Find out the who, what, when, where and how Red Flag rules work to protect you from identity theft.
What is the Red Flag rule and what does it mean to you?
The Red Flag rule originated with the Fair and Accurate Credit Transaction of 2003, known as yet another acronym, FACT. FACT rendered that financial institutions and creditors with covered accounts must have identity theft prevention plans to ensure that they could detect, identity and respond to activities or even patterns or practices that could be a “red flag” indicating identity theft crimes. The purpose of the Red Flag rule is to offer consumers protection of Protected Health Information (PHI), social security numbers, credit card numbers and claims information that could put them at risk for identity theft.
Red Flag Rule Details
-Prevention and response plans must be in written in detail.
-Board of Directors or senior employees must supervise prevention and response plans.
-Training must be provided on the implementation of the plans.
The original deadline of November 1, 2008 had those under the Red Flag rule seeing red and the deadline was extended by the Federal Trade Commission for six months to give financial institutions and creditors more time to develop and implement identity theft plans. As of today the Red Flag rule is expected to go into effect on May 1, 2009. There are still challenges to the Red Flag rule, with many entities arguing whether or not they should be included in the Federal Trade Commission oversight.
Who is defined as a financial institution or creditor?
Simply accepting credit cards as payment doesn’t necessarily qualify an institution as a creditor. Examples of those that are affected under the Red Flag rule include finance companies, automobile dealers, mortgage brokers, accountants/financial planners, utility companies and telecommunications companies. Financial institutions include (of course) banks and any institutions that offer accounts customers are able to write checks off of or even make telephone transfers. Non-profit and government agencies that defer payment for goods and services are defined as creditors. Even health care organizations that accept insurance or offer payment plans are considered to be caught in the net of the Red Flag rules application.
The Red Flag rule’s application to health care organizations may help to address the growing number of medical identity theft crimes. Insiders say that address discrepancies should be a big red flag. “Patients” come in using all of another person’s information, including health care benefits, and simply offer a change of address. This means that all correspondence and bills come to the identity thief while the real “patient” is unaware that their identity has been hijacked, that their medical history is now flawed and that their credit is being ruined.
Starting May 1, 2009 consumers may start noticing that formerly friendly banking, credit and medical registration processes may become more challenging as financial institutions, creditors and health care organizations attempt to comply with the new Red Flag rules. Only time will tell if the Red Flag rule will deter or prevent identity theft and how long it will take identity thieves to crawl through loopholes.
Please be sure to share your comments here at Identity Theft Secrets on any helpful or perhaps even aggravating changes you notice as you go about your business as the Red Flag rule starts flying. What do you think?
Will red flags have you and financial institutions seeing red?