What Does the Red Flag Rule Mean?

December 29 2010
Baird Holm LLP logo

Vickie Brady Ahlers Author page »

After numerous extensions spanning two years held off the FTC’s enforcement of the Red Flags Rule, Congress recently passed legislation intended to exclude certain medical professionals, lawyers and select industries from the definition of “creditor” under the Rule. The Red Flag Clarification Act of 2010 (“Clarification Act”) limits application of the Rule only to a “creditor” that:

  1. uses consumer reports in connection with a credit transaction;
  2. furnishes information to consumer reporting agencies in connection with a credit transaction; or
  3. advances funds to or on behalf of a person based on an obligation of that person to repay the funds from specific property pledged by or on behalf of the person. Creditors that “advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person” are specifically excluded.

While many are touting that the health care industry as a whole has been exempted from the Rule, we say—not so fast. First, the Clarification Act gives the FTC the authority by rule to expand this new definition of creditor based on a determination that a creditor offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft which could include health care providers. This would be accomplished through future rule-making subject to a comment period and the FTC has not publicly ruled this out. Further, even without an expansion of the current regulations, health care providers may still fall within the rule based on their “creditor”-type activities. For example, if a patient requests a payment plan for their outstanding charges and, in connection with the negotiation of a payment plan the hospital conducts a credit check, the hospital could fall under the definition of “creditor.”

FTC representatives have stated that particular industries will be judged on whether their business activities are in line with the new definition of creditor. Hospitals and physician offices should evaluate their activities in light of these new definitions to determine if the Red Flags Rule may still apply.

Greater Risk Management Role coming to securities Market

Regulators will force securities and futures exchanges to take a bigger role in risk management, Deutsche Boerse AG’s Reto Francioni said.

“Markets are currently entering a new landscape,” Francioni, the chief executive officer of Frankfurt-based Deutsche Boerse, said at a conference in New York today. “The major feature of this new landscape is a trend toward re- regulation.”

Policy makers in Europe and the U.S. are overhauling the $615 trillion derivatives market and examining rules that govern equity trading. In the U.S., the Dodd-Frank Act will require most off-exchange derivatives contracts to be processed and guaranteed through third-party clearinghouses and traded on exchanges or similar systems. Transactions will be reported to trade repositories, which will allow regulators a view of the overall risk in the market.

Regulations are being put in place to address “ineffective risk management practices” and the lack of transparency about prices and the amount of risk firms face with one another, Francioni said at a conference at Baruch College.

The result will be markets that are “much more complex than the one we have gotten used to in the last 10 years,” he said. Regulation will move from national agencies to a “supranational state,” he said…read more on bloomberg

National Protect Your Identity Week

National Protect Your Identity Week through October 23rd.

The Federal Trade Commission now receives 10 million reports of identity theft a year.

The theft can start with lost or stolen wallets, pilfered mail, or through documents thrown out by you or a business. A consumer may also be victimized through more high-tech crimes including a data breach, computer virus, phishing or an Internet scam.  Once the personal information is stolen, the crime can result in check fraud, credit card fraud, financial identity theft, criminal identity theft, governmental identity theft and medical identity theft.

Recognizing that awareness and education are essential tools necessary for consumers to protect themselves against identity theft, the National Foundation for Credit Counseling has teamed with the Council of Better Business Bureaus to host the third annual Protect Your Identity Week through Oct. 23.

To mark Protect Your Identity Week, educational workshops, credit report reviews and document shreddings will be available nationwide.

Consumers can visit here to find useful prevention tips, victim resources, and take a quiz to assess their own risk of becoming the next identity theft victim.

Prescription for Fraud

Magnolia Soria could hardly believe what the insurance auditor was telling her. The company had received several claims for health services supposedly provided by the Toronto-area occupational therapist, even though Ms. Soria had never met the patients, did not perform the work and had nothing to do with the invoices.

Read more: http://www.nationalpost.com/news/Prescription+fraud/3655958/story.html#ixzz12kblYHCO

Tom Blackwell, National Post

Identity Theft Nightmare- Woman Jailed After Wallet Stolen

The reality of Identity Theft and what can happen to you. Very enlightening video.

Visit msnbc.com for breaking news, world news, and news about the economy


New ID theft targets kids’ SS numbers

The latest form of identity theft doesn’t depend on stealing your Social Security number. Now thieves are targeting your kid’s number long before the little one even has a bank account.

Hundreds of online businesses are using computers to find dormant Social Security numbers — usually those assigned to children who don’t use them — then selling those numbers under another name to help people establish phony credit and run up huge debts they will never pay off.

Authorities say the scheme could pose a new threat to the nation’s credit system. Because the numbers exist in a legal gray area, federal investigators have not figured out a way to prosecute the people involved.

“If people are obtaining enough credit by fraud, we’re back to another financial collapse,” said Linda Marshall, an assistant U.S. attorney in Kansas City. “We tend to talk about it as the next wave.”

The sellers get around the law by not referring to Social Security numbers. Instead, just as someone might pay for an escort service instead of a prostitute, they refer to CPNs — for credit profile, credit protection or credit privacy numbers.

Julia Jensen, an FBI agent in Kansas City, discovered the scheme while investigating a mortgage-fraud case. She has given presentations to lenders across the Kansas City area to show them how easy it is to create a false credit score using these numbers.

“The back door is wide open,” she said. “We’re trying to get lenders to understand the risks.”

It’s not clear how widespread the fraud is, mostly because the scheme is difficult to detect and practiced by fly-by-night businesses.

But the deception is emerging as millions of Americans watch their credit scores sink to new lows. Figures from April show that 25.5 percent of consumers — nearly 43.4 million people — now have a credit score of 599 or below, marking them as poor risks for lenders. They will have trouble getting credit cards, auto loans or mortgages under the tighter lending standards banks now use.

The scheme works like this:

Online companies use computers and publicly available information to find random Social Security numbers. The numbers are run through public databases to determine whether anyone is using them to obtain credit. If not, they are offered for sale for a few hundred to several thousand dollars.

Because the numbers often come from young children who have no money of their own, they carry no spending history and offer a chance to open a new, unblemished line of credit. People who buy the numbers can then quickly build their credit rating in a process called “piggybacking,” which involves linking to someone else’s credit file.

Many of the business selling the numbers promise to raise customers’ credit scores to 700 or 800 within six months.

If they default on their payments, and the credit is withdrawn, the same people can simply buy another number and start the process again, causing a steep spiral of debt that could conceivably go on for years before creditors discover the fraud.

Jensen compared the businesses that sell the numbers to drug dealers.

“There’s good stuff and bad stuff,” she said. “Bad stuff is a dead person’s Social Security number. High-quality is buying a number the service has checked to make sure no one else is using it.”

Credit bureaus can quickly identify applications that use numbers taken from dead people by consulting the Social Security Administration’s death index.

Social Security numbers follow a logical pattern that includes a person’s age and where he or she lived when the number was issued. Because the system is somewhat predictable, sellers can make educated guesses and find unused numbers using trial and error.

A “clean” CPN is a number that has been validated as an active Social Security number and is not on file with the credit bureaus. The most likely source of such numbers are children and longtime prison inmates, experts said.

Robert Damosi, an analyst with Javelin Strategy & Research, said the crime can come back to hurt children when they get older and seek credit for the first time, only to discover their Social Security number has been used by someone else.

“Those are the numbers criminals want. They can use them several years without being detected,” Damosi said. “There are not enough services that look at protecting the Social Security numbers or credit history of minors.”

Since the mortgage meltdown of 2008, banks have tightened lending policies, but many credit decisions are still based solely on credit scores provided by FICO Inc. and the three major credit unions: Experian, TransUnion and Equifax.

Federal investigators say many businesses do not realize that a growing number of those credit scores are based on fraudulent information.

“Lenders don’t understand that when they pay money to go through a service, they may be receiving false information,” Jensen said. “They think when they order the information from credit bureaus, it must be true.”

Without special scrutiny, credit profiles created with the scheme are not immediately distinguishable from other newly created, legitimate files.

Investigators say the businesses clearly know they are selling Social Security numbers, but it’s difficult to prove. The sellers use complex disclaimers that disavow illegal activity and warn customers against using their numbers in place of Social Security numbers.

The businesses also instruct customers to provide false information when using the number to apply for credit. Customers are told to use their real name and date of birth, but to avoid listing any addresses or phone numbers they’ve used in the past. They’re also told to avoid any other information that connects the new, clean credit profile with the old, damaged one.

Craig Watts, a spokesman for credit reporting agency FICO Inc., said FICO has tools available for businesses to protect themselves from this type of fraud, but they are not cheap. And many lenders are slow to adopt FICO’s new formulas, which are updated every few years.

Some companies that sell the numbers have lavish, high-tech websites. Others run no-frills ads on sites like Craigslist.

Jim Buckmaster, president and CEO of the San Francisco-based Craigslist, recently told the AP in an e-mail that there were “fewer than 200″ classifieds on his site that used the word “CPN.”

Within an hour of that e-mail exchange, dozens of the ads in cities such as Las Vegas, Los Angeles and New York had been pulled from the site. Many were reposted the next day.

An AP reporter called several of the sites, but got only recordings asking callers to leave a message with contact information.

Experts say the fraud will be difficult to stop because it’s so easily concealed and targets such vulnerable people. Other than checking with the credit bureaus to see if there is a credit file associated with your child’s Social Security number, spokesmen at FICO, the Social Security Administration and the FTC said there are no specific tools for safeguarding the number.

“This is an invisible crime, with invisible victims who don’t have enough support out there to help them,” said Linda Foley of the ID Theft Resource Center in San Diego.

Article Source: KMOX

Copy Machines Store Your Private Info

The dangers of identity theft are well-publicized. We’ve all been warned to shred our documents, be on the lookout for fishing scams and check our credit report regularly.

But there is a new potential threat to our identity lurking in warehouses across the country. We’re talking about copy machines.

“Copy machines today are just like computers,” explained Boston security expert Robert Siciliano. “They have hard drives and can store data that can be extracted.”

Think about it. Your tax preparer, your mortgage broker, your doctor, chances are they have all made copies of documents containing your personal information. That means your social security number; your bank accounts and credit card information could all be sitting on a hard drive in an office copy machine. Most of us probably trust our accountant and our doctor but the real danger doesn’t surface until one of those professionals decides to trade in the copier for a new one. The old one ends up on the used copier market.

There are massive warehouses across the country filled with hundreds if not thousands of used copiers that are up for sale. Companies are supposed to wipe the hard drives clean, but that does not always happen.

Security expert John Juntunen demonstrated how easy it is to access that information. Like any other buyer can do, Juntunen easily connected his laptop to a copy machine. Almost instantly, he is able to download or print whatever is on the hard drive. He found a child support document and an IRA application for a woman named Marilynn Boyd. Boyd’s husband was stunned by what Juntunen found. “They have the address. They have the social security number. They have the date of birth. It’s ridiculous,” he said.

Juntunen found names and addresses on the hard drive of another used computer. Among the list of names was Caroline Kennedy along with her home and work phone number. In a statement, a spokesperson for Kennedy said she was surprised by the findings and was not aware of the potential danger.

“I think it’s an issue that’s going to have major ramifications,” explained Juntunen’s colleague Sean O’Leary. “I think it’s going to hit like a ton of bricks when it does hit,” he said.

There are privacy laws, particularly when it comes to medical records, but experts agree they are tough to enforce. The only way to protect yourself is to make sure anyone who handles your personal information is aware of the problem.

Many newer copiers now have security systems that help combat this problem, but that doesn’t alleviate the issue for thousands of used copiers that are currently for sale.

Article Source: wbztv
Joe Shortsleeve

7 Things to Stop Doing Now on Facebook

Using a Weak Password
Avoid simple names or words you can find in a dictionary, even with numbers tacked on the end. Instead, mix upper- and lower-case letters, numbers, and symbols. A password should have at least eight characters. One good technique is to insert numbers or symbols in the middle of a word, such as this variant on the word “houses”: hO27usEs!

Leaving Your Full Birth Date in Your Profile
It’s an ideal target for identity thieves, who could use it to obtain more information about you and potentially gain access to your bank or credit card account. If you’ve already entered a birth date, go to your profile page and click on the Info tab, then on Edit Information. Under the Basic Information section, choose to show only the month and day or no birthday at all.

Overlooking Useful Privacy Controls
For almost everything in your Facebook profile, you can limit access to only your friends, friends of friends, or yourself. Restrict access to photos, birth date, religious views, and family information, among other things. You can give only certain people or groups access to items such as photos, or block particular people from seeing them. Consider leaving out contact info, such as phone number and address, since you probably don’t want anyone to have access to that information anyway.

Posting Your Child’s Name in a Caption
Don’t use a child’s name in photo tags or captions. If someone else does, delete it by clicking on Remove Tag. If your child isn’t on Facebook and someone includes his or her name in a caption, ask that person to remove the name.

Mentioning That You’ll Be Away From Home
That’s like putting a “no one’s home” sign on your door. Wait until you get home to tell everyone how awesome your vacation was and be vague about the date of any trip.

Letting Search Engines Find You
To help prevent strangers from accessing your page, go to the Search section of Facebook’s privacy controls and select Only Friends for Facebook search results. Be sure the box for public search results isn’t checked.

Permitting Youngsters to Use Facebook Unsupervised
Facebook limits its members to ages 13 and over, but children younger than that do use it. If you have a young child or teenager on Facebook, the best way to provide oversight is to become one of their online friends. Use your e-mail address as the contact for their account so that you receive their notifications and monitor their activities. “What they think is nothing can actually be pretty serious,” says Charles Pavelites, a supervisory special agent at the Internet Crime Complaint Center. For example, a child who posts the comment “Mom will be home soon, I need to do the dishes” every day at the same time is revealing too much about the parents’ regular comings and goings. (See Full Story)