Identity Theft Fraud and the FTC’s “Red Flags Rule”
.jpg)
The author of this article describes the perils of identity theft fraud and the Federal Trade Commission’s Red Flags Rule.
Identity theft: there is a lot of talk about it nowadays; millions of Americans fall victim to it each year; we all hear the stories and news reports or know someone who has been victimized by identity theft.
It has been reported that the emotional impact of identity theft is similar to that suffered by victims of violent crimes, it traumatizes and leaves its victims feeling violated. Identity theft can destroy a person’s credit, ruin their good name, hurt their job prospects, cause stress in their lives and cost between 500 and 800 hours of work attempting to fix what the identity thief has destroyed.
IDENTITY THEFT
Identity theft is a serious crime, but do we really know what identity theft is? Or how someone can steal an identity? Identity theft occurs when someone uses another person’s personal information such as their name, Social Security number (“SSN”), or credit card number without permission to commit fraud for financial gain. Once an identity thief has someone’s personal information they can obtain loans and credit cards, apply for jobs, collect on income tax returns, buy cars or homes, receive medical attention, and more.
Identity thieves are part of a network of criminals who work in cell groups to infiltrate the job market to gain access to personal information. But there are also those who work alone, some who just happen upon an opportunity, and some who set out to accomplish a specific goal. Oftentimes the identity thief is someone who is known to the victim, it may be an employee, a caregiver, a friend or even a family member who is trusted with personal information.
Unlike our parents and our grandparents, we have all lost our personal identities to digital technology. We are no longer identified by our personalities, our generic makeup or our heritage. In today’s modern technological society we are all identified by numbers, numbers which have been assigned to us, numbers which we use on a daily basis to conduct business, make purchases and perform financial transactions. These identifying numbers are in the form of driver license numbers, Social Security numbers, account numbers, pin numbers, credit card numbers and so on.
Our identities are our most valued commodity today and thieves will stop at nothing to get this information in their hands, including:
• stealing information from employers;
• getting jobs in banks and government agencies;
• stealing mail out of mail boxes;
• going through garbage cans (also known as dumpster diving);
• email phishing;
• skimming;
• telemarketing;
• social media site hacking;
• ATM machine infiltration;
• pretexting, etc.
The buying and selling of personal information is big business today and thieves will do whatever is necessary in order to get credit card account numbers, or bank statement information, driver’s license numbers, Social Security numbers, dates of birth, passports, immigration cards, and signatures.
During a disturbing CNN report, which aired on November 19, 2010, Americans learned that in an effort to save money, prisons in many states were giving inmates jobs such as data entry, duplicating and scanning medical records and processing license and unemployment applications. All of which allowed them access to Social Security numbers. While this may save states money, it unnecessarily exposes scores of people to potential identity theft.
EFFORST TO COMBAT IDENTITY THEFT
In an effort to combat identity theft, on December 18, 2010, President Barack Obama signed the Social Security Number Protection Act of 2010 into law. The bill is aimed at reducing identity theft by limiting the government’s use of and access to Social Security numbers. The bill, which passed the House and Senate, does not allow prison inmates access to Social Security numbers and prohibits government agencies from printing Social Security numbers on checks.
On January 1, 2011, the Federal Trade Commission began enforcing its Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”) Red Flags Rule in order to protect consumers from identity theft. Identity fraud and related scams seem to be everywhere. According to a Federal Trade Commission survey, in the past 12 years or so, following the passage of the Identity Theft Assumption and Deterrence Act of 1998 as many as nine million Americans have their identities stolen each year. That’s roughly one person every four seconds of everyday.
The Red Flags Rule is a set of United States federal regulations that requires U.S. and foreign banks, credit unions, savings & loan associations, mortgage lenders, insurance companies and any other company that maintains transaction accounts belonging to consumers to create written programs to detect the warning signs or “red flags” of identity theft in their day-to-day operations to prevent identity theft. By identifying red flags in advance, businesses will be better equipped to spot suspicious patterns that may arise, and take steps to prevent a red flag from escalating into a costly episode of identity theft.
A transaction account is any consumer account that allows payment to be deferred or permits multiple payments. In other words any business that provides goods or services to consumers and then bills for those goods or services afterwards.
The criteria for implementing the Red Flags Rule includes writing identity theft protection programs which must be implemented and designed to detect the warning signs or “red flags” of identity theft in their day to day operations, this includes training staff members to recognize the early warning signs of identity theft so that action can be taken immediately to stop the activity.
Indications of possible identity theft include:
• documents provided for identification purposes which appear altered or forged;
• a photograph or physical description on identification provided is not consistent with the person standing in front of them;
• an application appears to have been altered; and
• a signature is not consistent with information on file.
