Free HR Report:

Top 10 Best Practices in HR Management, 2012

For a Limited Time receive a FREE HR Report on "Top 10 Best Practices in HR Management, 2012" when you become a FREE HR Daily Advisor Member. All Members receive:

One short, easy-to-read tip every day that eases compliance or saves you time, money and work. Some of the best ideas in HR!
Covers EEOC, FMLA, FLSA, ADA and other compliance needs!
Absolutely FREE! No obligation to buy anything.

Download Your FREE Report Now!

ID Theft—Keeping Your Workers’ and Customers’ Trust

Monday, August 31, 2009 3:00 AM
by Steve Bruce

Category: HR Policies & Procedures

As many as 9 million Americans have their identities stolen each year. Are some of those thefts going to happen because your company was lax at identifying red flags? The “Red Flags Rule,” which recently went into effect, requires many businesses and organizations to implement a written Identity Theft Prevention Program.

Although the Federal Trade Commission's (FTC) Red Flags Rule doesn't require a program from noncovered entities, it's a good idea for any organization to evaluate identity theft risk and take measures to prevent it.

What Is the Red Flags Rule?

The Red Flags Rule requires covered entities (see below) to develop programs that include four basic elements:

Reasonable policies and procedures to identify the “red flags” of identity theft you may run across in the day-to-day operation of your business. (Red flags are suspicious patterns or practices, or specific activities, that indicate the possibility of identity theft.)
Methods to detect the red flags you’ve identified.
Appropriate actions when you detect red flags.
System for re-evaluating your program periodically to reflect new risks, as identity theft is an ever-changing threat.

Who Must Comply with the Red Flags Rule?

The Red Flags Rule applies directly to “financial institutions” and to “creditors.” The Rule requires those entities to conduct a periodic risk assessment to determine if they have “covered accounts.” If they do, they must implement a written program.

“Covered accounts" are typically consumer accounts you offer your customers that are primarily for personal, family, or household purposes that involve or are designed to permit multiple payments or transactions. Examples are credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts.

What’s really scary about identity theft? The #1 source of ID theft isn’t stolen wallets or hacked department store computers—it’s the workplace. Join us September 9 for an important BLR webinar, ID Theft in the Workplace: How to Protect Your Employees’ Information and Reduce Your Legal Risks.

Simply accepting credit cards as a form of payment does not make you a “creditor” under the Red Flags Rule.

Don’t Have Any Covered Accounts?

If you don't have covered accounts, you don’t need to have a written program. But you must still conduct a periodic risk assessment to determine if you’ve acquired any covered accounts through changes to your business structure, processes, or organization.

How to Comply

If you’re a creditor or financial institution with covered accounts, you must develop and implement a written Identity Theft Prevention Program. The program must be designed to prevent, detect, and mitigate identity theft in connection with the opening of new accounts and the operation of existing ones.

Your program must be appropriate to the size and complexity of your business or organization and the nature and scope of its activities.

FTC recommends a four-step process for developing a program.

Step One—Identify relevant red flags.
Step Two—Detect red flags.
Step Three—Prevent and mitigate identity theft.
Step Four—Update your program.

Let's look at these steps in a little more detail.

Step One—Identify Relevant Red Flags

“Red flags” are potential patterns, practices, or specific activities indicating the possibility of identity theft. FTC identifies five categories of common red flags:

1. Alerts, Notifications, and Warnings from a Credit Reporting Company

Some examples of alerts and notifications you might receive:

Fraud or active duty alert on a credit report
Notice of credit freeze in response to a request for a credit report
Credit report indicating a pattern of activity inconsistent with the person’s history
Unusual number of recently established credit relationships

2. Suspicious Documents

Sometimes, paperwork has the telltale signs of identity theft. Here are examples of red flags involving documents:

Identification that looks altered or forged.
The person presenting the identification doesn’t look like the photo or match the physical description.
Information on the identification that differs from what the person presenting the identification is telling you or doesn’t match other information, like a signature card or recent check.

