FTC Grants Another 3 Month Reprieve for Red Flags Rule Enforcement

FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule

To assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply. To give creditors and financial institutions more time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC will further delay enforcement of the Rule until November 1, 2009. (emphasis added)

The Red Flags Rule is an anti-fraud regulation, requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft. The financial regulatory agencies, including the FTC, developed the Rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA’s definition of “creditor” includes any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.

The FTC’s Red Flags Web site, www.ftc.gov/redflagsrule, offers resources to help entities determine if they are covered and, if they are, how to comply with the Rule. It includes an online compliance template that enables companies to design their own Identity Theft Prevention Program through an easy-to-do form, as well as articles directed to specific businesses and industries, guidance manuals, and Frequently Asked Questions to help companies navigate the Rule.

Although many covered entities have already developed and implemented appropriate, risk-based programs, some – particularly small businesses and entities with a low risk of identity theft – remain uncertain about their obligations. The additional compliance guidance that the Commission will make available shortly is designed to help them. Among other things, Commission staff will create a special link for small and low-risk entities on the Red Flags Rule Web site with materials that provide guidance and direction regarding the Rule. The Commission has already posted FAQs that address how the FTC intends to enforce the Rule and other topics – www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm. The enforcement FAQ states that Commission staff would be unlikely to recommend bringing a law enforcement action if entities know their customers or clients individually, or if they perform services in or around their customers’ homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft.

The three-month extension, coupled with this new guidance, should enable businesses to gain a better understanding of the Rule and any obligations that they may have under it. These steps are consistent with the House Appropriations Committee’s recent request that the Commission defer enforcement in conjunction with additional efforts to minimize the burdens of the Rule on health care providers and small businesses with a low risk of identity theft problems. Today’s announcement that the Commission will delay enforcement of the Rule until November 1, 2009, does not affect other federal agencies’ enforcement of the original November 1, 2008, compliance deadline for institutions subject to their oversight.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.

MEDIA CONTACT:

Office of Public Affairs
202-326-2180

(Red Flags July 09)

Business owners can also take a needs assessment free at www.RedFlagsRulePolicy.com

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

ID Theft Ring Allegedly Bribed California DMV Employees

ID Theft Ring Allegedly Bribed DMV Employees

Counter-terrorism investigators busted an alleged identity theft ring whose members are suspected of bribing Department of Motor Vehicles employees in Inglewood and several states to provide fake documents.

Los Angeles police, the FBI, DMV and District Attorney's Office teamed up to track a Pakistani woman and 13 alleged accomplices, the Los Angeles Times reported on its Web site.

Shamsha Laiwalla, 44, who recently pleaded guilty to federal charges of identity theft stemming from the investigation, paid DMV workers to provide driver's licenses and other documents, Los Angeles police and federal officials told The Times.

For $3,500, she offered to provide a driver's license, birth certificate and Social Security card to an undercover agent pretending to be a Pakistani who sneaked into the United States, The Times reported.

The names of least some of her alleged clients have turned up in ongoing federal investigations into national security issues, LAPD Deputy Chief Michael Downing told the newspaper.

...in 2007, one of her contacts changed DMV records for members of a criminal organization that dealt drugs and sold counterfeit goods in Los Angeles' garment district...

Authorities suspect that money from the group went to Hezbollah, the Iran-backed militant Shiite Muslim group in Lebanon.

...."We have no idea how many thousands of people might be out there with these documents," LAPD Detective Mark Severino told the newspaper. "If we're talking about counter-terrorism issues, that's a scary thought." (Full text at www.nbclosangeles.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Lexis-Nexis Breach Linked to Crime Family

Well, I'm back from a short vacation of taking my son and friends to Lake Havasu and 120 degree weather. Obviously, while I was away - the id theft cats still played.

