View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

FTC RIN: 3084-AB50 Publication ID: Fall 2019 
Title: Identity Theft Rules 
Abstract:

On December 11, 2018, the Commission initiated periodic review of the Identity Theft Rules, which include the Red Flags Rule and the Card Issuer Rule. The public comment period closed on February 11, 2019, and staff is reviewing the comments. Staff plans to submit a recommendation to the Commission by December 2019.

The Red Flags Rule requires financial institutions and creditors to develop and implement a written Identity Theft Prevention Program. By identifying red flags for identity theft in advance, businesses can be better equipped to spot suspicious patterns that may arise and take steps to prevent potential problems from escalating into a costly episode of identity theft. An Identity Theft Prevention Program must have four parts. First, the program must include reasonable policies and procedures to identify signs or red flags of identity theft in the day-to-day operations of the business. Second, the program must be designed to detect the red flags of identity theft identified by the business. Third, the program must set out the actions the business will take on detecting red flags. Finally, because identity theft is an ever-changing threat, a business must re-evaluate its program periodically to reflect new risks from this crime.

The Card Issuer Rule requires credit and debit card issuers to implement reasonable policies and procedures to assess the validity of a change of address if it receives notification of a change of address for a consumer's debit or credit card account and, within a short period of time afterward, also receives a request for an additional or replacement card for the same account.

 
Agency: Federal Trade Commission(FTC)  Priority: Substantive, Nonsignificant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Prerule Stage 
Major: Undetermined  Unfunded Mandates: No 
EO 13771 Designation: Independent agency 
CFR Citation: 16 CFR 681   
Legal Authority: 15 U.S.C. 1681m(e)    15 U.S.C. 1681m(e)(4)    15 U.S.C. 1681c(h)   
Legal Deadline:  None
Timetable:
Action Date FR Cite
Rule Review; Request for Comments  12/11/2018  83 FR 63604   
Rule Review Comment Period Closed   02/11/2019 
Recommendation to Commission  12/00/2019 
Regulatory Flexibility Analysis Required: Undetermined  Government Levels Affected: Local, State 
Small Entities Affected: Businesses, Governmental Jurisdictions, Organizations  Federalism: No 
Included in the Regulatory Plan: No 
RIN Information URL: https://www.ftc.gov/news-events/press-releases/2018/12/ftc-seeks-comment-identity-theft-detection-rules  
RIN Data Printed in the FR: No 
Related RINs: Split from 3084-AA94 
Agency Contact:
Amanda Koulousias
Federal Trade Commission
600 Pennsylvania Avenue NW,
Washington, DC 20580
Phone:202 326-3334
Email: akoulousias@ftc.gov

Stacy Procter
Attorney
Federal Trade Commission
10990 Wilshire Boulevard, Suite 400,
Los Angeles, CA 90024
Phone:310 825-4300
Email: sprocter@ftc.gov