Fearsome New FACTA Red Flags Rules Will Impact Small Business

Okay, life wasn’t tough enough, right? Now, starting November 1, 2009 (Important Note: See our updated story “Help for FACTA Red Flags Compliance), millions of small businesses that extend credit or defer payments for goods and services will be subject to a new set of rules under the Fair and Accurate Transaction Act aimed at helping curb identify theft.  The new rules — known as the FACTA Red redflagshotline-buttonFlags Rules — are basically federally-mandated precautions certain businesses must  take to protect customers from identity theft crimes. (Don’t worry…I’ll give you key links to further FACTA details and compliance solutions below!)

Never heard of FACTA? Join the club.  Legions of small businesses that will now be covered — including auto dealers, jewelers, furniture companies, mortgage brokers, doctors, dentists and many others — are still unaware of this looming regulatory issue.  Business owners who are aware are most likely confused about what they’ll have to do.  And forget about an extension.  The Federal Trade Commission (FTC), the enforcing agency, already stretched the compliance deadline, originally set for last November.

The coming FACTA Red Flags Rules require covered businesses to create a process for detecting so-called “Red Flags” in identity verification, such as:

  • discrepancies in address history
  • fraud alerts on credit reports
  • suspicious use of Social Security numbers
  • inactive accounts that suddenly become active
  • credit-freeze notifications
  • credit reports with suspicious activity patterns
  • notices from identity theft victims or law agencies, among others.

Meanwhile, FACTA fear has spawned a cottage industry of compliance vendors focused on helping companies find out who’s covered and what the business must do to comply. They’re also offering helpful tools and training, along with web-based compliance solutions. One such firm is Microbilt, a leading provider of risk management information to small and medium businesses. Microbilt has created a special FACTA Red Flags Center website, which features compliance information and a Red Flags Hotline that lets you submit specific questions by email.  Microbilt even hired Internet comedian GoRemy to produce a humorous video about FACTA Red Flags, which you can see at Microbilt, or on YouTube.

A few other firms offering Red Flags compliance help, information and training include NXG Strategies (check out their free webinar), Compliance Pal and Credit Technologies, Inc., among others.

Business.com Media Inc

Business.com Media Inc

Business.com editorial staff provides tips and advice relevant to the small to medium-sized business (SMB) executives. Posts cover top tips, studies, how-tos, and best practices.

View Comments

7 Responses to Fearsome New FACTA Red Flags Rules Will Impact Small Business

  1. Chris O. says:


    Interesting, so what’s the new compliance deadline?

    This is insightful. I think the small business community would appreciate it if you stopped by the blog a shared a little bit of your expertise.


    Chris O.
    Referral Key
    “Your Trusted Referral Network”

  2. Chris O. says:


    Interesting, so what’s the new compliance deadline? This is insightful. I think the small business community would appreciate it if you stopped by the blog and shared a little bit of your expertise.


    Chris O.
    Referral Key
    “Your Trusted Referral Network”

  3. Sharon Larry says:

    I am a Certified Identity Theft Risk Specialist and have been sharing with companies for the last 5 years that this was coming. Most companies are still unaware of this new legislation and what non-compliance could mean for their business, customers, patients, students, employees and vendors. We are seeing new laws enacted to deal with the threat of identity theft from all levels of government (local, state and federal). Identity theft is affecting consumers in areas other than their bank and credit accounts creating damage that put lives at risk. One of these area of major concern is Medical identity theft It has prompted the expansion of certain laws to industries that were not part of the initial FACTA legislation; like doctors and dentists. The majority of companies still appear to be naive about the effects of a data loss and the subsequent use of that information for identity fraud. Unfortunately, we might see with identity theft regulations what we saw with asbestos regulations . . . litigation abound and then magically everybody becomes more conscious of doing the right thing. Here’s a hardy thank you to every company, organization or association that has taken the time to put an identity theft prevention program in place to protect their futures and that of people that they ask for their private non-public information!!!

  4. Karla D says:

    I have a question – I understand the red flag components of this legislation – What though, is required of employers for safeguarding and disposing of employee and/or applicant information. I can’t find a reference to those provisions althought I have been told they aslo go into effect on May 1. Having a policy in place and a procedure – what else??

  5. Karen U. says:


    The deadline for having a Red Flags program in place has been pushed back until August 1st.

  6. On Nov. 1, virtually every business nationwide will be required to comply with the Red Flags Rule, another piece of legislation designed to control identity theft by changing how businesses handle sensitive information of their customers and their employees. Most states have privacy laws in addition to federal privacy and informational security laws, yet many businesses fail to comply because few are aware the laws exist on privacy compliance, and best practices are required.
    It is estimated that more than half of all businesses and most small enterprises are at significant financial risk if they lose consumer or employee information. Compliance with federal and state laws as well as having documented best practices goes a long way to reducing liabilities and risk.
    The Identity Theft Education Center has posted a free online class for business owners to understand the law, their new responsibility and liability, and the most cost effective methods to lower their liability , comply with the law and better protect the information it collects on its clients and customers. The online presentation is conducted by KJ Anderson III, CITRMS (www.kj3rd.com ) and can be found at http://www.factalaw.com .

  7. Walden says:

    Success isn’t permanent, and failure isn’t fatal.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>