Identity theft was supposed to get a whole lot tougher this May. Unfortunately, foot-dragging and logistical problems have yet again pushed back the implementation of new "red flag rules" designed to protect consumers from having their identities hijacked by crooks.
You've never heard of them? Join the crowd.
"There hasn't been a big consumer education push," says Chris Hoofnagle, a senior fellow with the Berkeley Center for Law & Technology in California."These rules are not well-known, even among consumer advocates."
Hoofnagle says the information is relatively scarce because the rules stem from a 2003 law that still isn't being enforced.
"I'm increasingly concerned about the red flag rules -- it took too long for the agencies to develop them, and too long for their implementation," he says.
The scoop on red flags
- What are red flag rules?
- Who do the rules apply to?
- How will the rules benefit you?
- Who opposes the rules?
What are red flag rules?The red flag rules push financial institutions to make sure that people are who they say they are -- authenticating identities will be the name of the game. Red flag rules stipulate that financial institutions and creditors establish a written identity-theft prevention program to "detect, prevent and mitigate identity theft in connection with the opening of certain accounts or existing accounts," according to a Federal Trade Commission report.
The rules offer 26 examples of suspicious behavior that financial institutions and creditors can use as red flag guidelines.
The presentation of altered documents, a suspicious address change, a fraud alert on a credit report and other unusual account activities are potential red flags.
The idea is to prompt banks and creditors to go into "authentication mode" and determine whether fraudsters are trying to apply for credit in someone else's name or hijack someone else's accounts.
The red flag rules stem from the 2003 Fair and Accurate Credit Transactions Act. Relevant financial institutions originally had until November 2008 to come into full compliance or be subject to penalties. The FTC extended that deadline to May 1, 2009, after many entities complained that they needed more time to develop and implement appropriate identity-theft prevention programs. Now the agency has again extended the deadline, this time to Aug. 1, 2009.
"Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further," FTC Chairman Jon Leibowitz said in a statement.
Proponents say red flag rules will standardize how credit-issuing entities respond to suspicious activities regarding your accounts.
"These rules for the first time provide a uniform road map for protecting customer information and preventing identity theft," says Sai Huda, CEO of Compliance Coach, a San Diego-based company that provides red flag compliance software.
"Before the rule, there was only an implied obligation on business to protect information," he says.