Financial institutions and creditors can suggest changes to two federal rules designed to help companies spot identity theft to the Federal Trade Commission over the next two months.

The FTC is seeking input on whether it should update its Red Flags Rule. It requires financial institutions and some creditors to create written identity theft prevention programs that detect “red flags” of identity theft connected to covered accounts. It also requires them to take steps to prevent and mitigate the effects.

The agency also wants comment on the Card Issuers Rule, which requires debit and credit card issuers to have policies to examine the validity of change-of-address requests when they’re followed by requests for additional cards for the account. Hackers and ID thieves often steal credit card information to open new accounts in victims’ names and make large purchases.

The agency will accept comments on both rules until Feb. 11, 2019.

Identity theft was the third biggest category of consumer complaints made to the FTC in the first three quarters of 2018, and the second biggest topic in 2017, the FTC said.

The agency wants comment on the rules’ economic impact and benefits, how they’re affected by technology and economic changes in the finance and credit industries, and how they may conflict with state or other federal rules or laws.