Detection of Red Flags specific to your business.Your Alternatives. This means identity theft victims may be entitled to recover damages as a result of a non-compliant violation at your business - with class action surely to follow. In other words, if your business conducts 1,000 non-compliant transactions over the course of a year, the FTC could fine you $3. If you invest in making sure your operation is Red Flags Rule compliant, and can prove it, you invoke the most effective legal defense available should you unwittingly sell a product or service to an identity thief.You've worked for years trying to make your retail business a success, but the letter you just opened from an attorney threatens to wipe out everything you've worked for. As discussed in the previous section, simply verifying identity information is only a small piece of the compliance puzzle and still leaves your business exposed to civil and federal liability. Good luck trying to figure it all out.Your Policy must also include a number of other required procedures such as compliant handling of Notice of Address Discrepancies, fraud alerts, rules for credit card issuers, plus many more. A few of the questions might be:• "What was your previous area code?"• "Here are four addresses.• Health Care Providers - hospitals, physicians, medical clinics, chiropractors, and assisted living facilities.2.• Response to detected Red Flags. Your business must have in place procedures to both verify the identifying information presented by an individual opening an account, and also to authenticate the actual identity of the individual presenting the identifying information at your place of business.S.5 million.

If you are so designated by the federal government to scan that list and don't comply by reporting "hits" to Homeland Security, you could end up in federal prison with a new bunkmate named "Bubba"… plus Automotive Accessories Mould Manufacturers a fine in the millions! In fact, the feds have already dropped an $80 million fine on a bank for non-compliance with this law.• Educational Institutions - universities, colleges, technology institutes, junior colleges, community colleges, and vocational colleges.• Financial Institutions - banks, credit unions, savings association, mortgage lenders/brokers, and finance companies.But it doesn't stop there. The attorney represents a victim of identity theft and is claiming you have violated something called The Red Flags Rule by selling a "covered" product to an individual who had stolen his client's identity. Your Policy must include these four elements in addition to several other directives in procedures:• Identification of Red Flags specific to your type of operation.However, amid all of this compliance misery, there are a few compliance providers available that offer full compliance services at an affordable price, and this may be your best bet.Some designated businesses even choose to retain attorneys charging $5,000 - $20,000 to research and develop their compliance Policy and Training solutions. All of this is code for, "Lawyers just love this law!" Although the monetary losses can be measured, what is not known is the damage to your reputation since you may also be required to contact every one of your credit customers to alert them of a possible identity breach at your place of business (FTC Safeguards Rule). Instead, you must search national, state, and federal data bases to verify such items as the Social Security Number issue date, does the individual's DOB match the SSN date, the name of the person assigned to the SSN, is SSN assigned to a dead person… well, you get the picture. Your Policy, and Training for that matter, must be relative and appropriate to the compliance requirements specific to your type of industry, i.Here's the catch.The original mandatory compliance date was November 1, 2008, but after investigating the compliance progress of businesses affected by the law, the FTC realized millions of designated businesses were unaware of their required compliance. To verify the identifying information presented to you by an individual opening a new covered account, you cannot use information contained on a credit report or even information generally available from a wallet.

You should also be aware of compliance providers who wish to sell you a written Red Flags Rule Policy Template and passing it off as "one-size-fits-all".First, the Rules have nothing to do with whether or not your operation uses credit reports, and even if your only offering of credit is to send a customer's credit report to a third party lender, you must comply.Regardless of how you become compliant, you cannot afford to ignore this law since you have no way of knowing if you are selling a product to an identity thief.• Utility Companies - cities, municipalities, power, heating oil, water, telephone, and cellular companies. Now's the time to make your operation Red Flags Rule compliant and get it behind you. Compliance requirements courtesy of your federal government. Without quoting the entire definition from the Final Rules,here's the simple version: If any product or service you sell is not paid in full at the time of purchase, you must comply by November 1, 2009.. Again, just one non-compliant transaction to the wrong person has the potential to wipe out your business. The words "civil" and "class action" leap from the letter, in addition to "possible fines from the Federal Trade Commission". They are well aware that such due diligence on your part creates what is termed, "safe harbor" status, meaning probable immunity from prosecution for non-compliance.3. These questions should be framed in such a manner that only the individual in question can answer, and in a timely manner. And by the way, "formal Red Flags Rule Training" does not mean just letting your employees read a copy of your Policy. However, the government does give you a "get-out-of-jail-free" card. In an unprecedented display of mercy, they begrudgingly pushed the mandatory compliance date forward, first to May 1, 2009, and now to November 1, 2009.First, beware of companies, usually credit reporting services, leading you to believe you will be compliant by just subscribing to their Identity Scan service. But more importantly, be able to prove it in case of an inadvertent violation. Your employees should be trained at least yearly, and of course, newly hired staff must be trained immediately. You must develop and implement a formal, written Red Flags Rule Policy specifically for your type of business.And while we're at it, let's go ahead and throw in another law many designated businesses ignore, or have no knowledge of their required compliance - the Federal Treasury's OFAC (U.What Is A "Red Flag"?A "red flag" is a pattern, practice, or specific activity as spelled out within the Rule which indicates the possible existence of identity theft.Please Note: If your business accepts credit cards as its only credit method, you need not comply., retail, utility, financial, transportation, medical, etc. Think of compliance performance in terms of a vampire confronted by a cross, because that's the way attorneys react when confronted with proof of compliance performance.So, if you are now having trouble breathing and find yourself being pulled toward a bright, celestial light, that's good; that means you get it before it's too late.After all, your business only arranged the financing for the alleged identity thief through an outside lender, so surely a victim of identity theft can't really sue the owner of a retail business - or can they?As identity theft continues to spiral upward unchecked, the federal government's Red Flag Rules were framed for designated businesses and institutions to be at the forefront to protect United States citizens.

That source is always available, but what about the identity verification searches? Very few attorneys have the answer for that requirement except to instruct you to perform the searches required for compliance, and yes, figure a minimum of another 30 minutes added to the time of your sale if you search all the sources yourself.The Rule also includes provisions for civil liability. Provide formal Red Flags Rule Training for all relevant employees. Patriot Act) list of suspected terrorists, drug dealers and money launderers.e.Who Has To Comply With The Red Flag Rules… And Why.What Do I Have To Do To Become Red Flags Rule Compliant?If you possess a lot of time, patience, and a strong will to live, then Google, "Final Red Flags Rule", where you will find all of your compliance requirements sprinkled about its 59 pages of federal law. This in itself should signal how serious the FTC takes this law as they have issued "fair warning" of their intent to roll out thousands of agents for what they term "rolling enforcement" to ensure compliance. But believe it or not, the FTC may be the least of your worries.So there you have it.Fines for non-compliance range from $3,500-$11,000 per occurrence and may be retroactive. After November 1, identity theft victims will indeed have the right to pursue civil actions against a non-compliant business or institution.After muddling through the required data searches to verify the identifying information presented by an individual, how can you possibly know that the individual presenting the information is actually who they represent themselves to be? That's right, now you need to deploy a process to authenticate the actual identity of that individual physically inside your place of business.For those of us existing in the real world, here's what you have to do:1. Which one is an address previously associated with you?"• "What county issued your Social Security Number?"The Red Flags Rule establishes no standard for pass/fail, but your operation must not open a covered account for an individual until you have established a "reasonable belief" that individuals are indeed who they represent themselves to be.• Provisions for updating your Red Flags Rule Policy.The Required ID Verification And Authentication Process.The litmus test applied by the federal government for designated compliance revolves around the Rule's own definition of a "creditor". Let's get back to your required Red Flags ID verification and authenticating process. But I digress. Without this important identity authentication, you may doing nothing more than verifying stolen information presented to you by an identity thief that is actually standing in front of you!According to the Red Flag Rules, you should create several "Challenge Questions" formulated from all of the data searches you performed to verify the identity information. Some may require you to purchase additional hardware or software, but there are a couple that are totally web-based and provide turn-key compliance solutions.• Transportation Dealers - new and used vehicle, motorcycle, watercraft, RV, and ATV dealers.So the message here is to get your operation compliant, and quickly; that celestial light you feel drawing you nearer is actually the fast approaching deadline of November 1. Consequently, the date of November 1, 2009, will change retail business as we know it since that is the mandatory compliance date for the estimated 11 million businesses and institutions which must comply with the FTC's Red Flags Rule. In other words, plan on your Policy to be anywhere from 6-8 typewritten pages.This broad and encompassing definition designates many businesses traditionally not regarded as a "creditor" such as:• Retail Businesses - furniture, appliance, jewelry, electronics, cell phone, department, and "big box" stores.Red Flags Rule Disaster Scenario. Searching those same data bases, you must also verify their address, the name assigned to the address, all previous addresses associated with the individual, DOB, telephone number, the address the telephone number is assigned to, and so on