Lexis-Nexis Breach Linked to Crime Family

Analyst: 'Days of Amateurs Committing Breaches are Well Behind Us'

July 17, 2009 - Linda McGlasson, Managing Editor

Lexis-Nexis made public notification of a data breach that federal authorities say is tied to a New York mafia crime family. The New York-based company has sent more than 13,000 letters to former customers whose personal data may be at risk. The 13,000 customers may have been targeted for extortion and identity theft.

Earlier in May, the U.S. Attorney General's office in Southern District of Florida handed down an indictment charging 11 men with racketeering conspiracy. The 11 had ties to the Bonnano organized crime family.

.....The alleged suspect, Lee Klein, one of the 11 charged in the indictment, "was an employee of a former Seisint customer who misused his employer's Accurint access. As such, we notified all individuals whose information could have been viewed in connection with the limited searches that law enforcement believed were unauthorized. We provided notice in accordance with the law because the customer was no longer in business," the Lexis-Nexis representative says.

Accurint is used by law enforcement and other entities to verify identity and locate people. Lexis-Nexis says 13,329 letters were sent to individuals on behalf of Seisint's former customer in connection with this investigation. ....

How it Happened
According to the indictment, Klein worked for the criminal "crew" of Thomas Fiore, an associate of the Bonanno organized crime family.

The indictment alleges that Klein illegally used "information obtained from computer databases in order to acquire identification information regarding potential victims of extortion" and people suspected by Fiore's criminal organization of being involved with law enforcement.

Klein allegedly provided Fiore with "corporation names, addresses and account numbers to facilitate the manufacture and negotiation of counterfeit checks."

In addition, the indictment alleges that members of the criminal crew used threats of force and violence, including conspiracy to commit murder, to advance the objectives of the enterprise.

...The Bonanno crime family was making money from the sale of unauthorized identification documents (including social security numbers and health and life insurance applications). "If the mafia considers that selling sensitive information is a legitimate line of business, then clearly the days of just amateurs committing breaches are well behind us," Holland observes. (Full text at www.bankinfosecurity.com)

I used to use Lexis-Nexis while in law enforcement to track down criminals on the run. I was impressed when I used their system to run my own name and it generated about a 12 page report including all my neighbors (from 3 previous addresses) and their contact information as well.

Ya gotta love technology!

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Legal Eagles Don't Want Red Flags Waving in Their Faces

Statement of H. Thomas Wells, Jr., President, American Bar Association
Re: Fair and Accurate Credit Transaction Act 'Red Flags' Rule

---

CHICAGO, June 22, 2009 - The American Bar Association urges Congress and the Federal Trade Commission to exempt lawyers from the Red Flags Rule that imposes requirements on creditors to detect the warning signs of identity theft in their day-to-day operations. The Rule, adopted under the Fair and Accurate Credit Transactions Act, or FACT Act, is noble in its intent. However, the Commission’s application of the Rule to lawyers is unnecessary and not supported by law. Lawyers are not engaged in the type of commercial activity that Congress was attempting to regulate with the FACT Act and should not be considered creditors under the Red Flags Rule.

Congress intended the FACT Act to apply to financial institutions and other businesses that extend credit, not to lawyers who merely bill for services after they are performed. Regardless of the specifics of billing arrangements used in client-lawyer relationships, lawyers cannot ethically charge for legal services until they are rendered.

Lawyers’ fees already have been determined not to be credit transactions by the Second Circuit Court of Appeals. Further, the D.C. Court of Appeals has held “that the regulation of the practice of law is traditionally the province of the states” and that federal law “may not be interpreted to reach into areas of State sovereignty unless the language of the federal law compels the intrusion.” Nowhere in the FACT Act did Congress even imply that it intended to regulate lawyers with respect to their client relationships, and lawyers should not be considered creditors simply because they bill for legal services only after those services are rendered.

Treating lawyers as creditors under the FACT Act would impose an undue burden on law firms, especially solo practitioners, and would accomplish very little. The type of identity theft addressed by the Rule would be present only if an individual pretended to be someone else; a person would have to assume not only another person’s identity, but his or her legal needs as well. Compliance with the Act would complicate client arrangements and require a major commitment of lawyers’ time, yet the FTC has failed to identify a single case of identity theft in the legal service context, suggesting that such a scenario is far-fetched, if not impossible.