Hmmm, should have seen that coming--that is, going, as in private identity information. Join us September 9 for an important webinar on preventing identity theft in the workplace.

3. Suspicious Personal Identifying Information

Here are some red flags involving identifying information:

Inconsistencies with what else you know—for example, an address that doesn’t match the credit report, the use of a Social Security number that’s listed on the Social Security Administration Death Master File
Address or telephone number that’s been used by many other people opening accounts
Person who can’t provide authenticating information—for example, a person who can’t answer a challenge question

In tomorrow's Advisor, we'll find some more red flags, and announce a new BLR webinar that's designed to answer all your specific questions about identity theft and the workplace.

Other Recent Articles on HR Policies and Procedures
Welch: 'Work/Life Balance Is a Terrible Term'
Jack Welch: 'HR, Get Out of the Picnic Business'
Write Fed-Friendly Job Descriptions
When Legal Behavior Boosts Employers' Costs

Comments

# re: ID Theft—Keeping Your Workers’ and Customers’ Trust

Monday, August 31, 2009 11:53 AM by Allison Dolan

While the description of a creditor is accurate, it may not go far enough to give readers a sense of how broadly the term can apply, such as small businesses and personal services. For example, an tax accountant that allows a customer to pay over time, or a doctor or lawyer who allows an individual to make multiple payments after the services are received may be a 'creditor'. The good news is that in those cases the written program need not be very complex or detailed - and probably would include the common sense clues that you may be dealing with someone using another's identity.

Share Your Comments on This Tip

Name (required)
Your URL (optional)
Comments (required)
Remember Me?

HR Daily Advisor Best Sellers

Here's what your colleagues are snapping up to make their jobs more efficient and easier. All are protected by BLR's "Guarantee of Satisfaction" and most can be tried at no cost in your own office for up to 30 days. Just choose and use!

HR.BLR.com - Providing Answers and Advice to your HR Problems 24/7
HR.BLR.com is BLR's all-inclusive HR web service providing Plain-English analysis on every key HR topic - available for all 50 states. See what everyone in HR is talking about! Check out this remarkable everything-you-need-for-HR solution at no cost or risk. Learn more
Employee Training Center
Creating a comprehensive training program in-house from the ground up is an expensive, time-consuming endeavor. Keeping it up to date to reflect the constantly changing regulations can be just as daunting. To help you cope with this dilemma, BLR has created the Employee Training Center. Learn more
Managing an HR Department of One
You need special help, and we've got it! All the compliance info, prewritten forms, and guidance you need, especially designed for a department as small as one. That's why we call our program Managing an HR Department of One. Try it free for 30 days! Read more
HR Audit Checklists
Pilots depend on checklists. So should you! Detailed, reproducible lists on EEO, job descriptions, recordkeeping, hiring, benefits, requirements of all key HR laws, to run-through before you or your managers take a major step. Don't let one slip-up damage your career. Read more
SmartPolicies on CD-ROM
Create the most-needed HR policies at about $1 each. Prewritten, legally reviewed, ready-to-use on a CD-ROM. Boot up, include your specifics, print. You're done! Policies for attendance, harassment, compensation, discipline, and many more. Read more

Create customized HR policies in minutes … for about a dollar a policy!

Find Out More

“EZ does it” with 75 Must-Have HR Policies on CD-ROM

How long would it take you to create 75 of the most critical HR policies … on subjects like absenteeism, hiring, overtime, or security? On your own … probably months. But with BLR’s 75 Must-Have HR Policies on CD-ROM, more likely minutes. And for a cost of about a dollar a policy!

Look at the features of this remarkable pre-written policy program:

75 essential HR policies!
Include compensation, benefits, discipline, security and more!
Customizable right on your own computer!
Comply with all major workplace laws!
Tested and reviewed by BLR legal experts!

Bonus: FREE Special Report with your order: How to Write Effective and Legal Policies, a $19.95 value.

Order today for just $79.95 … Satisfaction guaranteed!

Order Now!