Professional service providers such as attorneys, accountants, and doctors no longer fall within the definition of a creditor under the Red Flag Rule. The Federal Trade Commission’s (FTC) so-called “Red Flag Rule,” which requires all businesses that are potential identity-theft targets to develop plans to spot red flags and prevent theft, received much criticism for being too broad. But now there’s some relief:  S. 3987, the Red Flag Clarification Act, which President Obama signed into law in December 2010. To recap, under the Red Flag Rule, the FTC had been interpreting “creditor” broadly by including organizations that defer payment for goods or services and bill clients later. This led to widespread concern that the Red Flag Rule would be applicable to entities not typically thought of as creditors, including law firms and health care providers. The Red Flag Clarification Act exempts such entities by revising the definition of creditor to exclude creditors “that advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person.” Essentially, the Red Flag Clarification Act limits the scope of the Red Flag Rule to creditors that regularly and in the ordinary course of business obtain or use consumer reports in connection with a credit transaction; furnish information to consumer reporting agencies in connection with a credit transaction; or advance funds to a person based on the person’s obligation to repay the funds. The legislation does include a provision that would allow other types of creditors to be subject to the Red Flag Rule if the agency with authority over the creditor (such as federal banking agencies) determines that the creditor has accounts that are subject to a reasonably foreseeable risk of identity theft.

The federal government’s Red Flag Rule requires all businesses that are potential identity theft targets develop plans to spot red flags and prevent theft. How can you comply? Regulations designed to minimize identity theft went into effect in June of 2010. Are you complying with them? The federal government’s so-called “Red Flag Rule” requires all businesses that are potential identity-theft targets develop plans to spot red flags and prevent theft. Red flags include suspicious photo IDs, unverifiable addresses and Social Security numbers, and questionable account activity, to name just a few. While many companies think the Red Flag Rule only applies to financial institutions, it actually applies to all creditors — with creditors being defined as “businesses or organizations that regularly provide goods and services first and allow customers to pay later,” according to a Frequently Asked Questions guide prepared by the Federal Trade Commission, which will enforce the Red Flag Rule. In other words, if you invoice customers for your goods or services, you’re a creditor — and the Red Flag Rule applies to you. How can you comply?  You’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft. Other recommendations include data encryption, annual updates of your written policy, and staff training. While this may seem onerous, you don’t want to ignore the legislation. Fines are $3,500 per violation — and the threat of a lawsuit from customers whose identity has been stolen. Related articles Do You Comply with the FTC’s Red Flag Fule? Fighting Fraud with the Red Flags Rule: A How-To Guide for Business

While many companies think the federal Red Flag Rule applies only financial institutions, if you invoice customers for your goods or services, it applies to you, too. Regulations designed to minimize identity theft went into effect in June of 2010. Are you complying with them? The federal government’s so-called “Red Flag Rule” requires all businesses that are potential identity-theft targets develop plans to spot red flags and prevent theft. Red flags include suspicious photo IDs, unverifiable addresses and Social Security numbers, and questionable account activity, to name just a few. While many companies think the Red Flag Rule only applies to financial institutions, it actually applies to all creditors — with creditors being defined as “businesses or organizations that regularly provide goods and services first and allow customers to pay later,” according to a Frequently Asked Questions guide prepared by the Federal Trade Commission, which will enforce the Red Flag Rule. In other words, if you invoice customers for your goods or services, you’re a creditor — and the Red Flag Rule applies to you. How can you comply?  You’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft. Other recommendations include data encryption, annual updates of your written policy, and staff training. While this may seem onerous, you don’t want to ignore the legislation. Fines are $3,500 per violation — and the threat of a lawsuit from customers whose identity has been stolen. Related articles Do You Comply with the FTC’s Red Flag Fule?

To comply with the federal government’s Red Flag Rule, you’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft — and more. Regulations designed to minimize identity theft went into effect in June of 2010. Are you complying with them? The federal government’s so-called “Red Flag Rule” requires all businesses that are potential identity-theft targets develop plans to spot red flags and prevent theft. Red flags include suspicious photo IDs, unverifiable addresses and Social Security numbers, and questionable account activity, to name just a few. While many companies think the Red Flag Rule only applies to financial institutions, it actually applies to all creditors — with creditors being defined as “businesses or organizations that regularly provide goods and services first and allow customers to pay later,” according to a Frequently Asked Questions guide prepared by the Federal Trade Commission, which will enforce the Red Flag Rule. In other words, if you invoice customers for your goods or services, you’re a creditor — and the Red Flag Rule applies to you. How can you comply?  You’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft. Other recommendations include data encryption, annual updates of your written policy, and staff training. While this may seem onerous, you don’t want to ignore the legislation. Fines are $3,500 per violation — and the threat of a lawsuit from customers whose identity has been stolen. Related articles Do You Comply with the FTC’s Red Flag Fule?