DENVER, Colo. — Commercial printers must provide identity theft protection to their customers under Federal Trade Commission (FTC) enforcement of the “Red Flag Rules” provisions of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), advises identity theft security expert and identity recovery services provider idBUSINESS. As the nation’s consumer protection agency, the FTC is central in the Federal government effort to stem the epidemic spread of identity theft, which it estimates has an impact on nine million individuals annually. According to the FTC (www.ftc.gov) the Red Flags Rules apply to “financial institutions” and “creditors” with “covered accounts”:
A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit . . . A covered account is … an account for which there is a foreseeable risk of identity theft – for example, small business or sole proprietorship accounts.
“Commercial printers must comply with FTC ‘Red Flag Rules’ when they defer customer payments, which per the law makes them a creditor, or if they provide services to the target industries such as healthcare, financial services, insurance, and automobile financing,” said idBUSINESS president Scott Sax. “Due to the information-rich nature of their services, non-compliant printers risk becoming embroiled in someone else’s red flag nightmare.”
Under the Red Flags Rules, commercial printers must develop “a written program that identifies and detects the relevant warning signs – or ‘red flags’ – of identity theft” and “must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program.” On top of significant FTC penalties, non-compliant businesses can face state regulators, and can become the target of consumer litigation whether or not information is breached.
“The printing industry is inherently at risk of identity theft-related exposure because of the information we manage on behalf of our customers,” said Pacific Printing & Imaging Association (www.pacprinting.org) executive director Jules Van Sant.
Fortunately, Van Sant noted, Pacific Printing and Imaging has always been at the forefront of identity theft protection for its customers due to its early relationship with ID Experts ( www.idexpertscorp.com ), and continues to adapt as identity theft criminals devise new strategies. As a leading expert in data breach prevention and remediation, ID Experts works with industry and federal organizations to develop best practices and offer innovative products that address the growing problem of identity theft.
Van Sant cited a 2006 incident in which a Wisconsin business inadvertently printed envelopes with some 170,000 social security numbers due to a computer glitch in a mail merge. At the time, the reprint in and of itself created a substantial loss. Today, they may also have been held liable by the FTC or subject to class action litigation – above and beyond the state of Wisconsin.
“Proactive identity theft protection is a leadership opportunity similar to the environmental-focused FSC certification, for which early adopters reaped competitive benefits. Printers who can demonstrate a strong information security policy and communicate it effectively to their markets will have an advantage,” Van Sant said.
An effective “Red Flag Rules” compliance solution reflects real world forensic and information security experiences, meets and exceeds the 26 identity theft “Red Flags” itemized by the legislation, and delivers a more comprehensive set of identity theft triggers, according to idBUSINESS. Printers can expect to begin meeting the requirements of the law within one hour if they select a provider with that capability. Upon satisfying the requirements, the provider should enable printers to download their own custom Red Flag Rules compliance plan.
In addition to commercial printers, businesses that are now required to protect the identity of their customers include: healthcare providers; mortgage lenders; financial planners; auto dealerships; and insurance agents.
idBUSINESS is the standard information security operating system for small- to mid-sized businesses. It provides information security planning tools that identify needs, assess risks, comply with the law, and secure an organization’s data.
idBUSINESS is powered by two leading firms in information security, ID Experts, the nation’s leader in date breach prevention and remediation services, and Net Reaction, providers of forensics and information security planning products and services.
To learn more, please visit http://www.idBUSINESS.com.