Identity Theft and Your Business
Mark this date on your calendar:
December 1, 2010
The FTC has extended the deadline for companies/businesses to be compliant until May 1, 2009. Not all government agencies that evaluate compliance have changed their guidelines from November 1 2008 as yet.
The FTC is mandating that ALL BUSINESSES become compliant with portions of the FACTA legislation as directed under the "Red Flags Rule" that was instituted in November of 2007. The complete 256 page Red Flags Rule can be found here: http://www.ftc.gov/os/2007/10/r611019redflagsfrn.pdf. To provide a brief summary of the Red Flag Rule, an extension of the FACTA & Final Disposal Rule legislation:
The final rules requires each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement a written Identity Theft Prevention Program for combating identity theft in connection with the opening of new accounts and the maintenance of existing accounts. The Program must include reasonable policies and procedures fordetecting, preventing, and mitigating identity theft of its customers.....
The FTC further identifies what a Financial Institution with some key definitions under the Red Flags Rule include:
"Account" - .... "a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes." Account specifically includes: "(i) An extension of credit, such as the purchase of property or services involving a deferred payment; and (ii) A deposit account."
"Covered Account" - ...... "(i) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account;
"Creditor" - ..... a person who arranges for the extension, renewal, or continuation of credit, which in some cases could also include third-party debt collectors. As outlined in the final rule, "creditor" specifically includes, but is not limited to, lenders such as banks, finance companies, automobile dealers, and mortgage brokers, and creditors such as utility companies, telecommunications, and cellular /wireless companies.
"Customer" - Under the Red Flags Rule, "customer" (and "account holder") means a person that has a covered account with a financial institution or creditor
"Red Flag" - Under the Red Flags Rule, "red flag" means: "a pattern, practice, or specific activity that indicates the possible existence of identity theft."
(The issuance of the final rule of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 rule implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003, an amendment to the Fair Credit Reporting Act. The purpose of the Rule is to attempt to minimize incidents of Identity Theft and fraud....)
FTC video on the Red Flag’s Rule
Essentially, if you provide direct deposit for your employees, take credit cards or provide installment payment plans for your clients/customers, the FTC considers your business as functioning as a financial institution and are obligated to comply with these laws.
Identity Theft will eventually develop into epidemic proportions. The FTC is instituting these laws to provide protection of Non-Public Information (NPI). If a company does not institute policies to protect NPI, the fines associated with the loss of this information are placed against each piece of information that has been compromised.
Betsy Broder of the FTC states:
“. . . all business should look to that law for guidance on how to protect consumer data. At a basic level, she says, that means businesses need to have a plan in writing describing how customer data is to be secured and an officer on staff responsible for implementing that plan."
Further stating:
"We’re not looking for a perfect system", Broder says. ‘But we need to see that you’ve taken reasonable steps to protect your customers’ information.’” (Stolen Lives, ABA Journal 2006)
I will provide qualified people to come into your company with an approved policy (or ask your attorneys to write a policy). I will see that you receive the necessary Identity Theft education for your company and your employees at NO COST to your company. Identity Theft is not going to just go away and there is no 'silver bullet' that will prevent or stop Identity Theft. As the owner or CEO of your company, putting these policies in place are essential before the loss of NPI affects your business and could potentially close your doors. The FTC states that 50% of all Identity Theft is caused by employees (Sturgis Journal, 2006). You can have all the best in technology to thwart Identity Theft, although, if you do not have educated employees, all that money and effort has gone for naught. Let me provide the necessary information for you to make an educated decision on the best way to protect NPI within your company, employees and your clients.
Call - Andy Besser, CITRMS
Group Benefits - How they will benefit your company
Protecting the efficiency and productivity of your company are two of the main priorities of any successful business. Ensuring a stable and devoted employee workforce is at the heart of every business that has an eye for the future. Attracting the employees to your company that will enable you to fulfill your mission statement can be largely achieved through providing an attractive benefit package.
Health Benefits, Retirement Benefits, Day-Care Benefits along with vacation and sick time are but a few of the benefits your employees are evaluating. With the increase of crime in America, especially Identity Theft, business owners cannot afford the time-off (50-500 hours per employee ftc.gov) employees need to use to restore their identities not to mention the mental distraction and embarrassment which may cause on-the-job injuries or flaws in production. This just adds to the headaches and worries of establishing a foot-hold in the marketplace. You help ease the worry your employees experience through showing your support of providing an Identity Theft Protection Benefit.
There is No Cost to your company to provide these benefits. Some companies fringe all or part of these benefits to their employees.
Of the Identity Theft's in 2005, 76% had criminal charges attached to them. This means not only has someone stolen their identity but they also committed a crime with their identity which will now be on the victim's record, a nightmare!! If your identity is stolen, you WILL need an attorney.
