Alert December 11, 2012

FTC Proposes to Narrow Creditor Coverage in Identity Theft “Red Flags” Rule

The FTC announced its interim final rule amending the FCRA’s “red flags” rule, to reflect changes to the definition of a “creditor” in the Red Flag Program Clarification Act of 2010.  The term, “creditor,” was previously defined, by reference to the Equal Credit Opportunity Act’s definition of creditor, which is defined broadly. The new rule limits the definition by narrowing the definition to include “ECOA creditors” who regularly and in the ordinary course of business engage in at least one of the following types of conduct:

  • Obtain or use consumer reports, directly or indirectly, in connection with a credit transaction;
  • Furnish information to consumer reporting agencies in connection with a credit transaction; or
  • Advances funds to or on behalf of a person, where the person is obligated to pay or the funds are secured by certain property, such as a car title.

In addition to limiting the scope of coverage for creditors, the Red Flag Program Clarification Act of 2010 also gives the FTC and other banking agencies, the authority to determine whether to include any other type of creditor that offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft. The FTC noted that advanced notice and commentary was not necessary because the rule sought to codify the amended statutory definition, and any delay would result in uncertainty about the red flags rule’s application. The rule is effective February 11, 2013.