Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Backs Off Red Flag Rules Again

Posted by ScuttleMonkey on from the deferring-the-cost-to-the-little-guy-for-now dept.

coondoggie writes to tell us that the Federal Trade Commission has yet again backed off of the new Red Flag Rule designed to protect consumer information. Complaining about cost of implementation, the enforcement date of the rule has been pushed back to August 1, 2009 to give businesses and institutions time to implement identity theft-prevention programs. "The FTC, federal bank regulatory agencies, and the National Credit Union Administration (NCUA) issued the Red Flags Rules as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. The final rules require financial and credit institutions that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts, the FTC said."

6 of 43 comments (clear)

  1. Costs too much, huh? by SirGarlon · · Score: 5, Insightful

    A survey done by the MedPage today of 100 hospitals found that they would have to spend over $10,000 to comply with the Red Flag Rule.

    In comparison with the operating budget of a typical hospital, I hardly think $10,000 is a major expense. They probably spend more than that waxing the floors every year.

    What's the average cost incurred by a single victim of identity fraud? Last I heard it was over $5k. So for the hospital to save its petty $10k in implementation costs, how many patients are they willing to screw over? (All of 'em, it seems.)

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
  2. What I really want! by glennpratt · · Score: 4, Insightful

    Free, instant access to any credit bureau.

    It's ridiculous the information they can store about me and then turn around and charge ME to look at it more than once a year. And my credit score, that should be free for me to view as well.

    I've already had two mistakes on my credit and I'm 25 (1 identity theft and 1 Verizon decided I didn't return FiOS equipment - of course I didn't return it, it's still in use!).

    Making this information free and accessible would be a start.

    1. Re:What I really want! by Anonymous Coward · · Score: 1, Insightful

      Well, then perhaps it should. If the credit card companies have such a hard-on for this information anyway, let them fund these organizations.

  3. Red Flag Rule = Guessing Game by Silentknyght · · Score: 5, Insightful

    Though the article summary touts the Red Flag Rule(s) as something that is designed to protect consumer information, I have serious doubts as to the efficacy of such a system.

    As stated in the article, it's just a system/rule to force banks/creditors/etc. to identify any suspicious activity (i.e. red flags) in their accounts. It doesn't seem to mention anything about any liability or culpability for false positives or worse--completely missing identity theft in action. That said, I still can't believe (provided the inforamtion is true) that companies continue to balk at this. The sums mentioned in the article--$10,000 to comply--are chump change, even if it's a repeated annual expenditure.

  4. Much Ado About Nothing by gcatullus · · Score: 2, Insightful

    The so called red flag rules are an added cost to small businesses and don't really do that much to help prevent identity theft. They apply to anyone who sells a product on any terms other than cash or credit card. This includes your local home heating oil dealer, local appliance store that might offer you a payment plan right down to a bar that lets you keep a tab until pay day.

    You can nominally comply with these rules by downloading a template over the internet and designating a person to "review" red flags. They are overly broad, and treat businesses that keep customer records on index cards in a file cabinet the same as the bank that holds your mortgage.

    These rules are much like PCI compliance. They sound impressive, but mean very little. Heck RBS Worldpay/Lynk is still processing credit cards but they lost their PCI compliance, after suffering a data breach jeopardizing 1.5 million payroll cards and at least 1.1 million Social Security numbers.

    PCI and red flag rules foist the onus of data protection onto small merchants, while the monopolists who benefit from Visa/Mastercard transactions don't have to change anything.

    Visa/Mastercard should be tasked with making the whole system more secure. Forcing the burden of data protection in a broken system onto small merchants is like blaming the depositors in a bank when it gets robbed.

  5. Considering that even one by Jane+Q.+Public · · Score: 3, Insightful

    serious case of identity theft could cost a single one of their "customers" more than $10,000 I think it is reasonable to expect them to do it.