Group of professionals discuss finance

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Banking and Finance Law Daily, December 4, 2018

FTC reviewing Identity Theft Red Flags Rule, Card Issuers Rule

By Lisa M. Goolik, J.D.

As a part of its "systematic review" of all current regulations and guidelines, the Federal Trade Commission is seeking comment on whether it should revise its Red Flags Rule or its Card Issuers Rule. The rules are intended to prevent identity theft, which the FTC reports was the second biggest category of consumer complaints made to the FTC in 2017. Comments on the two rules are due Feb. 11, 2019.

Identity theft rules. The FTC’s Red Flags Rule requires businesses and organizations with covered accounts to implement a written identity theft prevention program designed to detect the "red flags" of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage.

The Card Issuers Rule requires issuers to adopt procedures to assess the validity of a change of address request if, within a short period of time after receiving the request, the issuer receives a request for an additional or replacement card for the same account. The rule bars a card issuer from issuing an additional or replacement card until it has notified the cardholder about the request or otherwise assessed the validity of the address change.

Cost, benefit analysis. The FTC is seeking information about the costs and benefits of identity theft rules and guidelines, as well as their regulatory and economic impact. According to the FTC, the feedback received will assist the Commission in identifying those rules and guides that warrant modification or rescission. The questions on which the FTC is seeking comment include:

  • Is there a continuing need for the specific provisions of the rules?
  • What benefits have the rules provided to consumers?
  • What significant costs, if any, have the rules imposed on consumers?
  • What significant costs, if any, have the rules imposed on businesses, including small businesses?
  • Are there any types of creditors that are not currently covered by the Red Flags Rule but should be, because they offer or maintain accounts that could be at risk of identity theft?
  • Do the rules overlap or conflict with other federal, state, or local laws or regulations?

Comments. Comments may be submitted online, by mail, or hand delivered. To submit by mail, write "Identity Theft Rules, 16 CFR Part 681, Project No. 188402" on the comments and envelope and mail to: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW, Suite CC-5610 (Annex B), Washington, D.C. 20580. Deliver comments in person to Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th Street SW, 5th Floor, Suite 5610 (Annex B), Washington, D.C. 20024.

MainStory: TopStory ConsumerCredit CyberPrivacyFeed IdentityTheft Privacy

Back to Top

Banking and Finance Law Daily

Introducing Wolters Kluwer Banking and Finance Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.


A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.