What is the right approach to the Red Flags Rule?

Continuing with our project of helping our community weed through the new legislation, this week we turn our focus to “What is the right approach to the Red Flags Rule?”

At its core, the Red Flags Rule requires a risk-based approach.  Each financial institution or creditor must conduct a risk assessment in order to develop and implement a program that is appropriate to the size and intricacy of the organization and the nature and scope of its activities.  In addition, the Program must allow the organization to address changing identity theft risks.  The risk assessment should document a complete analysis of the identity theft risks in a succinct manner so that it can be easily shared and communicated across the organization, including to the board of directors, management, and appropriate staff.  Examples of risk factors that should be used to identify red flags include:

  • Types of covered accounts the organization offers or maintains;
  • Methods the organization offers to open covered accounts;
  • Methods the organization provides to access covered accounts;
  • Previous experiences with identity theft

The program must incorporate oversight of third-party service providers to ensure regulatory compliance on their part as well.  Guidelines issued by the FTC are helpful.

Keep heart everyone–we will get through navigating this new legislation together.

For more information on identity theft prevention visit www.hvshred.com

What is a Red Flag?

Continuing our education related to sifting through the new Red Flags Rule, we thought it might be handy to start with  some definitions.

According to the FTC, a Red Flag refers to a pattern, practice, or specific activity that indicates the possible existence of identity theft.  Supplement A to the final rules and guidelines provides 26 examples of Red Flags for consideration when implementing the Program (we’ll cover the 26 in a future post).

For now, keeping it basic, Red Flags fall into 5 categories:

1. Alerts, notifications, or warnings from a consumer reporting agency; suspicious documents;

2. Presentation of suspicious documents;

3. Suspicious personally identifying information, such as suspicious address;

4. Unusual use of-or suspicious activity relating to-a covered account; and

5. Notifications or reports from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts.

As a review, the Red Flags Rule applies to “financial institutions” and “creditors” with “covered accounts”.  Under the Rules, a financial institution is defined as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a customer.

More definitions (a drag, but we’ve got to know what we’re talking about)

A transaction account is a deposit or other account from which the owner makes payments or transfers (ie checking accounts, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers…)

A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.  Creditors include finance companies (credit cards), automobile dealers (auto loans), mortgage brokers (mortgages), utility companies (accounts for gas, electric, oil etc).  Where not-for-profit and government entities defer payment for goods and services, they, too, are to be considered creditors (higher education-student loans) and medical providers (payment accounts).

A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions. 

That lays the foundation and feels like a full helping of information for now–more tips on how to comply next week.

There is always more information available at www.hvshred.com

MORE ON RED FLAGS

Our goal is to use this space to educate our community about issues relevant to identity theft; the long-time in coming Red Flags Rule has finally been enacted into law and we will be doing our best to help weed through—“What does it mean?”

We’ll start with the good news for many of our clients—thanks to the diligence of the American Institute of Certified Public Accountants (AICPA), and other groups, the language of the Red Flag Program Clarification Act of 2010 signed by the president on December 20th narrowed the definition of creditor to exclude professional firms that often to not receive full payment at the time service is rendered.  The AICPA and the American Bar Association dropped their lawsuits, leaving the FTC free to enforce the fule.

The Red Flags rule requires creditors or financial institutions with covered accounts to implement a written identity-theft prevention program.  The program should identify and detect signs of identity theft in a client’s normal course of business and spell out appropriate actions they will take when they detect red flags.  Creditors would include entities that loan money, such as banks, finance companies, automobile dealers, and mortgage brokers, but many other businesses and nonprofits will be subject to the rule.

In the coming weeks, we’ll be doing our best to help clarify.

In the meantime, be assured that on-site shredding is an integral part of ensuring data security for any business.  For more information visit www.hvshred.com

Partnering to protect identity

We were pleased to partner with Sheila Delson from FREEDomain to help her protect her clients from identity theft. 

In her own words: “(This was) my “New Year” kick-off! As a professional organizer I find many clients who struggle with PAPER elimination due to IDENTITY-THEFT concerns, making them feel ‘stuck’ which impedes progress. To minimize those concerns (and to keep the process flowing), I decided to include PAPER SHREDDING as a free ad-on value to my company services. From May thru Dec. I collect clients’ paper in my garage until winter. In the photos (on my Facebook page http://www.facebook.com/#!/profile.php?id=1276103995)

HUDSON VALLEY SHRED (www.hvshred.com) completes the cycle, shredding three full containers in under 20 minutes and the remains are carted to an official paper recycling center. Owner Judith Papo and crew made it a fast, effective and affordable experience, and their official ‘Certificate of Destruction’ is reassurance to each client that their privacy has been honored. And our cars are now safely back in the garage…whew – just in the nick of time!”

HV Shred thanks Sheila Delson and the entire Hudson Valley business community for the opportunity to provide on-site shredding service to our neighbors.

Working together, we can help protect our community!

