FTC's red flag rules cast wide identity theft net
Today's corporations face an almost endless list of rules and regulations with which they must comply: HIPAA , Sarbanes-Oxley and the recently updated Federal Rules of Civil Procedure (FRCP) are just some of the laws that businesses are already under the gun to comply with them. Now on November 1, 2008, the Federal Trade Commission (FTC) Red Flag Rules, which were passed in 2003, will take effect, and while these rules have received scant attention outside of the financial industry, the new regulations have a loophole in it that makes more businesses subject to it than may realize.
The FTC Red Flag Rules are primarily targeted at financial institutions that maintain large amounts of sensitive consumer information such as social security and bank account numbers. This information is used by identity thieves who, if they can obtain it through methods as phishing attacks, use it to open new consumer accounts or misuse existing ones.
The Red Flag Rules are designed to counteract these phishing attacks. They require financial institutions to implement a program to detect, prevent and mitigate instances of identity theft. This is the good news and long overdue.
The disconcerting component of these rules for businesses is they define a "creditor" as any entity that regularly extends, renews or continues credit. It explicitly lists automobile companies, mortgage brokers and utility companies as being subject to this law, so in essence anyone that extends credit to consumers now comes under the FTC's purview.
With penalties at the federal and state level, an open-ended FTC definition of "creditor" and class action suits a distinct possibility; it behooves all companies to figure out where they stand in regards to these rules and then take action accordingly. And though there is a cost to comply, the cost on noncompliance is potentially unlimited.
Jerome Wendt is the president and lead analyst at DCIG Inc. You may read his blogs at www.dciginc.com
(DCIG Analyst Howard Haile contributed to this column.)
» posted by ITworld staff
Computerworld
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
