NEW HARTFORD — Federal “red flag” regulations that help provide protection from identity theft have been in effect since 2007.But a recent uptick in enforcement to make sure businesses are complying means that firms need to make sure that if they need to comply, they are doing so, says one local compliance expert. Any businesses […]
Get Instant Access to This Article
Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.
- Critical Central New York business news and analysis updated daily.
- Immediate access to all subscriber-only content on our website.
- Get a year's worth of the Print Edition of The Central New York Business Journal.
- Special Feature Publications such as the Book of Lists and Revitalize Greater Binghamton, Mohawk Valley, and Syracuse Magazines
Click here to purchase a paywall bypass link for this article.
NEW HARTFORD — Federal “red flag” regulations that help provide protection from identity theft have been in effect since 2007.But a recent uptick in enforcement to make sure businesses are complying means that firms need to make sure that if they need to comply, they are doing so, says one local compliance expert.
Any businesses that collect the type of personal information divulged when someone is applying for credit — think auto dealers and furniture stores, for example — need to have a system of safeguards in place. They have to protect that information, even if they are just collecting the applications and passing those along to a financial institution, says Michelle Tuttle, owner of Smart Business Solutions, a marketing and consulting firm based in New Hartford.
“Any business that is taking information from you has to have checks and balances in place,” she says.
The problem, she adds, is that not every business is aware that it needs to comply with the Red Flags Rule (http://www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm).
Along with the Red Flags Rule, businesses also need to comply with Office of Foreign Assets Control to make sure they aren’t doing business with anyone on the agency’s terrorist list.
Businesses that should comply but fail to do so face fines ranging from $250 all the way up to $10 million, Tuttle says.
Non-compliance is no joke, especially since the federal government this year is stepping up its effort to weed out non-complying businesses.
You can’t just ignore it,” she says. “The government is starting to crack down.”
Fortunately, there are several things businesses can do to find out if they need to comply and take steps to ensure their compliance, Tuttle says.
Businesses can visit the U.S. Treasury’s website and the Federal Trade Commission’s site for a plethora of information about the Red Flag Rules and the Office of Foreign Assets Control lists.
Of course, a business such as Tuttle’s can also help a company navigate the process. She offers packages, which include helping a business set up checks and balances to ensure compliance, starting at $500. Many businesses, particularly in smaller areas like the Mohawk Valley, believe identity thieves will never target them, Tuttle says. That attitude, unfortunately, is exactly why identity thieves love to target small businesses in non-urban areas. They know those firms are less likely to have safeguards in place to protect the information the thieves are after, Tuttle says.
“I think it’s a false sense of security,” she adds.
On top of working to prevent identity theft, businesses that deal with credit applications also need to be aware of the risk-based pricing rule, which went into effect Jan. 1, 2011. The rule states that companies that use a credit report or score in connection with a credit decision must send notice to a customer when the company uses that information to grant credit with not the most favorable terms offered other customers. In other words, if they offer a higher interest rate based on a credit score, businesses have to let the customer know that, Tuttle says.
More information about risk-based pricing is available online at http://www.experian.com/consumer-information/risk-based-pricing-rule.html.
Tuttle, who worked for Bank of New York and AmeriCU Federal Credit Union before starting her own business, offers an array of business services at Smart Business Solutions (www.smartbusinesssolutions.com). Along with providing compliance assistance, she also offers marketing, website design, budgeting, needs assessment, and strategic-planning services.
Tuttle, who has one employee — a certified fraud examiner — started her business in 2008 and operates it at 19 Augusta Drive, New Hartford. She declined to share revenue figures.