Millions of Americas are affected by the identity theft crime.  The thieves may shamelessly drain victims’ bank accounts, open new credit card accounts, ruin their credit beyond repair, take over an entire identity, etc.  The cost to businesses and the consumers is billions of dollars. The delay in implementation of The “Red Flags” Rule means that we are and our personal information are not sufficiently safeguarded from Identity Theft.

The “Red Flags” Rule is in effect since January 1, 2008, but the implementation deadline has been delayed 3 times.  This time, the deadline is November 2009.

The “Red Flag” Rule requires covered businesses and organizations to develop and implement a written Identity Theft Prevention Program designed to identity the warning signs – or “red flags” – of a possible identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate the damage it inflicts.

What Businesses and Organizations are covered?

The “Red Flags” Rule applies to “financial institutions” and “creditors.” Financial Institution: Under The Red Flags Rule, a “financial institution” is “a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other person that, directly or indirectly, holds a transaction account belonging to a consumer.” Creditor: Under The “Red Flags” Rule, the definition of “creditor” is very broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. For Example finance companies, utility companies, medical offices, mortgage brokers, real estate agents, third-party debt collectors, automobile dealers, and retailers that offer financing or help consumers get financing from others, say, by processing credit applications, anyone who on regular basis participates in the decision to extend, renew, or continue credit, including setting the terms of credit.

What Accounts Are Covered?

(i) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and

(ii) Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness or the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.

How Are The Businesses And Organizations Comply With The “Red Flags” rule?

1. They must identify the red flags of identity theft you’re likely to encounter in their line of business.
2. They must develop procedures for detection of those red flags in their day-to-operations.
3. They must have policies about the response and the actions to be taken in the event of Identity Theft.
4. They must regularly update their written policies and educate their employees.

What Are The Categories of Common Red Flags?

1. Alerts, Notifications, and  Warnings from a Credit Reporting Company or any service Provider.

• A fraud or active duty alert on a credit report.
• A notice of a credit freeze in response to a request for a credit  report.
• A notice of address discrepancy provided by a credit reporting agency.
• Unusual credit activity.  For example, an increased number of inquiries, especially on new accounts; or unusual number of recently opened accounts; or a closed account, etc.

2. Suspicious Documents

• Identification provided looks altered or forged.
• The individual who presented the ID doesn’t look like the photo or match the physical description.
• Information on the ID is inconsistent with the information of file, such as signature.
• An application appears altered, forged, or torn up and reassembled.

3. Suspicious Personal Identifying Information.

• An address is not matching an address on Credit Report, the use of a Social Security number that has not been issued yet or is associated with SSN of the deceased.
• Inconsistencies in the information the customer has given  you – for example, the SSN given does not correlate with the DOB.
• Personal identifying information known to have been used for fraud.
• A questionable address, such as an address of prison of a mail drop, an invalid phone number or the one associated with an answering service.
• A Social Security number previously used by someone else to open accounts.
• An address or telephone number previously used by numerous people to open accounts.
• A person who fails to respond to a notice of an incomplete application.
• A person who can’t provide additional information in addition to a readily available one.  Example, an authentication question that only a person would know.

4. Suspicious Account Activity.

• Requests for additional accounts, , users, cell phone number soon after a change of address.
• New account used mostly for cash advances, jewelry, electronics, which have a cash redeeming value. Failure to make a first payment.
• Major changes in payment history or spending patterns.
• An idle account becomes active again and has some unusual activities.
• Despite ongoing transaction on active accounts, the mail comes back as undeliverable.
• The customer notifies a business or an organization that she or he is not receiving account statements.
• The customer notifies a business or an organization about unauthorized charges on the account.

5. Notice from Other Sources.Notification that a fraudulent account has been opened comes from a law enforcement agency or directly from a customer.

Implementation of The “Red Flags” Rule is essential to prevention of Identity Theft and reduction of the costs associated with the crime.  Hopefully, I was able to give you some general understanding of how this rule will be implemented, what it is all about and how it will affect all of us. To learn more about the “Red Flags” Rule, please go to FTC.gov