Federal regulators delayed until August new rules meant to raise a red flag on attempts at identity theft, even as Connecticut legislators considered strengthening the state”™s own laws.
Enacted in 2003 as part of the Fair and Accurate Credit Transactions Act, the red flag rules require financial companies and others that extend credit to be vigilant for signs of identity theft. The Federal Trade Commission has delayed enforcing the new regulations until Aug. 1 in order to give affected businesses additional time to craft procedures to ward off identity theft.
Three weeks ago, the FTC published an online how-to guide for business compliance at ftc.gov/redflagsrule, which includes a checklist to help businesses identify relevant red flags that might apply to them, how to detect identity theft, how to respond and how to administer and update a compliance program.
The red-flag rules were written initially to apply to banks and other financial companies.
FTC has since broadened that interpretation to cover any “creditor” that bills for products or services delivered ”“ including automobile dealers, mortgage brokers, utilities, and nonprofits, among others.
The American Hospital Association is warning its members that they likely fall under the parameters of the red flag rules, and the Connecticut Community Providers Association last week held a seminar on the topic for its members.
Universities also believe they will be affected; in April, trustees at the University of Connecticut approved a program for UConn to comply with the pending rules.
The FTC adds that accepting credit cards as a form of payment does not in and of itself make an entity a creditor under the definition of the term. Still, the new rules shift more of the responsibility for preventing identity theft onto the shoulders of businesses ”“ and if effective could encourage federal regulators to broaden the spectrum of industries that must comply.
“While this may not be a bad thing to help deal with the growing problems caused by identity theft, we suspect that many businesses will be surprised to find that they must comply,” said attorneys with Shipman & Goodwin, in a memo on the topic.
The FTC lists more than two-dozen red flags under the rules, including:
Ӣ an alert from a credit agency;
Ӣ a purchaser presenting a suspicious document, such as one that has been altered;
Ӣ inconsistent information that identifies a buyer, such as differing addresses; or
Ӣ suspicious account activity, such as missing an initial payment due.
Authorities received some 3,000 complaints from Connecticut residents concerning identity theft last year, up from 2,400 complaints in 2007.
Credit card fraud remains the most common complaint, with more than 600 such cases last year; there were about half that number of complaints related to employment fraud involving one”™s identity.
On a per capita basis, Connecticut ranks 17th nationally in prevalence of identity theft according to the FTC, with Arizona having the highest incidence of the crime. New York ranked sixth nationally and tops in the Northeast.
A patchwork of regulations already exists to limit the threat of identity theft. The federal government enacted the Identity Theft and Assumption Deterrence Act in 1998; and in 1999, the Connecticut General Assembly added identity theft its penal code as a distinct crime.
In 2005, the state passed laws to let resident place freezes on their credit report to prevent someone from opening accounts under their name.
That same year, Gov. M. Jodi Rell created an identity-theft advisory board, but is disbanding the board as part of a massive consolidation of state government aimed at reducing budget deficits over the next few years.
Connecticut legislators hope to strengthen the 1999 law by plugging holes authorities say limit their ability to deal with the crime.
“I think it”™s important that we do this, because the federal resources are increasingly limited,” said John Danaher, commissioner of the Connecticut Department of Public Safety, in testifying on the bill earlier this year. “Federal authorities look for a significant dollar loss before they have the opportunity to devote resources to these cases. I know that the law enforcement community would love to do a better job with this. We don’t really have the tools to do that that this statute would give us.”
