LifeLock Blog

The Red Flag Laws that took effect on Jan. 1, 2008, where supposed to require businesses that handle credit to adopt written plans to identify, detect, monitor and respond to potential instances of identity theft. The enforcement deadline was set for a reasonable Nov.1, 2008, but the FTC as postponed the enforcement several times to allow business time to comply.

The first time the laws were delayed was to May 1, 2009. Then the FTC backed it up to August 1, 2009, and then Nov. 1, 2009, and then again to June 1, 2010 ,and then finally Jan. 1, 2011 were the FTC says it will finally be enforced.

One of the reasons for the delays were because of several groups petitioning the FTC for more time to comply. Other delays were because of several members of congress trying to narrow the scope of the law.

Several professions have already worked their way out of the Red Flag Laws including lawyers, health care providers, and physicians. Also under the new clarification act any businesses that allows deferred payments for expenses incidental to a service is now not considered to be a creditor and is exempt from the Red Flag laws as well. So it seems there’s not a whole lot of businesses left to comply mainly car dealerships from what I have read.  Oh well, at least they aren’t going to move the deadline back again it was starting to get ridiculous.

who are the red flag laws for anyway? I know the regulation says creditors and that was supposed to include health care providers, attorneys, doctors, hospitals, and anyone who allows people to deffer payments. I’m sure they meant to include them in the regulations to make their professions less likely to be used and abused by identity thieves. It seems the attorneys and health care providers as well as other who  permit payment to be deferred have been left off the hook.  Pending litigation by the American Medical Association and other physician organizations has all but gotten them exempt as well. So who are these laws for anyway?

What follows is the new clarification as to what a creditor means.

SECTION 1. SHORT TITLE.

This Act may be cited as the `Red Flag Program Clarification Act of 2010′.

SEC. 2. SCOPE OF CERTAIN CREDITOR REQUIREMENTS.

(a) Amendment to FCRA- Section 615(e) of the Fair Credit Reporting Act (15 U.S.C. 1681m(e)) is amended by adding at the end the following:

`(4) DEFINITIONS- As used in this subsection, the term `creditor’–

`(A) means a creditor, as defined in section 702 of the Equal Credit Opportunity Act (15 U.S.C. 1691a), that regularly and in the ordinary course of business–

`(i) obtains or uses consumer reports, directly or indirectly, in connection with a credit transaction;

`(ii) furnishes information to consumer reporting agencies, as described in section 623, in connection with a credit transaction; or

`(iii) advances funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person;

`(B) does not include a creditor described in subparagraph (A)(iii) that advances funds on behalf of a person for expenses incidental to a service provided by the creditor to that person; and

`(C) includes any other type of creditor, as defined in that section 702, as the agency described in paragraph (1) having authority over that creditor may determine appropriate by rule promulgated by that agency, based on a determination that such creditor offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft.’

(b) Effective Date- The amendment made by this section shall become effective on the date of enactment of this Act.

Confused? Yeah so am I, not sure what all that says but it seems no one except for people who most likely already have identity theft detection programs active have to follow these rules. These Red Flag laws started out as a great idea, but now they a simply a job that can be fixed simply by complaining enough about them.

The Federal Trade Commission has rejected the request to exempt physicians and other health care professionals from the FTC Red Flag, identity theft prevention, laws. It seems the U.S. District Court for the District of Columbia found that the FTC exceeded its authority in enforcing it’s Red Flag laws against attorneys and layers. So I guess the AMA, American Medical Association, thought they would take a stab at trying to get themselves exempt as well. Their first attempt has been rejected.

This does not come as a surprise, the FTC is still trying to appeal the decision brought by the American bar Assn, so it doesn’t makes sense that they would just let the medical professionals off the hook. I understand that these businesses don’t want to implement identity theft programs, like the rules regulate, but it would be for the benefit of their customers.

The Red Flags laws have been delayed several times and it seems that they could be delayed much longer if the lawsuits don’t clear up. It seems the AMA is trying to prevent the FTC from enforcing the regulations until the ABA litigation is resolved. Who knows how long that could take?

I think the Red Flag laws are a good thing and bring some responsibility to creditors. If they are going to lend people money be it a banks, medical, or lawyers they should take the time to unsure they are charging the right person. I think the the Red Flag laws will be most helpful in the medical field due to the large number of medical identity thefts that happen.