How the New Red Flag Rules Impact Your Business

 
According to the Better Business Bureau, the average amount lost to fraud per case has increased from $5,249 in 2003 to $6,383 in 2006. If you are a business that extends credit to customers and do not comply with the Red Flag Rules a civil penalty ca be up to $2,500 per violation to be enforced by the FTC.  The FTC will enforce the Red Flag Rules based on consumer complaints.

What you can do to comply:

• Keep customers sensitive personal information secure.
• Take stock -- what personal information do you have in your files and  computer.
• Clean out and throw away any outdated or personal information on customers that you no longer need -- buy a shredder.
• Write a plan that is easy to follow and that will help you to  respond to any security incidents.
• Require employees to log out in computer programs that have personal  customer information, after they are done accessing that information.
• Use only one computer to store personal customer information and  limit access to it.
• Keep up to date on alerts and vulnerabilities to your computer by visiting www.sans.org.
• Never give out any personal customer information over the phone or  in emails.
• Change computer passwords frequently
• Train employees, visit www.ftc.gov/infosecurity for a tutorial or www.OnGuardOnline.gov
• If you outsource any business functions, investigate vendor companies’ data security policies and practices and compare them to yours, visit their facilities if possible.
  

If you have signed credit applications, personal guarantees, or any paperwork with personal information for your customers, keep it under lock and key. This can include invoices, receipts or statements. Take stock of what personal information you have in your file cabinets, computers, laptops, flash drives, disks, emails and anywhere else your company stores sensitive data,.  Once you have a clear picture of what you are dealing with, it will be much easier to create a plan. Decide who in your business will have access to this information and who will not. Make a firm decision and enforce it.  Limit who has a key and limit the number of keys.

When you are taking stock, if you find you don’t need some of the personal information you have on some customers, get rid of it. Shred it and toss it.  This paperwork might look like a bunch of trash to you but it is a gold mine for an identity thief.