Hello Red Flaggers! I’m still getting some questions from our clients these days around the FTC enforcement extension. My concern is that there seems to be a perception that May 1, 2009 is the enforcement date for all of the guidelines in the Red Flags Rule. In reading through the recently released FTC Enforcement Policy (Identity Theft Red Flags Rule, 16 CFR, 681.2), it clearly states the following:
This delay in enforcement is limited to the Identity Theft Red Flags Rule (16 CFR
681.2), and does not extend to the rule regarding address discrepancies applicable to users of consumer reports (16 CFR 681.1), or to the rule regarding changes of address applicable to card issuers (16 CFR 681.3).
So, while you may be breathing a sigh of relief as far as the implementation of your overall Identity Theft Prevention Program is concerned, be advised that the May 1, 2009 extension does not cover the need to detect and/or respond to address discrepancies on consumer reports or during address changes on card accounts.
As previously mentioned in an earlier blog of mine (see Nov. 13 blog), responding to address discrepancies on consumer reports may be the biggest challenge for many of our clients, as (depending on market served) the percentage of consumer reports with an address discrepancy can number over 20 percent. This can create an operational burden from the perspective of cost, customer experience, and the ability to quickly book legitimate and profitable customers. Have a look at my previous blog on a risk based approach to address discrepancies for a refresher on this subject. Good luck!!