Raise the Red Flag: Businesses Now Required to Prevent Identity Theft

The "Red Flags Rules"

The government is about to release its latest (albeit somewhat convoluted) attack in the battle against identity theft. The "Red Flags Rules" require any financial institution or business that issues credit—from mortgage brokers to auto dealerships to utilities companies—to identify (or "flag") any suspicious activity that pops up on your account. Any number of things could call for a red flag, like obviously altered or forged documents, fraud alerts placed on credit reports, or sudden excessive spending.

But red-flagging is just one requirement of the new law. Businesses must also come up with comprehensive identity theft prevention programs that spell out how they'll respond to these red flags. It's not enough to simply earmark possible fraud—they must take action to deter it, like requiring further documentation or denying a credit application altogether. And these preventative measures must be periodically updated as identity theft tactics change and evolve.

Delay in Enforcement

The original deadline for full compliance with the Red Flags Rules was November 1, 2008, but the Federal Trade Commission is granting a 6-month delay in enforcement. Businesses that were confused about their need to comply now have until May 1, 2009 to implement the Rules.

How the Red Flag Rules Benefit You

While many businesses—especially those with limited resources—aren't excited by the prospect of implementing these new rules (conveniently summarized in a 256-page document), you as a consumer should feel a little bit safer. Your bank or credit card company is now legally responsible for spotting potential fraud and stopping it in its tracks. You may experience more scrutiny when applying for new credit or opening an account, but a few extra security questions should be well worth the additional protection.