The Federal Trade Commission announced "red flags rules" last week that require financial institutions and creditors to develop and adopt written identity theft prevention programs by Nov. 1.

The rules, under the Fair and Accurate Credit Transactions Act of 2003, require companies to document the systems they use to monitor warning signs — or "red flags" — of identity theft.

These may include unusual account activity, fraud alerts on a consumer report, or attempted use of suspect account application documents, the commission said.

Lydia Parnes, the director of the FTC's consumer protection bureau, said in a press release, "We encourage all organizations that have ongoing accounts or relationships with consumers to keep an eye out for red flags that signal identity theft."

The San Diego consulting firm Compliance Coach Inc. estimated that the rules would affect more than 2 million companies, including automobile dealerships, utilities, landlords and property managers, elective surgeons, jewelry and retail outlets, and any other business that pulls consumer credit reports.