Subscribe to ProtectMyID Blog via RSS

Rss Posts

Rss Comments

Welcome to the ProtectMyID Blog

Lessons and stories from the front lines of fighting identity theft.


The Delays in Red Flag Rules

Feb 22

Airport Delay

Rex Davis, director of operations, Identity Theft Resource Center

Since the announcement of the Red Flag Rules was first made in January 2008, the projected enforcement date has been postponed multiple times.  In the case of each postponement, there has been resistance to being included in the population subject to these rules by one group or another.  This, in itself, raises multiple questions about the focus of these different groups.

Simply put, the Red Flag Rules require an entity that grants credit or establishes a payment plan to create a written policy for detecting and dealing with identity theft issues.  A definitive policy on the steps to detect, prevent, and to mitigate the damages of identity theft on the victim/consumer.

In general, the first question that arises is, “why are these various groups, seeking these delays, objecting to having to create a program and policy with the intended function to help prevent and or mitigate fraud losses?  In all of the time I have studied the subject of identity theft, I have not found one company that has gone after the victim with malicious intent.  I have seen errors made, yes, but no malice in those errors. 

The second question I find interesting is “do these companies fear establishing policies that should be viewed as protecting their clients/customers as well as themselves”?  Or, is it a case of fearing to take a closer look at how they conduct their operations and discovering any number of flaws with their process?

The third and forth questions are, with the various delays that have been requested and the time which has passed, how many flags have been missed and how many victims have encountered negative issues because a company had no clearly defined policy for mitigation in place? 

The final question is, “how should consumers view a company that does not comply with the red flag rules or objects to being subject to them?”  For the company that does not strive to create a policy, I suggest you give serious consideration to the ramifications of how badly your company’s reputation can be hurt by an identity theft case miss handled.