize and prevent identity theft.
What small businesses will be affected?
Virtually every small business that extends credit to customers or uses credit reports to make credit decisions about their customers will be affected. However, if your business simply accepts credit cards, without extending your own form of credit to customers, the rules are unlikely to apply to you.
What are the requirements of the Red Flags rules?
The rules require creditors to implement a written Identity Theft Prevention Program designed to detect the warning signs—or red flags—of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate the damage it inflicts.
There are four main components of a complying plan:
- The plan must identify potential red flags your business is likely to come across. This includes receiving written notices from credit reporting agencies and suspicious account activity.
- The plan must establish procedures to detect the red flags you have identified in the first step.
- The third step is to act appropriately when a red flag is detected. This could mean notifying a customer, contacting law enforcement, closing an account, etc.
- The plan must be reviewed periodically to identify new potential sources of risk.
What are the penalties if I fail to comply?
Failing to comply with the new rules can lead to civil penalties under the Fair Credit Reporting Act. Currently, fines for single violations can be up to $3,500. However, repeat violators may face a suit from the FTC and significantly higher fines.
Where can I learn more?
For questions or comments regarding FACTA, please contact the FTC at 600 Pennsylvania Avenue, N.W., Washington D.C., 20580, (877) 382-4357 or online at www.ftc.gov.
The FTC has published a helpful guide for businesses to learn more, including how to figure out if you’re covered and how to develop your plan.