To implement the Red Flags Rule program into a business a written policy must be in place which educates employees not only on the rules but also the impact to the organization. Every employee must be able to read, understand, indentify, detect and be prepared to act on the Red Flags Rule. Every organization should perform a risk assessment with clear and complete criteria on how different areas of the operation are assessed.
DESIGNING A RED FLAG PROGRAM
Designing the written program involves four basic steps:
Step 1 — Identifying Relevant Red Flags
Develop and implement a written identity theft prevention program designed to detect, prevent and deter identity theft in new accounts as well as existing accounts. Example: If your company checks photo IDs, a classic red flag is if the picture on the ID is askew or lifted at one corner
Step 2 — Detecting Red Flags
Include policies and procedures that explain how your business or organization will detect the red flags you’ve identified. Example: If you have identified false ID’s as a red flag, your staff must be trained to look carefully at ID’s to see if everything looks in order.
Step 3 — Responding to Red Flags
Decide how your company will respond to red flags. Example: You’ve identified the risk of fake ID’s as a warning sign of identity theft; one of your employees detects an inconsistency, what is the next step? You may want to ask for another form of identification or you may not want to provide that person with the goods or services they are trying to acquire until the matter has been resolved.
Step 4 — Administering the Program
Document how you will administer your program and assign specific responsibility for implementation. This should include getting the approval of your board of directors, and/or the supervision of senior management. Designate a senior employee to administer the program. Describe how to train the employees and how the company will supervise service providers if they are utilized. Describe how the program will be updated.
The Red Flags Rule should be taken very seriously. If a business, even a small business, does not comply with the Red Flags Rule fines for non-compliance are severe, beginning at $1,000 for the first offense and going upward from there.
Other agencies that have had a hand in the making of the Red Flags Rule include:
• The Office of Comptroller of Currency;
• The Federal Reserve Bank;
• The Office of Thrift Supervision;
• The Federal Deposit Insurance Corporation; and
• The National Credit Union Administration.
These agencies have jointly issued final rules and guidelines implementing Sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003, known as FACTA.
THE INTERNET
The Internet has changed how we conduct business today, opening up markets, and connecting our society like never before. But it has also led to new challenges, like online identity theft. A secure cyberspace is critical to our prosperity. On April 20, 2011, President Barack Obama called for Secure Online-Identity Systems and he has unveiled an ambitious proposal urging the private sector to create a trusted identity system to boost consumer security in cyberspace.
Today, most businesses use the Internet to increase productivity, as a platform for innovation, as well as a venue in which to create new businesses. Our digital infrastructure, therefore, is a strategic national asset, and protecting it is a national security priority and an economic necessity. President Obama’s Cyberspace Policy Review establishes trusted identities as a cornerstone of improved cyber security.
COMMOM FORMS OF IDENTITY THEFT
Some of the more common forms of identity theft include:
• Financial Identity Theft. This occurs when someone uses another person’s identity to gain access to checking and savings accounts or to open up credit card accounts.
• Criminal Identity Theft. This occurs when an imposter gives another person’s name and personal information such as a drivers’ license, date of birth, or Social Security number to a law enforcement officer during an investigation or arrest.
• Cloning Identity Theft. This may be the most serious form of identity theft. Instead of stealing someone’s personal information for financial gain or committing crimes, identity clones take over a person’s entire life by actually living and working as that person. Identity cloning is the act of an imposter literally assuming another person’s life in a different location.
• Business Identity Theft, also known as corporate or commercial identity theft, is essentially the crime of hijacking a business’s identity and using that identity to transact business, establish lines of credit with banks and/or vendors.
PREVENTING IDENTITY THEFT
While there is no 100 percent foolproof way to avoid being victimized, there are measures everyone can take to avoid identity theft.
Personal
When ordering personal checks list only the first initial and last name.
• Rent a Post Office box and list the box number on checks.
• Sign the back of credit cards, and write “Photo ID required.”
• Be aware that the strip on the back of any type of card carries encoded personal information, and any identity thief with a decoder can get at the personal information.
• Do not turn in hotel key cards to the front desk upon checking out, take them home and shred them, they also contain personal information.
Business
Business owners can also take steps to prevent identity theft, such as:
• keeping employee personnel records in locked cabinets;
• performing background checks on potential new hires; and
• shred, shred, shred. Any document containing personal information should be shredded as soon as the document is no longer needed (i.e. employment applications for persons not hired).
Eleanor Spring, the founder of SpringAction Fraud Elimination, is engaged by accountants, attorneys, business owners and consumers in fraud and identity theft situations, for investigation, data examination, interviewing of witnesses and suspects, and litigation support. She may be contacted at eleanor@springactionfraud.com.
