The Federal Trade Commission’s identity theft red flags rule that required businesses to meet identity theft consumer protection laws before the Dec. 31 deadline is now in full effect. And according to FTC estimations it affects about 11 million businesses, many of which may still be unaware of the law and its impact on their business.
The red flags rule applies to organizations that use credit reports, extend credit or defer payments for goods and services in diverse markets ranging from mortgage brokers, landlords, health care, the automobile industry, jewelers, academia, home and yard cleaning services, and municipal utility services.
It responds to the public outcry for help against the growing threat of identity theft.
The U.S. Department of Justice reported that identity theft has surpassed the illegal drug trade as the No. 1 crime in the nation. An effort to curb that risk of continuous mounting identity theft related losses in the future is the reason why federal agencies updated the mandated "red flag rules" under the Fair and Accurate Credit Transaction Act of 2003.
The rule follows the path of other legislation more strict, such as 201 CMR 17.00 passed by the state of Massachusetts, which is recognized as one of the most harsh consumer protection laws in the nation.
And going forward both lenders and their borrowers better be ready.
According to Identity Theft Resource Center, a national nonprofit based in San Diego, identity theft is “escalating and transforming so quickly” that it is making it increasingly difficult to curb in an efficient manner, or expect to stop it any time soon.
The center said it can “only make educated predictions” on the course of identity theft for 2011.
Some common schemes include various case scenarios.
As a rule organized crime rings top the list of threats since they do not only continue but also expand and sophisticate their ability to gather and sell personal identifying information through cooperation with other criminal groups involved in drugs trafficking, counterfeiting, or moving stolen goods.
The Internet has made it easier to sell stolen information across international markets, which is far more difficult to discover.
For example, according to media reports in June 2010 police arrested 178 criminals in a U.S.-Europe raid on credit and debit card cloning labs, with an estimated value of $24.5 million.
The nonprofit warns that another, simpler way to steal identity information that appears to be in a growth mode is check fraud. These fraudsters tend to focus on so-called synthesized checks, which are expected to flourish “as it becomes harder to get credit due to the economy.” Synthesized checks may have the name and address information of a real person or company and a fraudulent bank account and routing number making it hard for merchants catch the discrepancy.
Other methods include account takeovers where “cyber attackers” aim at small and large businesses, educational facilities and school districts, and even governmental agencies with the help of “company insiders” who will play a larger role in overcoming security features and hacking into computer systems and online banking accounts.
Additionally, a trend of growth in the number of breaches will continue because mandatory reporting has increased. According to the 2010 Verizon Data Breach Investigation Report, 61% of breaches were discovered by outside sources and aimed at e-mail lists that may lead to more social networking scams.
The center also expects “more sophisticated attempts to scam money from people via social engineering” or deception. Last year, global law enforcement action, Operation Broken Trust, resulted in actions against 532 defendants for fraud schemes that harmed over 120,000 victims in the U.S. and involved over $10.4 billion in estimated losses. “Ponzi and investment scams made up the bulk of those cases.”
Social networking scams through sites, smartphones and other mobile devices also are in the rise since sites like Facebook “provide additional access points for criminals.”
All of the above do not mean low-tech, mail theft will stop, it will continue and should not be underestimated, the center warns.
Identity Theft Resource Center’s data show about $60 billion was lost and 35.6 million consumer records were exposed in 2008 due to data breaches and identity theft, a 47% increase over 2007.
On a more optimistic note, the CoreLogic 2010 Fraud Index noted that as lenders take a more “aggressive stance against fraud” their efforts have helped diminish the mortgage fraud risk, which is on the decline. But with an estimated $14 billion in fraud losses experienced in 2009 alone, “fraud is still a major issue for the mortgage industry.”
In April 2008 the Justice Department started tracking criminal mortgage fraud cases. The red flags rule requires businesses to develop a comprehensive written identity theft prevention program, to protect consumers and customers from identity theft and related crimes.
