What your bank or other credit organizations should be doing to implement tough new measures -- known as "red flag rules" -- against identity theft: Internet ScamBusters #313
Today we cover a topic most people have probably never heard of that is important for protecting your identity: the "red flag rules."
Red flag rules are a set of regulations that firms who handle your money were originally supposed to have in place by November 1, 2008, as part of a crackdown on identity theft.
But many didn't make the deadline, and the recent banking crisis has overshadowed the struggle to get these vital new measures in place.
The Federal Trade Commission (FTC) decided to suspend enforcement of the new "Red Flag Rules" until May 1, 2009, to give creditors and financial institutions additional time to develop and implement written identity theft prevention programs.
In this article, we explain how the red flag rules work and what your bank or other lender should be doing to protect you.
Although this issue is geared towards our US subscribers, we believe our international subscribers should ask similar questions of their financial institutions.
Let's check out today's main topic...
Identity Theft: Is Your Lender Complying With the New Red Flag Rules?
While they've been dealing with all the woes of the current financial crisis, America's banks and other institutions that provide credit have been grappling with another tough but lesser-known issue that affects us all -- the "red flag rules."
Never heard of them? Nor, it seems, have some of the organizations that are supposed to put them in place.
The red flag rules are a set of regulations that were originally set to come into force at the beginning of November as part of a bold, new crusade against the nation's biggest fraud -- identity theft.
And while its effects may not quite be on the scale of the banking disaster that has sent the economy into a tailspin, 9 million of us do fall victim to ID theft every year -- and that number is growing.
Five years ago, the Federal Government introduced the Fair and Accurate Credit Transactions (FACT) Act. As part of that, the red flag rules became law at the beginning of 2008, with a requirement that all "creditors" -- banks and other companies that give credit -- implement them by November 1.
At the beginning of November, the FTC decided to suspend enforcement of the new "Red Flag Rules" until May 1, 2009, but we thought it's important you should know what's coming.
So why is this important to you?
Because you should make it part of your own personal security to check if your bank or other credit-giver is complying. If they are, maybe you can feel just that little bit safer from the clutches of ID thieves. If they don't, you should want to know why.
Basically, the red flag rules say these creditors must have the following:
- A written program of safeguards and checks they will use to flag up potential identity thefts.
- Written procedures for how they will do these checks and deal with instances of the crime.
- Support and approval of the program at the highest level -- the board of directors.
- A system in place for continuously monitoring the development of the crime and updating their programs for dealing with it.
- Appropriate training for all staff who may be in a position to spot the crime and deal with it.
Now, you may think that many institutions already have measures in place to cut the risk of ID theft but that's not enough. The red flag rules demand the measures are actually written down -- and followed.
They not only define and formalize the way lenders must behave but the rules also extend to other organizations besides banks.
For example, utility companies, health care providers and even car dealerships are all involved with providing services or products that are effectively on credit -- in that we may pay for them in installments.
Every single one of them -- and there may be as many as two million affected organizations -- must comply with the regulations.
The Federal Trade Commission (FTC), which is responsible for overseeing implementation provides 26 examples of red flags -- situations that should trigger an alert and prompt the vetting measures in the written programs.
Some of them are rather obvious, but these are the events that are supposed to put lenders on guard:
- A fraud alert is included with a consumer report they've requested on an individual.
- Notice of a credit freeze is received in response to a request for a consumer report.
- A consumer reporting agency indicates an address discrepancy.
- Unusual credit activity, such as an increased number of accounts, is noticed.
- Documents provided for identification appear altered or forged.
- Photograph on an ID is inconsistent with the appearance of the customer.
- Information on an ID is inconsistent with information provided by a person opening an account.
- Information on ID, such as signature, is inconsistent with information on file at the financial institution.
- The application appears forged, altered, or destroyed and reassembled.
- Information on an ID does not match any address in the consumer report, Social Security number has not been issued or appears on the Social Security Administration's Death Master File, a file of information associated with Social Security numbers of those who are deceased.
- There's a lack of correlation between the individual's Social Security number range and their date of birth.
- Personal identifying information is associated with known fraud activity.
- Suspicious addresses are supplied, such as a mail drop or prison, or phone numbers associated with pagers or an answering service.
- The Social Security number that was provided matches that submitted by another person opening an account or other customers.
- An address or phone number matches that supplied by a large number of applicants.
- The person opening the account is unable to supply identifying information in response to notification that the application is incomplete.
- Personal information is inconsistent with information already on file at financial institution or creditor.
- A person opening an account or a customer is unable to correctly answer challenge questions.
- Shortly after a change of address, the creditor receives a request for additional users of an account.
- Most of available credit is used for cash advances, jewelry or electronics, plus the customer fails to make the first payment.
- A drastic change in payment patterns, use of available credit or spending patterns occur.
- An account that has been inactive for a lengthy time suddenly exhibits unusual activity.
- Mail sent to a customer is repeatedly returned as undeliverable, despite ongoing transactions on an active account.
- The financial institution or creditor is notified that the customer is not receiving paper account statements.
- The financial institution or creditor is notified of unauthorized charges or transactions on a customer's account.
- The financial institution or creditor is notified that it has opened a fraudulent account for a person engaged in identity theft.
But, says the FTC, "these red flags are not a checklist, but rather, are examples that financial institutions and creditors may want to use as a starting point." Creditors must define their own red flags, and the appropriate responses, in their written program.
It was estimated that somewhere between a quarter and a third of organizations did not have their red flag rules in place by the original November 1 compliance deadline, and the FTC decided to give more time -- until May 1, 2009.
Unfortunately, many institutions and organizations don't even know they're supposed to comply or they think that having an ID theft policy already in place is enough.
Though they're unlikely to jump on any non-compliant organization straightaway, the FTC does have power to levy huge fines against creditors who don't get their act together.
How will they find out? Well the FTC could, and probably will, do spot checks.
But after the laws go into effect, you can also ask your creditors if they're compliant. If they're not, or if the person you ask doesn't know, that's a serious cause for concern because they're handling your money and your account.
After all, if you discover your financial institution isn't complying, so might the scammers, making your creditor a favored target for ID theft. And you don't want that. It's your money.
And your identity. So if they're not ready, that's your own personal red flag. And, we recommend you stay up-to-date on this to make sure your lenders and financial institutions comply with the red flag rules as the deadline approaches.
That's all for today -- we'll see you next week.