November 1st is looming and I am getting more and more questions about the Red Flags Rule, so let’s attack this head on.
First, In order to address the growing problem of Identity Theft and the effects it has on businesses and individuals, the FTC has established legislation for businesses to comply with the FTC Red Flags Rule. The Red Flags Rule says that Financial Institutions and “Creditors” with “covered accounts” must have an Identity Theft Prevention Program in place.
OK, now that we understand what businesses need and who needs to comply lets take turkey. What, you don’t understand part 1? Seriously, that is ok, because no one seems to get it.
The Red Flags Rule is not really about Identity Theft. It is about what happens after the identity has already been stolen. The FTC understands it ID Theft will continue to grow and happen, so they created the Red Flags Rule Program in an effort to remove the places where Identity Thieves can get products and services using that stolen id. The first mistake the FTC made was calling it an Identity Theft Prevention Program. It should have been called an Identity Fraud Prevention Program.
Bottom line – The Red Flags Rule is in place so that your business can detect the signs that an Identity Thief is using YOU to damage YOU and the Victim.
Why is this important to you as a business? Simply put – assisting an Identity Thief, knowingly OR unknowingly has an average cost to a business of over $90,000 in 2008 PER INSTANCE. Recent laws now allow the victim to sue you and your business for damages resulting from your business providing products and or services to an Identity Thief. While you have nothing to do with the victim, legally do you because you are providing service to their identity and you “as part of its duty of diligence it (the business should have confirmed her identity”
Next let’s look at who must comply. The second critical error the FTC made was, in an attempt to decide which businesses must comply, defined the Red Flags Rule as applying to “creditors.” In reality, credit has nothing to do with it. The FTC has determined that numerous business segments fall under this definition including law firms, accountants, utility companies, telecom, professional services, etc.
Bottom Line – If your business provides services or products to individuals and invoice them and you have ANY repeat customers, then you are a “Creditor” If you deal with individuals outside of their home, for example, in your office or remotely via the phone or internet, then you have “covered accounts”
I am still amazed at the push back I hear about from businesses who do not want to comply. I have a program in place for my small computer business. If I push the definitions, I can probably argue that I am not a creditor with covered accounts as the majority of my customers are businesses and I know my customers. In reality, in todays world, you do not know your customer.
According to the statistics, if you have 500 customers, you are most likely providing services or products to at least on fraudster and if the victim finds out, they can sue you to recover the damages. The question I put back to the business, can you afford that expense? I have been in court over stupid lawsuits too many times in my life because attorneys can sue you for anything now. The website – legalmatch – now has links to finding attorneys who sue businesses who provide services to ID theives and info for the victims on how to maximize their claims. For a whopping $70 bucks a month, I want to sleep well knowing that I did my part to fight Id theft. I would rather that thief go to the business next door who does not check an ID and let the victim sue him 
The bottom line – if you are a business and you invoice customers and you deal with individuals, you need a Red Flags Rule Identity Theft Prevention Program, even though it really has nothing to do with Identity Theft
For more information about the Red Flags Rule and Identity Theft Statistics or to see pricing and sign up for an Identity Theft Prevention Program for the Red Flags Rule Policy
