FTC extends "Red Flags Rules" enforcement six months

Share this article:

The Federal Trade Commission is extending the deadline for enforcement of the identity theft prevention “Red Flags Rules” until May 1.

The deadline was extended because many companies were not prepared to meet the original Nov. 1 deadline, an FTC news release said.

The rules require that creditors and financial institutions create and implement an ID theft prevention program.

Entities already have had a year to comply and during that time the FTC has launched outreach efforts to explain the rules. But some companies were not aware that they fell under the distinction of a creditor or financial institution, according to the FTC. Other entities were unprepared because they are not usually required to comply with FTC rules so they ignored the Red Flag guidelines.

“There seems to be a lot of feedback from people saying that there's no way we can meet this deadline,” Eduard Goodman, general counsel and chief privacy officer for vendor Identity Theft 911, told SCMagazineUS.com Thursday.

Goodman said the deadline extension only applies to the FTC's enforcement of the rules. The deadline extension will not be applicable for businesses that are regulated by federal bank regulatory agencies and the National Credit Union Administration — namely banks, credit unions and credit card issuers.

The deadline extension will affect, however, the majority of the approximately 11 million businesses that are required to comply with the rules, Goodman said.

For the average small-to-medium-size business that didn't know about the rules or hasn't had the time or resources to implement it, the delay is a meaningful recognition that creating and implementing an ID prevention program is important, Goodman said.

“It's better to do it right than to try to meet an unrealistic deadline,” Goodman said.

Goodman said that the true intent of the rules is to shift the burden from the customer having to deal with the problem of ID theft to businesses that are mistakenly granting credit to fraudsters.

The FTC could not be reached for comment Thursday.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.