Search

Subscribe to ProtectMyID Blog via RSS

Rss Posts

Rss Comments

Welcome to the ProtectMyID Blog

Lessons and stories from the front lines of fighting identity theft.

 

The Delays in Red Flag Rules

Feb 22

Airport Delay

Rex Davis, director of operations, Identity Theft Resource Center

Since the announcement of the Red Flag Rules was first made in January 2008, the projected enforcement date has been postponed multiple times.  In the case of each postponement, there has been resistance to being included in the population subject to these rules by one group or another.  This, in itself, raises multiple questions about the focus of these different groups.

Simply put, the Red Flag Rules require an entity that grants credit or establishes a payment plan to create a written policy for detecting and dealing with identity theft issues.  A definitive policy on the steps to detect, prevent, and to mitigate the damages of identity theft on the victim/consumer.

In general, the first question that arises is, “why are these various groups, seeking these delays, objecting to having to create a program and policy with the intended function to help prevent and or mitigate fraud losses?  In all of the time I have studied the subject of identity theft, I have not found one company that has gone after the victim with malicious intent.  I have seen errors made, yes, but no malice in those errors. 

The second question I find interesting is “do these companies fear establishing policies that should be viewed as protecting their clients/customers as well as themselves”?  Or, is it a case of fearing to take a closer look at how they conduct their operations and discovering any number of flaws with their process?

The third and forth questions are, with the various delays that have been requested and the time which has passed, how many flags have been missed and how many victims have encountered negative issues because a company had no clearly defined policy for mitigation in place? 

The final question is, “how should consumers view a company that does not comply with the red flag rules or objects to being subject to them?”  For the company that does not strive to create a policy, I suggest you give serious consideration to the ramifications of how badly your company’s reputation can be hurt by an identity theft case miss handled.

2 Comments Add your comment

  1. Stephen
    Feb 26 at 21:14

    Very interesting. I wasn’t even aware of these rules. But to what degree should the government be able to dictate the rules and policies of a company? I suppose the government does that in a LOT of other ways with companies.

    [Reply]

    PMID_Alvin Reply:

    Hello Stephen and thank you for your feedback. I wish I had an answer to your question. I guess we will have to wait and see when the ruling goes into effect.

    Here is more information about the Red Flags Ruling: http://www.ftc.gov/redflagsrule

    [Reply]

Post a comment

Note: ProtectMyID.com takes your privacy seriously. In order to post comments on this Blog Site you will be required to provide your name and email address for verification purposes only. This information will not be shared, sold or used for marketing purposes. Confidential, private or credit information should not be posted to this Blog Site at any time. Children under the age of 13 are not permitted to post comments to this Blog Site.