The FTC’s Red Flags Rule, a federal law that requires
covered companies to implement an Identity Theft Prevention Program, will be
fully enforceable on Dec. 31, according to the Jewelers Vigilance
The rule requires companies that provide branded credit
cards or in-house credit accounts for consumers to create a program to detect
and prevent identity theft.
Congress recently amended the rule to narrow the application
of the law by specifying the definition of “creditor.” According to the
clarification, where the opening of a credit account presents
no risk for identity theft (i.e. no instant credit offered, only services (not
goods) provided) there is no need to implement a Red Flag Rule program.
Congress passed the amendment on Dec. 7.
Companies that extend credit accounts that are subject to a
reasonably foreseeable risk of identity
covered by the rule and must establish a program to address the risk. Businesses that offer credit
arrangements for their customers (retail or wholesale), but do not provide branded
credit cards or in-house consumer credit accounts, should assess the
vulnerability of these accounts to an identity thief. If a foreseeable risk exists, they are required to implement
JVC offers a do-it-yourself compliance kit with guidance and
templates for those companies that must establish a Red Flags Rule
Program. The program helps
companies identify, detect and respond to the “red flags” of identity theft.
For more information, visit jvclegal.org.