In an effort to provide some measure of protection for individuals at risk for identity theft, the US Federal Trade Commission (FTC), together with the US Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the US Federal Reserve System and other US monetary agencies have issued so called “Red Flag Rules”.

Red Flags Rule

As part of the Fair and Accurate Credit Transactions (FACT) Act of 2003, these regulations (the Red Flags Rule) require financial institutions and creditors to develop and implement internal programs designed to prevent identity theft and to mitigate its results when identity theft occurs. The programs must effectively identify, detect and respond to “red flags” – indicators of possible identity theft. Red flags include patterns, practices and specific activities that have been known to be associated with identity theft.

Red Flags programs, which must be in effect by November 1, 2009, are mandated for financial institutions, creditors, or any other entities holding a “transaction account” belonging to a consumer.

A financial institution is a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a consumer.

A transaction account (also referred to as a “covered account”) is an account used for personal, family or household purposes that involves multiple payments or transactions. These include credit card accounts, checking accounts, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, mortgage loans, automobile loans, margin accounts, cell phone and utility accounts. "Covered accounts" also include any account for which there is a foreseeable risk of identify theft, ex. small business or sole propietorship accounts.

A creditor is any entity that regularly extends, renews or continues credit; any entity or that entity's assignee that regularly arranges for the extension, renewal, or continuation of credit. Accepting credit cards for payment does not by itself make an entity a "creditor" under these rules.

"Creditors" in this case include finance companies, automobile dealers, mortgage brokers, utility and telecommunications companies, etc.

Corporations are also at Risk of Identify Theft

While the focus of the Red Flags Rule is on consumers and most of us think of identity theft as a crime effecting individuals, businesses and corporations are by no means immune. There is an increasing threat to businesses, as false and fraudulent information is used to order and receive goods for which no subsequent payment is made and no avenue for collection is available.

Experiences of some of ABC-Amega’s 3rd-party collection clients, as well as anecdotal accounts from others in the worldwide business community, point to an explosion of corporate identity theft.

True Story

Most of us who extend credit would agree that we need to be vigilant against fraud. In general, we would consider an article like this as informative, timely, and relevant to our everyday activities. After reading, we would likely consider ourselves alerted to the dangers, and continue about our business with a sense of security. After all, we are all smart, experienced, and competent. We would intuitively know when we were being scammed. We’d recognize the warning signs and take appropriate action. Right?

In an ideal world, maybe. But in today’s environment, sometimes even the most savvy of credit professionals can become victims of identity scams. In fact, we recently encountered a couple of cases involving our 3rd party collection clients that illustrate this.

One situation involved a domestic customer/debtor, the other an international client/creditor. Both involved identity fraud and had many other similarities as well. The creditors (our collection clients) were both organizations of size, scale, and sophistication. Nevertheless, both missed some "red flags" that may have warned them of fraud. These indicators were not glaringly obvious, but in hindsight, they were there to be seen, and they were overlooked.

The thief’s basic approach was the same in both cases.

The order appeared to come from a large, established company to which the seller/creditor had, in fact, tried to sell before.
The name of the person placing the order was the name of an actual employee of that company. In fact, that name was even on the legitimate website of the company in question.
Phone/fax numbers given were in the same area/country code as the actual company.
The goods were ordered to be "drop shipped" to huge multi-national companies – whose names we all would recognize and be impressed by – but, at fictitious addresses.
And, while there was a detectable "red flag" in that the e-mail address given was a Google, Yahoo or other "generic" email address, and not linked to the servers of the companies supposedly ordering, that detail got lost in the others surrounding the order that all seemed to be accurate and real.

The outcome: the vendor/creditor shipped the goods as requested, but when no payment was forthcoming and the accounts were placed for collection, it was discovered that no such order had been placed by any employee of the buyer company. Therefore, the account was uncollectable.

Conclusion

The pattern of including a lot of truth in the mix of information is a common characteristic of all fraud. And, in our experience, it is almost always an element in cases like those we’ve discussed here.

To protect your company from becoming a victim of identity fraud, you must be proactive. Set a strategy that includes approaching all credit sales with caution and a wary eye. Trust your professional experience. If something doesn’t feel right about any order or new customer, take the time to look into them very closely.

Want more information on the Red Flag Rules and what to watch for? Read Fighting Fraud with the Red Flags Rule - a How-To Guide for Business of the Federal Trade Commission. The page also includes other resources on identity theft and the Red Flags Rule.

*****

ABC-Amega has shared these actual instances of identity fraud to make our clients and other organizations around the world aware of patterns, practices and activities that may signal an illegitimate request for goods or services. And, to alert you that companies are at risk of "identify theft", along with individuals.

Dennis Lojeck joined ABC-Amega 2-1/2 years ago as part of the International Collection Team. He was subsequently promoted to assistant vice president, International Operations, and then joined the Sales/Marketing staff as director, client relations. Dennis has years of collection, management and sales/marketing experience.

Subscribe to the Credit-to-Cash Advisor
Monthly e-Newsletter -- It's Free

This information is provided by ABC-Amega Inc. -- providing 1st and 3rd party commercial collection services since 1929, and collecting in more than 200 countries worldwide. For further information, contact info@abc-amega.com.