GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

The legal blitz: Time to regroup

News

Industry Update

Payment trends for 2009

Rainy day ISOs

Panini gives back

Red Flag mayday

Goliath beaten with gavel

Features

Q&A with the ETA

Views

Be a payment security architect

Scott Henry
VeriFone

Give ACH a chance

Biff Matthews
Cardware International

Education

Street SmartsSM:
A closer you'll become

Jason Felts
Advanced Merchant Services

Avoid those third-party blues

Ken Musante
Humboldt Merchant Services

Spot-on PCI programs

Tim Cranny
Panoptic Security Inc.

R-E-S-P-E-C-T

Jeff Fortney
Clearent LLC

Ten keys to superior employee selection

Curt Hensley
CSH Consulting

Get rewarded with loyalty

Christian Murray
Global eTelecom Inc.

Company Profile

Vision Payment Solutions LLC

New Products

Simply dynamic POS software

TransactionX
Company: 1stTransaction Corp.

No-cost processing for government agencies

Federal Payments
ACH Direct Inc.

Inspiration

United we stand

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

November 10, 2008  •  Issue 08:11:01

previous next

Red Flag mayday

The Federal Trade Commission is suspending enforcement of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) Red Flag Identity Theft Rules until May 1, 2009, to give creditors and financial institutions additional time to find out if they come under FTC jurisdiction and, if so, to develop and implement the appropriate identity theft prevention programs.

Under Red Flag rules, financial institutions with covered accounts - an account used mostly for personal, family or household purposes or accounts for which there is a foreseeable risk of identity theft - must have identity theft prevention programs to identify, detect and respond to activities that could indicate identity theft.

Land of confusion

However, many entities were surprised to learn their business practices could cause them to fall under FACTA's definition of creditor or financial institution. Since FTC rules do not usually apply to them, they had not taken particular notice of the Red Flag rules and complained that they learned of the requirements too late for the Nov. 1, 2008, compliance deadline.

"Well, one thing to keep in mind is that this rule was put out by the FTC, which does not have regulatory jurisdiction over banks," said Holli Targan, Attorney and Partner at Jaffe, Raitt, Heuer & Weiss PC.

"Regular businesses are not accustomed to keeping abreast of what the FTC tells them they have to do because they're not used to being regulated like that," she added. "The FTC cast a wide net when it said 'creditor' and 'financial institution' to people that normally wouldn't think of themselves as such."

Creditors, as defined by the FTC, are entities that regularly extend, renew or continue credit or arrange for the extension, renewal or continuation of credit. These include, for example, finance companies, automobile dealers, mortgage brokers, utilities and telecommunication service providers. A financial institution is defined by the FTC as a state or national bank, federal savings and loan association, mutual savings bank or federal credit union.

Shine a light

Financial institutions are regulated by federal regulatory agencies and the National Credit Union Association. State-chartered credit unions fall under FTC jurisdiction. Most creditors, except for those controlled by federal bank regulatory agencies and the NCUA, also come under FTC purview. "They define creditor as any person that provides a service for which the consumer pays after delivery of product or services," Targan said. "And that could be almost anyone. So the way the FTC currently defines those terms is confusing as to who exactly these Red Flag rules apply to. It's not a bright line dividing and clarifying the definitions. The FTC needs to recognize that there is confusion and will hopefully shed some light on it."

Reach out and clarify

The FTC said immediate enforcement of the Nov. 1 compliance date would be neither equitable for these covered entities nor beneficial to the public. The FTC believes this six-month extension will give the FTC time to conduct additional education and outreach regarding Red Flag compliance.

For those uncertain if they fall under FTC jurisdiction, Targan recommends they "take a look at their business, talk to a lawyer and make that determination as to whether they have to comply with the regulations." The FTC, federal banking agencies and the NCUA issued guidelines to help covered entities design their programs. For more information, visit http://www.ftc.gov/opa/2007/10/redflag.shtm.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems