GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Diverse perspectives on end-to-end encryption


Industry Update

PPISC urges solidarity for security

Red Flag enforcement delayed

Minding merchants' identities

Economic indicators suggest cautious optimism

MasterCard interchange rates as of April 2009


Bob Dickerson

Small business remote deposit capture: Will ISOs claim the market as they have done with credit card

Bob Meara
Celent LLC

Selling Prepaid

Prepaid in brief

A new passport for the corporate world

Loyalty is closed-loop gift card's 'second wind'

Control your destiny, manage your program


Use checks to open new verticals

Patti Murphy
The Takoma Group


Street SmartsSM:
Developing your elevator speech

Jon Perry and Vanessa Lang

Ten ways to juice your business

Michael Dotson
Worksmart Media Group

Pitfalls to avoid in acquiring relationships

Adam Atlas
Attorney at Law

The POS trifecta

Dale S. Laszig
DSL Direct LLC

Look to the stars

Vicki M. Daughdrill
Small Business Resources LLC

Company Profile

Infinity Payment Systems

New Products

Flag and filter online payments

Advanced Fraud Detection Suite

Outsourced residual computing

EZPay ISO Portal
Company: ePayware Inc.


May the forgiving force be with you



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

May 25, 2009  •  Issue 09:05:02

previous next

Red Flag enforcement delayed

The Federal Trade Commission has once again postponed enforcement of the Identity Theft Red Flag Rules of the Fair and Accurate Credit Transactions Act of 2003. The May 1, 2009, deadline was extended to Aug. 1, 2009. The FTC stated the further delay is intended "to give creditors and financial institutions more time to develop and implement written identity theft prevention programs."

FTC Chairman Jon Leibowitz said the extra time will "allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further."

Help on the Web

The agency has provided the following resources to help businesses determine if they are subject to the rule, answer common questions and help businesses build their programs.

"These red flags are not a checklist, but rather, are examples that financial institutions and creditors may want to use as a starting point," the FTC business alert states.

The FTC's business alert indicates creditors are subject to the rules and describes creditors as including "finance companies, automobile dealers, mortgage brokers, utility companies and telecommunications companies. Where nonprofit and government entities defer payment for goods or services, they, too, are to be considered creditors."

Covered accounts subject to the rules are also any account "for which there is a foreseeable risk of identity theft - for example, small business or sole proprietorship accounts."

Programs to fit

Understanding that distinct business types carry various levels of risk and hold different kinds of consumer information, the FTC does not expect every enterprise to implement the same type of identity theft program.

You only need "a Red Flags policy in place that fits the nature, scope and complexity of your business and gets you to a procedure that you follow that would allow your business, you or your employees to pick up those reasonably foreseeable Red Flags," said Brian Bradley, Executive Vice President, Strategy and Emerging Markets, for MicroBilt Corp., a risk management provider.

"The intent was to deal with any businesses that have access to private consumer information, but the details just weren't there," Bradley said. "I think that it is not unusual for these regulations to be a little more open-ended than people would like."

Cost of failure

Bradley said furniture stores and doctors exemplify types of businesses that are not as accustomed or adept at detecting patterns that are indicative of risk as financial institutions and bankcard acquirers.

"It really doesn't have to be a significant investment of money or time to be able to comply," Bradley said. "It looks like a big job, but I think once it's demystified, once you look into it, it's pretty easy to put it into place and then to follow it and make it part of your standard process."

The FTC increased the fine for failure to have a proper identity theft program in place to $3,500 per transaction completed while a business is deemed out of compliance with the Red Flag Rules.

Though he thinks the FTC will work with businesses to help them get up to speed, Bradley also said, "I think that you can expect that [the FTC] will make examples of businesses that fail to have an ID theft program in place. ... In the egregious cases, you will probably see some enforcement action."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios