Savvy Consumer: New ID-theft protections coming Nov. 1

Soon it’s going to be harder for identity thieves to cash a check, open a cellphone or utility account, or take out a credit card in your name.

By Nov. 1, companies that have consumer accounts containing personal information must have written "Identity Theft Prevention Programs" that flag ID theft, according to the Federal Trade Commission.

The programs must also outline how the companies will respond to "patterns, practices or specific activities that could indicate identity theft," the FTC says.

Congress wrote the red-flag rules into the Fair and Accurate Credit Transaction Act of 2003. Banking regulators and the FTC participated in creating the rules and will be responsible for oversight.

Violators of the new rules can be subject to civil penalties of up to $2,500 per violation, said Frank Dorman, an FTC spokesman.

Businesses required to have these programs range from financial institutions and cellphone companies to automobile dealerships and city utilities, said Tom Harkins, chief strategy officer for Secure Identity Systems in Brentwood, Tenn., and former vice president of risk and security for MasterCard.

"If you’re going to have customer data, you will be held accountable to certain minimum standards to protect people," Harkins said.

One new requirement: Security measures that verify the identities of customers when they enter the system — in person, online or by telephone — to manage their accounts or open new ones, Harkins said.

"If they suspect ID fraud, they will be asking one or two 'out-of-wallet’ questions," he said, referring to personal questions with answers that probably won’t be in your wallet, such as where you grew up or where you went to college.

Identity thieves typically turn and run when faced with such questions, Harkins said.

Consumer advocates are optimistic about the new rules.

"I think it’s really going to help with things like check fraud," said Paula Pierce, managing attorney for the Victims Initiative for Counseling, Advocacy and Restoration of the Southwest, a project by the Austin-based Texas Legal Services Center to provide free legal aid to identity-theft victims in Texas, New Mexico, Colorado and Oklahoma.

"If it works the way it’s supposed to, the people on the front line — the bank teller or someone in charge of a car loan application — are going to be better trained to look for signals that the transaction will be genuine," she said.

ID theft continues to be the fastest-growing crime in the United States, with more than 8.5 million victims annually and costing more than $57 billion in losses and recovery expenses, Harkins says.

Cellphone and utility accounts opened by identity thieves are a "huge problem" that the red-flag rules should help address, Pierce said.

Attorneys at the Victims Initiative help ID-theft victims navigate the system to straighten out their accounts, including helping them compile evidence, work with police, and talk to financial institutions and credit-card companies, Pierce said.

"Texas law enforcement is overwhelmed with ID-theft victims," she said.

Although the red-flag rule is required to be in place in less than six weeks, many banks aren’t aware of the new rules, said Lawrence Wilson, founder and director of the Identity Theft Victims Support Group of North Texas.

"I’ve been to several banks in the Metroplex, and none of the bank employees know anything about the red-flag requirements," he said. "In a lot of these places, the word has not filtered down to the branches."

Indeed, a survey of financial institutions by BankInfoSecurity.com in June showed that half of U.S. banks will beat the Nov. 1 deadline, and 41 percent said they will "barely" make the deadline.

Jay Foley, executive director of the ID Theft Center in San Diego, also contends that many businesses won’t be ready.

He predicts that consumer attorneys will be filing lawsuits against those companies that are unprepared.

"They’re going to be watching, and if a policy is not in place, they will be filing a lawsuit," he said. "My recommendation to businesses is to get compliant now, or it could cost you a lot more."