The FTC has postponed the enforcement of the new federal Red Flag Rule that requires businesses to implement a written program for the prevention and detection of identity theft to November 1. The original effective date was August 1. The ICCFA offers members a sample Red Flag compliance program at no charge. Contact General Counsel Bob Fells at firstname.lastname@example.org to obtain a copy.
The FTC says it will educate businesses about whether they are covered by the rule during the next three months and what they need to do to comply. (See http://ftc.gov/opa/2009/07/redflag.shtm for a news release about their activities). Generally, if a business only accepts credit cards as a payment for goods and services, they are not covered. However, if a business accepts multiple installment payments or helps customers fill out a credit application they may come under the regulations. We encourage you to check the FTC Web site for FAQs in regard to the rule's coverage. (See http://ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm#B).
Businesses can learn more about the rule and how to comply with it by reading Fighting Fraud with the Red Flags Rule: A How-To Guide for Business, at http://www.ftc.gov/redflagsrule. A sample compliance template for businesses that are at low risk for identity theft has been developed by the FTC and is available at http://www.ftc.gov/bcp/edu/microsites/redflagsrule/RedFlags_forLowRiskBu....