Using The FTC “Red Flags Rule” To Protect Your Business Profits

Credit card fraud costs businesses over $190 billion dollars each year. Yes, that is billions with a “B!” The holiday season is a popular time of the year for scam artists to steal identities and use stolen or fake credit cards. Taking some proactive steps and complying with the Red Flags Rule will help keep your business from losing revenue from accepting a stolen or fake credit card.

The Federal Trade Commission (FTC) requires businesses to comply with the “Red Flags Rule” to prevent this type of fraud. The Red Flags Rule mandates that businesses develop, implement, and administer an identity theft protection program to prevent identity theft.

Your best line of defense against identity theft and to comply with the Red Flags Rule is to follow these four steps: (1) Identify Relevant Red Flags; (2) Detect Red Flags; (3) Prevent and Mitigate Identity Theft; and (4) Update the Program.

Identify any potential suspicious patterns, practices or activities that are indicative of identity theft. While compiling your list, analyze the process you use to extend credit, accept payments, and collect customers’ personal information. Do not neglect to think about which employees and departments have access to customer information and your business bank and credit accounts.

Once you identify your potential red flags, train your employees and managers to detect the red flags. Include in your training an identification verification and authentication process and procedure. Consider also an anonymous method that employees may report suspicious activities of other employees.

If a red flag is detected, your employees and managers should know the appropriate steps to take to respond. The FTC provides some examples of appropriate responses.

  • monitor a covered account for evidence of identity theft
  • contact the customer
  • change passwords, security codes, or other ways to access a covered account
  • close an existing account
  • reopen an account with a new account number
  • notify law enforcement

Update your identity theft prevention policy as changes are needed. Your identity theft policy should change as you encounter new experiences that you did not foresee, as technology changes, as you discover more ways to improve on your identity verification and authentication process, or for any other reason that warrants a change to your policy and procedures.

The above is for general information only. Not all types of businesses are required to comply with the Red Flags Rule. For your consultation regarding your business law issues, contact Business Law Attorney, Michael Attorney Michael Burnett at 678-905-4450 Ext. 3. MICHAEL S. BURNETT, LLC