Barring further delays, beginning Nov. 1 all financial institutions and any company that extends credit to customers, even in the form of multiple-month payment plans, will be required to establish centralized anti-fraud procedures and systems under the Federal Trade Commission's new Red Flags Rule.

Facing a growing wave of identity theft, the FTC wants companies to pay more attention to establishing the identity of customers and credit recipients, and to put in place a system to flag theft attempts early. “Identity theft has been the No. 1 consumer complaint at the FTC for years now,” says Manas Mohapatra, an attorney with the agency's division of privacy and identity protection.

But attorneys specializing in business law warn that the new regulations could surprise many companies that have never viewed themselves as creditors. Mohapatra notes that even sending customers bills for payment in 30 days for a product or service could be construed as extending credit.