Definition

Red Flags Rule (RFR)

The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.

Any creditor or financial institution that allows covered accounts must implement a program for Red Flags Rule. For the purposes of the regulations:

    • A covered account is any consumer account that allows payment to be deferred, permits multiple payments or poses a reasonably foreseeable risk to consumers or businesses from identity theft.

    • A creditor is any business or organization that regularly provides goods or services and bill customers later.

    • A financial institution is any business or organization that, directly or indirectly, holds a transaction account belonging to a consumer.

RFR requires that written plans be specifically tailored to the size, nature and complexity of the applicable business and consider both trends in the marketplace and any historical experiences dealing with identity theft.

Documentation must address these four criteria:

    1. What patterns, practices, or specific activities the business or organization will identify as red flags indicating potential identity theft.

    2. How the business or organization intends to detect the red flags they have identified.

    3. How the business or organization will respond to the detection of a red flag they have identified.

    4. How the business or organization intends to evaluate the success of their program and and maintain it in the future.

Each plan must be formally authorized and adopted by the entity's governing body or senior management. The plan must state who is responsible for implementing and administering it. It must also address how the business or organization will train their staff, audit compliance and generate annual assessment reports.

The regulations, which were developed by the United States Federal Trade Commission, along with the Office of the Comptroller of the Currency (OCC), FDIC, Federal Reserve and several other federal agencies, fall under the Fair and Accurate Credit Transaction Act of 2003 (FACT Act). In the event of an RFR violation, the regulations state that the FTC may commence a civil action and seek pecuniary penalties not to exceed $2,500 per infraction. Failure to comply with Red Flag Rules can also serve as the basis for private civil and/or class action lawsuits.

Creditors and financial institutions that allow covered accounts must be in compliance with Red Flags Rule by June 1, 2010.

This was last updated in November 2009
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchFinancialSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: