He is also concerned that some banks may find ways to simply override authentication procedures.
"There has to be some counterweight to that problem," he says.
Heather Grover, a director of product management with Experian's Fraud & Identity Solutions, says that there has to be some balance between the consumer's best interest and an organization's need to keep its defenses opaque to thieves.
"Fraudsters are students of their craft and they'll really game the system as soon as they find the hole," she says.
Who opposes the rules?The red flag rules give businesses the flexibility to design a program that works best with their respective business model and available resources.
However, some creditors and financial institutions aren't too happy about what they see as the added financial and bureaucratic burden of being forced to comply with the rules.
Some smaller institutions have complained that the red flag rules place an unnecessary financial and operational burden on them that they cannot afford. Many will face the prospect of having to hire a third-party company to ensure red flag rule compliance.
So while financial giants may have a legion of in-house staffers dedicated to fraud prevention, your local community bank may opt to use a third-party vendor to ensure red flag compliance.
The National Automobile Dealers Association, or NADA, says it supports the government's goal of trying to protect consumers from identity theft, but believes the red flag rules will hurt smaller dealers with limited financial resources.
"We anticipate most dealers will find it challenging to develop and implement a comprehensive identity theft program as required by the red flag rules," says Paul Metrey, director of regulatory affairs for NADA.
Metrey says the program will demand significant time and attention from managers and service providers. He says many provisions of the red flag rules have already been addressed in prior laws, like the FTC Safeguards Rule and FTC Privacy Rule.
Not surprisingly, lobbyists for the banking industry also rejected the rules as heavy handed.
The Illinois Bankers Association in a statement to the FDIC called the rules "excessive and overly burdensome."
Hoofnagle thinks that this opposition has led to foot-dragging on the part of the banks.
"I think that there are some banks that are waiting to be forced to implement them," he says.
There may be some reluctance to accept red flag rules as a best-practice measure, Grover says , but adds that many will eventually come around when they see the benefits of protecting their customers, as well as a decrease in fraud losses.
More: Review the list of red flag triggers.