Alert June 25, 2013

FTC Revises Business Guide on Red Flags Rule

The FTC issued revised guidance on complying with the Fair Credit Reporting Act’s “red flags” rule, a rule aimed at protecting consumers by requiring certain businesses to implement a written identity theft prevention program to detect the warning signs of identity theft and take steps to prevent the crime and mitigate its damage. The guidance clarifies that only those financial institutions and creditors that have “covered accounts” are subject to the rule. “Covered accounts” include consumer accounts that permit multiple payments or transactions and any other account that a financial institution or creditor offers or maintains that could have a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft. In addition, the guidance also provides answers to several FAQs and offers a four-step process for developing a program that will comply with the rule. The four-step process includes: (1) identifying relevant red flags, (2) detecting red flags, (3) preventing and mitigating identity theft and (4) updating the program.