The Red Flags Rule is a policy put in place by the FTC (Federal Trade Commssion) that is designed to help minimize the damage done by Identity Theft and to help stop Identity Fraud.  In short, it requires businesses to look for Red Flags that might help identify an identity thief.

The four basic elements to the program are:

1) Identify Relevant Red Flags

• Identify the red flags of identity theft you’re likely to come across in your business

2) Detect Red Flags

• Set up procedures to detect those red flags in your day-to-day operations

3) Prevent and Mitigate Identity Theft

• If you spot the red flags you’ve identified, respond appropriately to prevent and mitigate the harm done

4) Update your Program

• The risks of identity theft can change rapidly, so it’s important to keep your Program current and educate your staff

There is quite a bit already on the web about Red Flags so I will not go into much detail here and for inquiring minds, there is a brief article on WikiPedia about Red Flags.

Interesting Definitions

The FTC originally defined the Red Flags Rule as being applicable to Financial Institutions and Creditors.  To the average joe, this would be banks and lenders such as credit card companies, mortgage brokers, etc.  The reality is that the FTC has defined Creditor as: The definition of “creditor” is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later.

This is interesting twist as per the definition, law firms, accounting firms, consulting agencies, telecommunications and utility businesses, all need to comply with the Red Flags Rule.

I agree with the FTC in that this is a good thing.  If you are in a low risk business, the program is simple and easy to implement.  The FTC has a simple set of guidelines you can use to create your policy, or you can go with one of the many consulting firms out there who will create a program for you.  According to the Wikipedia article on Red Flags – a program can cost upwards of $1000.  One thing I like about IDSure.org is when you sign up for one of their Identity Verification programs, you get the Red Flags Policy for free.  You just need to step through the wizard and check the items that are revelant to your business and then print it out and follow it.  Pretty Easy to be in compliance.  While there are many people complaining about having to comply, I will be doing my business with companies who comply.  Afterall, if the business does not want to help stop Identity Theft, what else is going on?