Banking and Finance Law Daily FTC reviewing Identity Theft Red Flags Rule, Card Issuers Rule
Tuesday, December 4, 2018

FTC reviewing Identity Theft Red Flags Rule, Card Issuers Rule

By Lisa M. Goolik, J.D.

As a part of its "systematic review" of all current regulations and guidelines, the Federal Trade Commission is seeking comment on whether it should revise its Red Flags Rule or its Card Issuers Rule. The rules are intended to prevent identity theft, which the FTC reports was the second biggest category of consumer complaints made to the FTC in 2017. Comments on the two rules are due Feb. 11, 2019.

Identity theft rules. The FTC’s Red Flags Rule requires businesses and organizations with covered accounts to implement a written identity theft prevention program designed to detect the "red flags" of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage.

The Card Issuers Rule requires issuers to adopt procedures to assess the validity of a change of address request if, within a short period of time after receiving the request, the issuer receives a request for an additional or replacement card for the same account. The rule bars a card issuer from issuing an additional or replacement card until it has notified the cardholder about the request or otherwise assessed the validity of the address change.

Cost, benefit analysis. The FTC is seeking information about the costs and benefits of identity theft rules and guidelines, as well as their regulatory and economic impact. According to the FTC, the feedback received will assist the Commission in identifying those rules and guides that warrant modification or rescission. The questions on which the FTC is seeking comment include:

  • Is there a continuing need for the specific provisions of the rules?
  • What benefits have the rules provided to consumers?
  • What significant costs, if any, have the rules imposed on consumers?
  • What significant costs, if any, have the rules imposed on businesses, including small businesses?
  • Are there any types of creditors that are not currently covered by the Red Flags Rule but should be, because they offer or maintain accounts that could be at risk of identity theft?
  • Do the rules overlap or conflict with other federal, state, or local laws or regulations?

Comments. Comments may be submitted online, by mail, or hand delivered. To submit by mail, write "Identity Theft Rules, 16 CFR Part 681, Project No. 188402" on the comments and envelope and mail to: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW, Suite CC-5610 (Annex B), Washington, D.C. 20580. Deliver comments in person to Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th Street SW, 5th Floor, Suite 5610 (Annex B), Washington, D.C. 20024.

MainStory: TopStory ConsumerCredit CyberPrivacyFeed IdentityTheft Privacy

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More

Banking and Finance Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on banking and finance legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.