The Red Flag Rules: What Businesses Need to Know

December 16, 2015

By Dean Kaplan

According to the Federal Trade Commission (FTC), as many as 9 million Americans have their identities stolen each year. These crimes add up quickly – the Better Business Bureau (BBB) states that the average amount lost to fraud per case has increased from $5,249 in 2003 to $6,383 in 2006.

If your business extends credit to customers and you do not comply with the Red Flag Rules, you can be penalized up to $2,500 per violation, to be enforced by the FTC. The Red Flag Rules were created along with the Fair and Accurate Credit Transactions Act of 2003. The rules compel financial institutions and creditors, who offer or maintain one or more covered accounts, to have identity theft prevention programs in place that spot anything that could lead to identity theft and respond accordingly. A covered account refers to:

An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions
Any other account that poses a reasonably foreseeable risk to customers of identity theft.

The rules pertain to patterns, practices and specific activities that could indicate identity theft. Creditors who may need to adhere to the Red Flag Rules include finance companies, automotive dealers, telecommunications companies, mortgage brokers, and utility companies, just to name a few.

According to the FTC, the red flags can be but are not limited to:

Alerts, notifications or warnings from a consumer credit reporting agency.
Suspicious documents, such as those that may appear to be forged.
Questionable personal information, such as a social security number that is off, or doesn’t exist, or is listed on the Social Security Administrations Death Master File.
Receiving requests for new, additional or replacement credit cards, debit cards, cell phones or adding authorized users after receiving a change of address form.
Unusual credit activity, such as increased inquiries.
Signatures and addresses that are inconsistent with information on file.
Information on an ID not matching any address on a credit report.
Drastic changes in payment patterns.
Mail that is returned for an undeliverable address yet the account is being used.
Customers stating that they are not receiving bills or statements.

The SEC’s identity theft red flags rules require certain SEC-regulated entities to implement an identity theft program that includes policies and procedures designed to identify and detect red flags, respond appropriately to those red flags, and periodically update the identity theft program.

While the Red Flag Rules require time and money for planning and implementation, they help to alert businesses of potential collection troubles. For more information on the red flag rules, you can explore the FTC’s website, which has a wealth of information on this, and many other, policies affecting businesses.

Dean Kaplan is President of The Kaplan Group, a commercial collection agency and consulting firm. He has extensive experience in finance, having closed over $500 million in M&A transactions as a CFO, consultant, and entrepreneur. You can find Dean on Twitter @TheKaplanGroup.

RELATED ARTICLESMORE FROM AUTHOR

A Business Owner’s Guide to Quality Assurance

Can Insurance Help Attract and Retain Talent?

Navigating the Risks and Potential Solutions in a Startup

How to Address the Top 5 Cybersecurity Challenges in Hybrid Work

Entrepreneur: Grow Now, Not Later

Healing from Burnout: Exercises to Develop a Healthier Nervous System

RELATED ARTICLES MORE FROM AUTHOR