The Red Flag Rule and How You Can Comply with It
To comply with the federal government’s Red Flag Rule, you’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft—and more.
Regulations designed to minimize identity theft went into effect in June of 2010. Are you complying with them?
The federal government’s so-called “Red Flag Rule” requires all businesses that are potential identity-theft targets develop plans to spot red flags and prevent theft. Red flags include suspicious photo IDs, unverifiable addresses and Social Security numbers, and questionable account activity, to name just a few.
While many companies think the Red Flag Rule only applies to financial institutions, it actually applies to all creditors—with creditors being defined as “businesses or organizations that regularly provide goods and services first and allow customers to pay later,” according to a Frequently Asked Questions guide prepared by the Federal Trade Commission, which will enforce the Red Flag Rule.
In other words, if you invoice customers for your goods or services, you’re a creditor—and the Red Flag Rule applies to you.
How can you comply? You’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft. Other recommendations include data encryption, annual updates of your written policy, and staff training.
While this may seem onerous, you don’t want to ignore the legislation. Fines are $3,500 per violation—and the threat of a lawsuit from customers whose identity has been stolen.