Unlike most any other crime, identity theft is total crime. It goes beyond the mere taking of objects and even beyond the victim himself. When identity thieves strike, running up credit cards or draining bank accounts, they often leave a swath of damage that can even endanger medical treatment. And when the smoke clears, businesses suffer just as much from unpaid bills.
In 2001 the federal government enacted the “Red Flags Rule,” which requires financial businesses and organizations to implement a written identity theft prevention program designed to detect the warning signs of identity theft in day-to-day operations. The rules require these businesses to head off the crime by identifying suspicious patterns.
The Federal Trade Commission has been in charge of enforcing compliance with Red Flags Rules since May 1. To help financial institutions understand their responsibilities, Edward Clemente, compliance officer for Amboy National Bank in Old Bridge, will present “Red Flags and Identity Theft” as part of the NJ Bankers’ “Bank Security and Law Enforcement Doubleheader” on Monday, July 27, at 2 p.m. at Waterfront Park in Trenton. The event features a series of workshops, followed by a networking dinner, and is capped with a Trenton Thunder baseball game at 7:05 p.m. Price: $109. Visit www.njbankers.org.
Clemente will be joined by Glassboro Police Sergeant Edward Alicea, an former U.S. Marine and D.A.R.E. officer in Glassboro who is an expert on gang-related crime. Alicea will present “Gangs and Financial Crime” to kick off the event, detailing the methods gangs use to funnel money through a network of phony store fronts, bogus accounts, and unsuspecting victims.
A detailed look at how gangs move money, predominantly through the drug trade, can be found at www.suntimes.com/special_sections/crime/37609,cst-nws-mobmoney25.article.
Clemente will follow Alicea, and will be followed by Darrin Czellecz, a U.S. Secret Service agent who will present “ID Theft, Counterfeits, and Presidential Protection.” The workshops conclude with “Bank Robbery Trends,” by FBI agent Joseph Furey.
Clemente’s presentation will provide an overview of the Red Flags Rules, which, according to the FTC, include four basic elements:
1.) Any red flags program must include policies and procedures to identify the warning signs that you might run across in the day-to-day operation of your business. It could be as easy as a phony-looking ID, or a driver’s license that does not quite match the person presenting it when he tries to open an account or make a withdrawal.
2.) A program must be designed to detect the red flags you have identified. If, for example, you have identified fake IDs as a red flag, you must have procedures in place to detect possible fake, forged, or altered documents, spelling out the characteristics and tamper evidence of fakes.
3.) You must spell out appropriate actions you will take when you detect red flags.
4.) You must re-evaluate. As much as we might like to think otherwise, crooks are not all stupid. The methods crooks have to get your information and the ways they can use it to their advantage are always changing. The FTC demands that institutions re-evaluate their programs periodically to reflect new risks from this crime.
The Red Flags Rule and data security. Data security — by way of encryption, backups, and destruction of sensitive information — is the front line of identity theft. The FTC recommends protecting what you have a legitimate business reason to keep and securely disposing of what you do not.
But thieves are resourceful. Organized criminals worldwide, in fact, are investing billions in high-technology designed not just to hide their transactions but penetrate legitimate security systems and siphon out information. On the other hand, just being careless with electronic or physical data can be an easy invitation to a crook.
Once thieves have information they run up huge bills that neither they nor their individual victims will pay, and you as a business are left with bills you cannot collect.
Are you sure you don’t have to comply? The Red Flags Rule applies to financial institutions and creditors, but those terms apply to groups that might not typically use those words to describe themselves. For example, many non-profit groups and government agencies are considered creditors.
The determination isn’t based on your industry or sector, but rather on whether your activities fall within the relevant definitions.
Financial institutions are straightforward — bank, a loan association, a credit union. Any entity that, directly or indirectly, holds a transaction account belonging to a consumer. “Creditor,” on the other hand, is a broad term. The definition includes “businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later.”
Utility companies, health care providers, and telecommunications companies are among the entities that may fall within this definition, depending on how and when they collect payment for their services, according to the FTC.
Red Flags also defines a creditor as one who regularly grants or arranges loans — finance companies, mortgage brokers, real estate agents, automobile dealers, and retailers that offer financing or help consumers get financing from others, say, by processing credit applications.
The definition also counts anyone who regularly participates in the decision to extend, renew, or continue credit, such as a third-party debt collector who regularly renegotiates the terms of a debt. If you regularly extend credit to other businesses, you also are covered under this definition and must comply with Red Flags.
The rule do not necessarily apply, however, to restaurants or retail outlets that accept credit cards.
Covered accounts. Covered accounts refer to consumer accounts you offer your customers for primarily personal, family, or household purposes — credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts.
Accepting credit cards as a form of payment does not make you a creditor but if you offer your own credit card, arrange credit for customers, or extend credit by billing later, you are a creditor under the law.
The second kind of covered account is one that foresees any reasonable risk to the borrower’s or the lender’s financial health — small business accounts, sole proprietorship accounts, or single transaction consumer accounts that may be vulnerable to identity theft.
When you find trouble. The FTC sets out several guidelines for action when you find suspicious information or activity. You should monitor account activity, contact the customer, change passwords, close existing accounts, and, of course, notify law enforcement.