ID Theft Resources and TX AG Abbott Enforcement Actions

As the current November 1, 2009 Federal deadline to comply with the Red Flags Rules approaches, I thought I would recap some of the currently available resources and some of the enforcement actions already taken by Texas Attorney General Greg Abbott related to Identity Theft and its impact on you and your business.

The FTC currently mandates all Businesses to adopt an IDTheft Program bu November 1, 2009 here http://www.ftc.gov/opa/2009/07/redflag.shtm.

They have published this website tp help you figure out what to do http://www.ftc.gov/redflagsrule

The Texas Workforce Commission interpreted the FTC mandate, years ago, in the first four pages of their Winter 2007 newsletter http://www.twc.state.tx.us/news/tbt/tbt0107.pdf

Our Texas Attorney General has filed enforcement actions against companies such as CVS Pharmacy, Lifetime Fitness, Radio Shack, GAB Robins, B&F Finance McAllen, L.L.C, Nino Tax of Brownsville, Cornerstone Fitness and others for violating the Texas "Identity Theft Enforcement and Protection Act" and fined them over $1.8 million collectively.

I recommend that any business, especially in Texas, pay close attention to these issues when crafting their policy to comply with these State and Federal laws.

To help reduce your risks and mitigate your damages should you have a customer, client, news reporter, disgruntled employee, law enforcement officer or even the AGs office discover that you have violated one or more of these laws either knowingly or unknowingly, you should take action immediately to ensure that you have taken reasonable steps and complied with these laws before it is too late.

Do not wait until you experience a break-in, theft or data breach at your company. By then it may already be too late. Attorney General Abbott has stated

"The Office of the Attorney
General will continue aggressively
enforcing identity theft laws and
protecting Texas consumers."

http://www.oag.state.tx.us/agency/weeklyag/2007/0607data.pdf

130 Million Records in Heartland Payment Systems Indictment

I posted about this in February. I may update that later. They say 130 Million Credit Cards were compromised. That is almost half the US population. The article also mentions two accomplices were Russian.

I will update this post later to comment on the numbers involved between this, TJ Maxx and the Checkfree.com breach on Dec 2, 2008.

A federal grand jury has indicted three people on charges of hacking into the files of the credit and debit card processing giant Heartland Payment Systems last year in what the Justice Department is calling the largest identity-theft case ever prosecuted.

http://www.washingtonpost.com/wp-dyn/content/article/2009/08/17/AR2009081701915.html

FTC Delays Red Flags Enforcement Until Nov 1, 2009

The FTC has once again delayed their enforcement of the Red Flags Rule in a further effort to make sure all business has adequate time to comply with the Rule as detailed in their latest press release quoted and linked to below.

I will post or update another entry about the website (http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml) they provide to assist business with compliance because they point out on that website that circumstances may change and require you as a business owner to implement a written Identity Theft plan.

FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule

To assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply. To give creditors and financial institutions more time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC will further delay enforcement of the Rule until November 1, 2009.

http://www.ftc.gov/opa/2009/07/redflag.shtm

Free Annual Credit Reports

As you may know, we are all entitled to a Free Annual Credit Report under FACTA or the FACT Act.

Be aware that if you visit another site to obtain your "free credit file disclosure" that it may impact your credit rating. I am posting this information to my blog to clarify this issue.

AnnualCreditReport.com provides consumers with the secure means to request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies in accordance with the Fair and Accurate Credit Transactions Act (FACT Act).

AnnualCreditReport.com is the only service authorized by Equifax, Experian and TransUnion for this purpose. The three nationwide consumer credit reporting companies have always encouraged consumers to regularly review their credit reports.

AnnualCreditReport.com is the official site to help consumers to obtain their free credit report.

Utilitiy Companies

The FTC has issued an "Article for Business" for Utilities regarding the Red Flags Rule

The Red Flags Rule: What Utility Companies Need to Know About Complying with New Requirements for Fighting Identity Theft

Companies that provide utility services are covered by the Rule if they are “creditors” with “covered accounts.” A creditor is a business or organization that regularly defers payments for goods or services.

http://ftc.gov/bcp/edu/pubs/articles/art13.shtm

Fighting Fraud with the Red Flags Rule: A How-To Guide for Business

This site from the FTC can help a business get a handle on the Red Flags Rule.

Fighting Fraud with the Red Flags Rule: A How-To Guide for Business

...As a practical matter, most businesses and organizations that provide products and services to their customers and then bill them later are covered by the Rule.

http://ftc.gov/redflagsrule

If you look into the FAQ section of this site it will remind you that even if you are not covered under the Red Flags Rule now, that you need to periodically do a Risk Assessment to consider whether your status has changed

http://ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm#C

Of course, from time to time you need to consider whether your identity theft risk has changed, warranting a different approach with respect to the Rule.

Companies Offering Services In and Around the Home

If you are running a business serving residential customers, you should be aware of this Article from the FTC:

The Red Flags Rule: Compliance Tips for Companies Offering Services In and Around the Home

...businesses must review their billing and payment procedures to determine if they’re covered by the Red Flags Rule. Whether the law applies to you isn’t based on the kind of business you’re in, but rather on whether your activities fall within the law’s definition of two key terms: “creditor” and “covered account.”

http://www.ftc.gov/bcp/edu/pubs/articles/art15.shtm