photo credit: il Quoquo
Despite the fact that Blondie (our golden retriever/ husky mix) gets credit card applications in the mail, identity theft is really not something that keeps her awake.
For that matter, little does.
When we go to Wells Fargo together, they never ask for her ID.
Maybe the sad Golden Retriever eyes are what the ladies at the drive-up can’t resist. All I know for sure is that on the way home, the old girl (Blondie, that is) filets out in the backseat in Milk Bone heaven.
For us bipeds, life is a bit more demanding. We’re asked for IDs frequently, yet sometimes we aren’t asked even though we’re supposed to be.
Why, whatever do you mean?
The last time I read an American Express merchant agreement, it said something about verifying the cardholder’s identity by checking their driver’s license or similar government-issued ID.
For whatever reason, I can count on one hand the number of times that happened since 1983.
I kind of understand the thought process here. Businesses likely see that as an opportunity to offend their clientele and customers might be annoyed. Still, that’s simple enough to defuse by saying something like “I apologize Ma’am, we just want to be sure that someone else isn’t using your card”. But it doesn’t happen.
Meanwhile, identify theft increases and as you would expect, lawmakers in Washington, in the state house and eventually, in the financial industry respond with ways to combat the problem.
For example, the credit card industry has PA-DSS (and a few things they worked up prior to that).
That’s a FACTA
For everything else, there’s Mastercard. Er, I mean FACTA – the Fair and Accurate Credit Transactions Act of 2003.
You may hear it referred to as “The FTC Red Flags Rule” or just “Red Flags”.
For banks, it’s old news. They’ve been dealing with it since 2003.
Just yesterday, one of my banks called and asked me to drop in sometime so they could scan my new driver’s license (it was new last October). The scan they have shows an expired date. Apparently regs require that the ID they have on file is current. At least they are paying attention (good news).
My presumption is that a scan of your ID allows the bank to compare the scan vs. the one that tall, good-looking guy gave to the teller before attempting to empty your savings account. I don’t know if they actually do that or not.
Are you a financial institution?
You’re probably wondering how all of this impacts the small business owner. For starters, it might just make you into a financial institution.
FACTA applies to any business that provides goods and services to consumers and bills them later (mostly).
Implementation for small businesses keeps getting delayed, for what are probably obvious reasons, but they say they’re serious that the November 1, 2009 deadline is the real deal.
Definitions are funny things. Like standards, they are subject to interpretation. I don’t look upon myself as a financial institution or a creditor, but someone else just might and the same goes for you.
Here’s a quote from the FTC.gov Red Flag Rule page:
The Rule applies to ‘financial institutions’ and ‘creditors.’ It’s important to look closely at how the Rule defines those terms because (emphasis mine) they apply to groups that might not typically use those words to describe themselves.
Under the Rule, the definition of ‘creditor’ is broad, and includes businesses or organizations that regularly provide goods or services first and allow customers to pay later.
Examples of groups that may fall within this definition are utilities, health care providers, lawyers, accountants, and other professionals, and telecommunications companies.
The definition also covers businesses or organizations that regularly grant loans, arrange for loans or the extension of credit, or make credit decisions.
Examples include finance companies, mortgage brokers, and automobile dealers or retailers that offer financing or collect or process credit applications for third party lenders. In addition, the definition includes anyone who regularly participates in the decision to extend, renew, or continue credit, including setting the terms of credit.
Because of this, I cant suggest strongly enough that you read the FTC Red Flag Rule documents (link at end of post).
Here’s another one from the Red Flags FAQ – it’s the one that gets me:
The Red Flags Rule applies to businesses that regularly defer payment until after services have been performed.
I don’t defer all of it, and I don’t do it for all clients, but it doesn’t matter because I do it in some cases for some amounts.
I wonder how many businesses that accounts for?
No Quarter for Cities & Community Orgs
Community benefit organizations (also known by the misnomer of “non-profits”) are also subject the Red Flags Rule if their business processes and billing situations fit the profile.
Even the city where you live is considered a creditor by this Red Flags Rule if they (for example) bill you after the fact for the amount of water and sewer your house or business used last month.
If they charged a flat fee for water/sewer, even if it is after you’ve used it, the city wouldn’t be a FACTA creditor. Ahhhh, those little details.
Credit cards and retainers
Thankfully, it doesn’t appear to apply to businesses who take a credit card number and charge it monthly until your balance is paid off (PA-DSS deals with that – we need to talk about that little gem as well).
Likewise, FACTA doesn’t impact businesses who collect a retainer and then credit future services against that retainer. You knew they’d exempt attorneys *somehow*, right?
While this all of this isn’t the end of the world, it will require some process refinement and it might even change how you bill your clients.
You can learn more at http://www.ftc.gov/redflagsrule