The rules have been delayed three times already and were originally set to become practice Nov. 1, 2008.
NetworkWorld Extra: 12 mad science projects that could shake the world
Under the Red Flags rules all companies or services that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers must develop a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program.
The final rules require financial and credit institutions that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts, the FTC said.
The FTC stated that some industries and entities within the agency's jurisdiction were uncertain about their coverage under the Red Flags Rule. Many entities also argue that, because they generally are not required to comply with FTC rules in other contexts, they have not had enough time to develop compliance plans. Others have raised a stink about complying with the rules.
As a result the program hasn’t been without its legal challenges. This month the House unanimously approved a measure to exempt health care, legal and accounting firms employing fewer than 20 people from Red Flags. That bill is now in committee.
Also this month a US District court ruled that lawyers are exempt from the red flags rule requirements. The ruling gave a victory to an industry that objected to the FTC's definition of what constitutes a "creditor." The FTC said it may fight that ruling.
Meanwhile the identity theft problem appears to grow unabated. The FTC in February released the list of top consumer fraud complaints for 2009 and showed that for the ninth year in a row, identity theft is the number one problem and it is showing no signs of letting up. For the ninth year in a row identity theft - particularly in Arizona and California -- was the number one consumer complaint filed with the Federal Trade Commission in 2008. Of 1,223,370 complaints received in 2008, 313,982 - or 26%- were related to identity theft.
The FTC 's list shows that credit card fraud was the most common form of reported identity theft at 20%, followed by government documents/benefits fraud at 15%, employment fraud at 15%, phone or utilities fraud at 13%, bank fraud at 11 %and loan fraud at 4%. The CSN received over 1.2 million complaints during calendar year 2008.