My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.


Q&A: New Fraud and Identity Theft Rules

Are your customers safe from online scamsters? How to comply with the FTC's new 'Red Flags' program.
2 min read
Brought to you by Business on Main

Q: I recently learned about the Federal Trade Commission's Red Flags Rule, requiring businesses to plan a response to identity theft and fraud. My business has an online store, so does this apply to me? What steps do I need to take to become compliant?

A: Whether you're subject to the Red Flags Rule depends largely on how you get paid. If your customers simply charge purchases to a bank credit card, you're probably exempt. If you offer your own credit card, or sell first and collect payment later, you probably need to comply.

The rule took effect at the end of last year. It requires financial institutions and certain "creditors" to implement a written program for detecting and dealing with warning signs, or "red flags," that can indicate someone is trying to commit identify theft. Examples include an alert from a consumer reporting agency, or the presentation of suspect identification documents.

If you're covered under the rule, your Red Flags Rule program must do four things:

  1. Identify red flags relevant to your business or industry.
  2. Spell out procedures for detecting those red flags.
  3. Detail how you will respond to a red flag. (Who will you notify, what will you tell them?)
  4. Provide for regular updates to your procedures and the education of your staff.

Physicians, attorneys, accountants and many other professionals and service providers are exempt from the rule under the Red Flag Program Clarification Act of 2010. Other businesses qualify as creditors if they maintain consumer accounts that permit multiple payments or transactions and offer the potential for identity theft, and they (a) obtain or use consumer credit reports in connection with credit transactions, (b) furnish information to consumer reporting agencies in connection with credit transactions, or (c) advance funds to or on behalf of someone else -- unless the funds relate to providing of a service.

The FTC has information about the Red Flags Rule on its website here. Although it was published prior to the Clarification Act, this FTC how-to guide also offers helpful compliance advice. Failure to comply could result in FTC penalties of up to $3,500 for each customer account you maintain.

More from Entrepreneur

Learn to be a better leader and develop successful marketing and branding strategies with Dr. Patti Fletcher's help.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Create your business plan in half the time with twice the impact using Entrepreneur's BIZ PLANNING PLUS powered by LivePlan. Try risk free for 60 days.

Latest on Entrepreneur