Red Flags Rule white papers

Beginning Dec. 31, 2010, all companies that send invoices will need to have in place a red flags compliance strategy to help combat identity theft. The Red Flags Rule, a component of the Fair and Accurate Credit Transactions (FACT) Act signed into law in December 2003, requires that financial institutions and creditors implement a plan to identify, detect and respond to attempts to use stolen identity information. Note: The FTC has extended the deadline for a third time from Nov. 1, 2009, to Dec. 31, 2010. After Dec. 31, 2010, any occurrence of identity theft at your organization will expose you to an FTC investigation.

The Red Flags Rule has two key components that distinguish it from other identity theft, security and penetration regulations: 1) It requires you to have a board-approved, written set of policies and procedures to prevent the use of stolen identity; 2) Companies and institutions defined as “creditors” are required to comply – and if you send invoices, you are probably a “creditor” under this rule.

To learn more about what the rule requires, the types of businesses that must comply and things to consider when formulating your compliance, download the white paper, The Red Flags Rule: What you need to know. There are also industry-specific versions of the white paper available for  health care, not-for-profit, higher education and financial institutions.