October 23, 2008

FTC extends "Red Flags Rules" enforcement six months

The Federal Trade Commission is extending the deadline for enforcement of the identity theft prevention “Red Flags Rules” until May 1.

The deadline was extended because many companies were not prepared to meet the original Nov. 1 deadline, an FTC news release said.

The rules require that creditors and financial institutions create and implement an ID theft prevention program.

Entities already have had a year to comply and during that time the FTC has launched outreach efforts to explain the rules. But some companies were not aware that they fell under the distinction of a creditor or financial institution, according to the FTC. Other entities were unprepared because they are not usually required to comply with FTC rules so they ignored the Red Flag guidelines.

“There seems to be a lot of feedback from people saying that there's no way we can meet this deadline,” Eduard Goodman, general counsel and chief privacy officer for vendor Identity Theft 911, told SCMagazineUS.com Thursday.

Goodman said the deadline extension only applies to the FTC's enforcement of the rules. The deadline extension will not be applicable for businesses that are regulated by federal bank regulatory agencies and the National Credit Union Administration — namely banks, credit unions and credit card issuers.

The deadline extension will affect, however, the majority of the approximately 11 million businesses that are required to comply with the rules, Goodman said.

For the average small-to-medium-size business that didn't know about the rules or hasn't had the time or resources to implement it, the delay is a meaningful recognition that creating and implementing an ID prevention program is important, Goodman said.

“It's better to do it right than to try to meet an unrealistic deadline,” Goodman said.

Goodman said that the true intent of the rules is to shift the burden from the customer having to deal with the problem of ID theft to businesses that are mistakenly granting credit to fraudsters.

The FTC could not be reached for comment Thursday.

Related Articles
Related Topics
Related Links

More in News

22M accounts exposed in Yahoo Japan breach

Users have been urged to change their passwords as a precaution.

Espionage hacking campaign "Operation Hangover" originates in India

Researchers at security firm Norman on Monday, building on earlier analysis from ESET, publicized a new attack infrastructure that is conducting national security and industrial espionage on targets across the world.

Operators again revive Pushdo botnet, use a popular tactic to stay hidden

Operators again revive Pushdo botnet, use a popular ...

Botnet operators are using a domain-generation algorithm to conceal their command-and-control center. And once they knew security researchers were on to their tricks, they got even slicker.