Wow, it’s hard to believe that 6 months has gone by since non-banking related creditors and some credit unions got a reprieve from the Nov 1 Red Flag Regulation deadline. Now the question is – are you ready? I’m betting there are still a few companies that must comply that are still confused and think it doesn’t apply to them. I read a great article from BankInfoSecurity which does a good job of explaining who needs to comply:
Broder says the covered entities, no matter what their size, must design and implement a written identity theft prevention program. The rule is not based on what kind of information a business collects, but whether it is a financial institution or a creditor. “A creditor is broadly described as anyone who defers payment on a debt, or anyone who defers payment on goods or services,” Broder says.
Under the ID Theft Red Flags Rule a creditor is:
- Any entity that regularly extends, renews or continues credit;
- Any entity that regularly arranges for the extension, renewal or continuation of credit;
- Any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.
Accepting credit cards as a form of payment does not in and of itself make an entity a creditor. But creditors do include:
- Finance companies;
- Automobile dealers;
- Mortgage brokers;
- Utilities;
- Telecommunications companies.
Even healthcare providers who defer payment (provide credit) for patients also fall under the creditor status, according to the rule. Any interaction where a consumer is not paying up front would make the business a creditor. “So in the healthcare context, even where a consumer offers insurance (that would normally cover the bill), if the patient is still ultimately responsible for medical fees not covered by insurance, then that hospital or doctor’s office would be considered a creditor,” Broder says.
Where non-profit and government entities defer payment for goods or services, they, too, are considered creditors. Most creditors, except for those regulated by the federal bank regulatory agencies and the National Credit Union Administration (NCUA), fall under the FTC’s jurisdiction.
The article also points out that the FTC has set up a dedicated website on ID Theft Red Flags which includes a how to guide which at quick glance looks very helpful. And you can you can still get our guide to see how identity verification plays an important role.
If you’ve been procrastinating or only just realized you need to be compliant, don’t fret. The good news is we can help you be ready in time.
