As previously reported, the FTC extended the deadline for compliance with the Fair and Accurate Credit Transactions Act (FACTA) Identity Theft “Red Flag” Rules from November 2008 to May 1, 2009. The Red Flag rules require financial institutions and creditors with consumer accounts and other accounts “for which there is a reasonably foreseeable risk of identity theft” to develop and implement written identity theft prevention programs incorporating policies and procedures targeted at reducing identity theft in connection with opening and maintaining such accounts.
As part of its campaign to reduce identity theft, the FTC more recently issued a report recommending several measures to specifically prevent use of social security numbers for identify theft. A key recommendation of the report is that Congress consider adopting national standards strengthening required procedures for private-sector organizations to use in authenticating their customers’ identities. Currently, only financial institutions regulated by the banking agencies are subject to nationwide authentication standards, and the report recommends that Congress consider establishing similar standards to cover all private-sector entities that maintain consumer accounts. Such standards would require organizations to adopt reasonable procedures for authenticating customers, but also would allow them to adopt a program compatible with their size and the nature of their business.