|View EO 12866 Meetings||Printer-Friendly Version Download RIN Data in XML|
|FTC||RIN: 3084-AB50||Publication ID: Fall 2021|
|Title: Identity Theft Rules|
On December 11, 2018, the Commission initiated periodic review of the Identity Theft Rules, which include the Red Flags Rule and the Card Issuer Rule. The public comment period closed on February 11, 2019, and staff is reviewing the comments. Staff plans to submit a recommendation to the Commission by January 2022.
The Red Flags Rule requires financial institutions and creditors to develop and implement a written Identity Theft Prevention Program. By identifying red flags for identity theft in advance, businesses can be better equipped to spot suspicious patterns that may arise and take steps to prevent potential problems from escalating into a costly episode of identity theft. An Identity Theft Prevention Program must have four parts. First, the program must include reasonable policies and procedures to identify signs or red flags of identity theft in the day-to-day operations of the business. Second, the program must be designed to detect the red flags of identity theft identified by the business. Third, the program must set out the actions the business will take to detect red flags. Finally, because identity theft is an ever-changing threat, a business must re-evaluate its program periodically to reflect new risks from this crime.
The Card Issuer Rule requires credit and debit card issuers to implement reasonable policies and procedures to assess the validity of a change of address if it receives notification of a change of address for a consumer's debit or credit card account and, within a short period of time afterward, also receives a request for an additional or replacement card for the same account.
|Agency: Federal Trade Commission(FTC)||Priority: Substantive, Nonsignificant|
|RIN Status: Previously published in the Unified Agenda||Agenda Stage of Rulemaking: Prerule Stage|
|Major: Undetermined||Unfunded Mandates: No|
|CFR Citation: 16 CFR 681|
|Legal Authority: 15 U.S.C. 1681m(e) 15 U.S.C. 1681m(e)(4) 15 U.S.C. 1681c(h)|
|Regulatory Flexibility Analysis Required: Undetermined||Government Levels Affected: Local, State|
|Small Entities Affected: Businesses, Governmental Jurisdictions, Organizations||Federalism: No|
|Included in the Regulatory Plan: No|
|RIN Information URL: https://www.ftc.gov/news-events/press-releases/2018/12/ftc-seeks-comment-identity-theft-detection-rules|
|RIN Data Printed in the FR: No|
|Related RINs: Split from 3084-AA94|
Federal Trade Commission
600 Pennsylvania Avenue NW,
Washington, DC 20580