The American Bar Association applauds the federal government’s efforts to protect American consumers from the devastation of identity theft, but strongly urges the FTC to direct its efforts at the problems Congress intended to address. The ABA will work with Congress and the Federal Trade Commission to ensure that, when the final Red Flags Rule goes into effect, the Rule will not apply to lawyers engaged in the practice of providing legal services to clients.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Athletes Not Exempt From Id Theft

Vontae Davis identity theft incident is another reminder for athletes By CARLOS FRIAS
Palm Beach Post Staff Writer
Saturday, June 27, 2009

Marlins infielder Wes Helms didn't have to hear about Dolphins rookie Vontae Davis being victimized by identity theft to know the hassle it can mean.

Helms learned that lesson years ago after seeing the stress it caused outfielder Geoff Jenkins, his former teammate with the Milwaukee Brewers. Someone apparently used Jenkins' information to open several credit cards and racked up "a good bit" of debt.

It took Jenkins more than a year to clear up his credit and deal with banks that had been defrauded in his name.

"He'd come in every day and be on the phone with somebody about it," Helms recalled. "As an athlete, you already have enough stress on you. You don't need something else pressing on your mind."

Helms then hired a service - they cost as little as $10 a month - to monitor his and his family's credit and bank accounts.

"We've got our guard up," Helms said.

Davis is learning that lesson, too. Apparently, a man stopped for traffic infractions June 9 in Champaign, Ill., showed police Davis' driver license and drove off a free man. Davis' wallet was stolen several months ago while he was a student at the University of Illinois.

Last week, national media reports identified the Dolphins' cornerback as the man cited.

Davis' grandmother, Adaline, got this forwarded text from his brother, Vernon, a tight end with San Francisco: "Your brother got arrested in Illinois."

Vontae, who was practicing with the Dolphins in Davie on June 9, was joking when he sent the text. But his grandmother didn't know what to think.

"It was like the blood rushed to my head," Adaline remembered. "I was thinking he got mixed up with some boys and got arrested."

Identity theft and fraud affected nearly 10 million Americans last year at a cost of more than $48 billion, according to Javelin Strategy & Research. Athletes can be particularly vulnerable because details about them - dates of birth and family members' names, for example - are available in press guides and on the Web. (Full text at www.palmbeachpost.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Playing Catch-Up!

Wow! I can't believe it's been over 2 weeks since I have had the time to post an article. I've been busy assisting clients due to the FTC's Red Flags Rule and been out of town in more training. Anyway, here are a few things that happened in the last few weeks.

TJX settles over breach with 41 states for $9.75 million
In a move to close the door on the largest reported retail data breach in history, TJX announced Tuesday that it has settled with 41 states who were probing the discount merchant's data security practices.

TJX, which operates more than 2,500 outlets nationwide, agreed to pay $9.75 million to settle investigations by 41 state attorneys general, who were looking into the monster breach, announced in January 2007, that exposed as many as 94 million credit and debit card numbers.

Under the agreement, TJX will pay $5.5 million in settlement fees, plus $1.75 million to cover the cost of the states' investigations. In addition, the company will provide $2.5 million to establish a new Data Security Fund that states will use for a number of data security initiatives, including researching the benefits of technology, developing best practices or model laws, and establishing consumer outreach programs. (Full story at scmagazineus.com)

Customs and Border Protection agents have discovered more than 500 cases of potential identity theft since January of this year, authorities said.According to a CBP news release, officers encounter "numerous cases of identity theft on a daily basis," usually through stolen or fabricated documents."Because our officers are in a position to uncover attempts at entering the U.S. by utilizing someone else's identity, we take the responsibility seriously and work with the U.S. attorney's office to seek prosecution on all cases we encounter," said Director of Field Operations David Higgerson.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com