ID Theft Red Flags: 4 High Risk Areas

ID Theft Red Flags: 4 High Risk Areas

What You Might Not Know About Staying in Compliance -- and Secure

August 13, 2009 - Linda McGlasson, Managing Editor

There are four "high risk" areas that aren't getting the attention they deserve as financial institutions work toward complying with the ID Theft Red Flags Rule, says a leading industry compliance expert. ...

...The Red Flags Rule is a risk-based regulation. As such, Huda says, compliance should be approached from a risk management and not a purely technical perspective, and institutions should ask these questions:

• Which accounts are more at risk to identity theft?
• Which red flags represent higher risk?
• Which detection and response procedures are commensurate with the risks?
• Which service providers pose greater risk?
• What controls exist to mitigate the risks?

...There are four areas Huda says that are "high risk" that many financial institutions have not paid enough attention to are:

1. Service Providers. Many have not conducted an inventory, risk-ranking or assessment done on service providers. This may be the weakest link in the chain.


2. Business accounts. Many have focused only on consumer accounts. The rule applies to any account with a reasonably foreseeable risk of identity theft, not just consumer accounts. Small business accounts in particular are susceptible to identity theft and must be analyzed for risk.


3. Training. Many have not provided proper training to staff. The training does not cover what the written, board-approved program deems to be the red flags one should be on the look out for, nor what one should do to respond. The training is very general and does not cover how to comply. How can identity theft actually be prevented if one does not know what to look for and what to do if one finds a red flag?


4. Updates. Many have put their program on the bookshelf, forgetting to update it to address new risks or changes in operations. For example, if a new line of business is opened, a new service provider added or new products or services are rolled out, or identity theft is attempted or perpetrated, the Program must be updated. (Full story at www.bankinfosecurity.com)

Many business owners have the same issues as financial institutions. That is why I recommend www.RedFlagsRulePolicy.com for businesses by idBUSINESS. It is an online module that not only creates your policy but allows you to email vendors to take an assessment test as well. You will also be able to email your employees to take the online training for the Red Flags Rule.

Business owners can also take a free Needs Assessment at the site.

As a distributor for idBUSINESS, I can also offer business owners a discount - just contact me.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

FTC Red Flags Rule Update

If you are unfamiliar with the Federal Trade Commission's Red Flags Rule then download a copy at www.ftc.gov/redflagsrule. Basically, if you are a creditor or have "covered accounts" then you must comply with the Rule.

Doctors, Dentists, and Veterinarians must all comply as they have lost their battle with the FTC, at least as of this date.

The best way to become compliant is by using IdBusiness and their online Red Flags Compliance module. It not only will assist you in creating your policy but trains your employees, and notifies your vendors as well.

Business owners may also want to download the following book "Protecting Personal Information - A Guide for Business" at www.ftc.gov/infosecurity

If you find that you do not need a Red Flags Policy, then I can assist you with setting up a Non-Public Information (NPI) policy at no direct cost to your company. Although, certain restrictions apply so give me a call.

If you need a Red Flags Policy, then click here for assistance.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Medicine slams FTC over forcing physicians to police identity theft

Medicine slams FTC over forcing physicians to police identity theft
Physicians object to the broad application of the "red flag" rules and say they were not forewarned properly. Enforcement begins May 1.

By Amy Lynn Sorrel, AMNews staff. Posted April 6, 2009.

Organized medicine and the Federal Trade Commission continue to joust over the application to physicians of new identity theft prevention rules. With a May 1 compliance date just around the corner, neither party shows signs of capitulation.

The FTC regulations require a variety of business entities -- mainly financial and banking institutions -- to implement a written program for preventing identity theft as well as detecting and responding to warning signs of such incidents. The commission maintains that when physicians defer payment for services, they become creditors -- entities that regularly extend, renew or continue credit -- under the "red flag" rules.

...The commission "did not give physicians an appropriate opportunity for notice and comment on the ruling that the red flags would be applied to them," said AMA Secretary Ardis D. Hoven, MD. "The AMA is calling on FTC to re-publish its rule so that we can make the case that physicians should be excluded."...

...The FTC has no plans to extend the deadline again, said Naomi Lefkovitz, an attorney with the FTC's Division of Privacy and Identity Protection. "That said, we continue to take a view that we're looking for reasonable efforts" by doctors to comply...(Full text at www.ama-assn.org)

To any non-compliant Doctors out there:

We offer an Affirmative Defense Response System (ADRS) in which:

1. We provide a written policy outlining specific requirements for protecting customers and employees personal info

2. A letter that can be used when appointing an employee as security compliance officer - which is required by the GLB law.

3. A comprehensive training program which according to the FTC is one of the 1st steps to protecting NPI by conducting a mandatory meeting to educate employees about the risks/liabilities of data loss.

4. When employees complete the ADRS training, they sign the "Use of Confidential Information by Employee" form that serves as proof they've completed a mandatory training in handling NPI. This signed document demonstrates that the company is taking reasonable measures and actively working to comply with FACTA, GLB and HIPAA.

We do all the above at no direct cost to you if allowed to offer our Pre-Paid Legal services (PPL) and Identity Theft Shield to the employees as an employee benefit.

PPL spent over $1 million developing the above to assist companies in becoming compliant with all the new laws. PPL is a 36 year old NYSE company and named as one of the top 200 small businesses on the NYSE by Forbes magazine 7 times.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

ID Theft Red Flags: Institutions Found Lacking in Awareness, Vendor Management

ID Theft Red Flags: Institutions Found Lacking in Awareness, Vendor Management
FDIC Examiners Find 'Substantial Compliance' with New Reg, But Also See Common Challenges
March 31, 2009 - Linda McGlasson, Managing Editor

In the five months since the compliance deadline for the Identity Theft Red Flags Rule, banking institutions generally are compliant. But examiners are finding issues with security awareness and vendor management.

This is the initial report from the Federal Deposit Insurance Corporation (FDIC), the largest U.S. bank regulator. The FDIC and other regulators have been testing Red Flags compliance at financial institutions since Nov. 1.

The good news, says Michael Jackson, spokesperson for the FDIC's regulatory compliance division, is that examiners have found "substantial compliance with the Red Flags regulations."

Still, there are three common issues that have arisen among banks that have been examined:

Covered Accounts - Some banks are misidentifying their covered accounts. Small business accounts are not automatically covered under the Red Flags regulation, Jackson says, but some should be included if the risk for identity theft is reasonably foreseeable. Some banks have had small business accounts that were victims of identity theft, but were not included among covered accounts.

Security Training - Some banks have not put together employee training, which is required, Jackson says. "By the regulation, they may have talked about it or assigned it to someone, but they need to have an actual program in place and have their employees trained on it." He says it would look better to examiners if institutions already had moved forward in training. "While banks may at this time be more focused on other things -- they may have [training] scheduled for sometime in the future -- but it is something they do need to work on a little more."

Vendor Management - Another area where examiners are interested in is in the area of third-party service providers (TSPs), says Jackson. "Banks are not adequately overseeing the oversight of their third party service providers' (TSP) compliance with red flags regulation," he says. "Even though they are not directly answerable to the regulation, these TSPs that hold information on these covered accounts or process transactions for these covered accounts need to be taking appropriate steps to prevent and mitigate ID theft."
(Full text at www.bankinfosecurity.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com