PART 2: BE WARY OF THESE SCAMS

Continuing with our thread from last week, we finish off our focus on the top scams to be wary of in 2011.  Last week we addressed job hunt lures, debt solutions, not-so-free trial offers, time share resellers, and work from home secrets.  This week we urge you to be wary of:

  1. Itinerant home repairers and roofers. Better Business Bureaus across the country received complaints from consumers who answered a knock from a door-to-door salesman or itinerant worker who eventually failed to deliver on promises to fix their roof or do other work to their homes.
  2. Lotteries and sweepstakes. The victim receives a letter in the mail or a phone call from someone
    pretending to be with Reader’s Digest, Publisher’s Clearing House or a phony foreign lottery. The
    catch: A winner must first wire hundreds or even thousands of dollars to cover taxes or some other
    bogus fee. The victim wires the money, but the prize never arrives.
  3. Identity theft. A person can become a victim of identity theft in both low-tech and high-tech ways,
    including theft and mail theft, e-mails, phone calls, text messages, or as the result of a corporate data breach.
  4. Advance-fee loans. Victims are told they qualify for large loans but must pay upfront fees — often
    more than $1,000. The victim wires money to the scammers but never receives the loan.
  5. Overpayments. These typically target small-business owners, landlords or individuals with rooms to rent and sellers on classifieds or sites like Craigslist. The scammers overpay the amount requested and then ask the victim to wire the extra amount back to them or to another fraudulent entity. Ultimately, the check is forged and the victim loses the money wired back.

The old cliché holds true—the best defense is a good offense.  When it comes to identity theft, best practices suggest shredding is the highest level of defense for personal information.  For more information about our on-site shredding service, check out www.hvshred.com

SCAMMERS ARE OUT IN FORCE IN 2011

Especially in these tough economic times, the Better Business Bureau warns Americans to be wary of these top  scams.  We’ll hit the a few this week and finish off the list next week: 

  1. Job hunt lures.  These days all the talk is about JOBS, JOBS, JOBS!  Unfortunately, further complicating the underemployment situation are scams targeting job hunters.  These include attempts to gain access to personal information such as bank account or Social Security numbers and requirements to pay a fee to even be considered for a job.
  2. Debt relief and settlement services. Again, capitalizing on those in vulnerable loan positions find themselves fending off sharks.  The council warned consumers in 2010 to scrutinize third-party assistance for getting out of debt. These companies often require upfront fees and potentially leave the consumer drowning in even more debt.
  3. Work-from-home secrets. Some promise to teach the secrets to making money online; others claim you can make money assembling items at home or get paid to be a mystery shopper. Some victims even found that their opportunity to work from home was a job to fence stolen goods. The end result is that instead of getting paid, you can end up losing hundreds — if not thousands — of dollars.
  4. Timeshare resellers. Complaints about the timeshare industry — including deceptive resellers — increased by more than 40 percent, according to 2010 estimates. Timeshare owners who are desperate to get rid of vacation property that requires monthly fees are being targeted by companies that claim they have an eager buyer. The company tells the seller they must pay up to several  thousand dollars up front. After paying the fees, the seller never hears from the company again.
  5. Not-so-free trial offers. Misleading free trial offers online for diet supplements, penny auctions and money-making opportunities blanket the Internet. The free trials seem no risk but complainants state they were billed monthly and found it extremely difficult to cancel.
  6. Identity theft. A person can become a victim of identity theft in both low-tech and high-tech ways,
    including theft and mail theft, e-mails, phone calls, text messages, or as the result of a corporate data breach.

 The old cliché holds true—the best defense is a good offense.  When it comes to identity theft, best practices suggest shredding is the highest level of defense for personal information.  For more information about our on-site shredding service, check out www.hvshred.com

Here comes the Red Flags Rule

Effective December 31, 2010, the Red Flags Rule requires organizations extending payment terms to customers and that have personal information on file to:

1-Create written “Program” that identifies where personal customer information is vulnerable to unauthorized access ro where the organization is vulnerable to ID Theft.

2-Institute precautions that address those ID Theft vulnerabilities and train employees to comply with those precautions.

3-Intervene, alert the authorities, or warn the potential victims when there is a threat of ID Theft.

4-Have the “Program” controlling ID Theft vulnerabilities signed by the Board of Directors or the company owners annually.

5-Require audits of data-related vendors with access to personal information of customers.

The Federal Trade Commission is in charge of enforcing the law and estimates that nearly 11 million organizations are legally required to comply.  That is close to 40% of all US Businesses.

Shredding is among the most secure ways to ensure confidential paperwork is kept confidential.  Businesses should strongly consider including regularly scheduled on-site shredding service in their Red Flags “Program”.

At HV Shred, we know our community of businesses has long been aware of following through on their fiduciary duties to properly dispose of confidential information and would like to help make that program even easier with on-site shredding.  Check out www.hvshred.com for more information.

Tap into the energy and therapy of on-site shredding!

One of the best surprises we have experienced since starting HV Shred just over 3 years ago has been the enthusiastic thank you’s we have received from clients ecstatic to have had our help to clean out their paperwork in a simple, secure and quick way.  Because we needed the service for ourselves, we knew our service was all about helping people, but  somehow there is a bit more energy and drama than we had imagined.  In many cases, we have helped our clients dig out from decades of paperwork.  Until you’ve experienced on-site shredding, you may not be able to imagine the therapeutic nature of the process. 

I myself did some year-end cleaning out this past week to tap into that well of invigoration and liberation that comes along with getting rid of unnecessary files and reclaiming my desk, floor, and closet space. 

Our mission is to help all our commercial and residential neighbors in the Hudson Valley experience the energizing feeling of cleaning out with the peace of mind that the most sensitive information is both disposed of securely and in an environmentally friendly way–we recycle all shredded paper!

Happy New Year to all and please contact us at judith@hvshred.com if we can be of service as 2010 comes to a close or as we welcome in 2011.