Red Flag Strategies
                                                Competent, Quality Consulting and Solutions.

Recent News



For Release: 03/08/2011

FTC Releases List of Top Consumer Complaints in 2010; Identity Theft Tops the List Again

The Federal Trade Commission today released the list of top consumer complaints received by the agency in 2010. The list showed that for the 11th year in a row, identity theft was the number one consumer complaint category. Of 1,339,265 complaints received in 2010, 250,854 – or 19 percent – were related to identity theft. Debt collection complaints were in second place, with 144,159 complaints.

The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the 50 metropolitan areas reporting the highest incidence of identity theft are noted.

For the first time, “imposter scams” – where imposters posed as friends, family, respected companies or government agencies to get consumers to send them money – made the top 10. The FTC also has issued a new consumer alert, “Spotting an Imposter”, to help consumers avoid imposter scams.

The top consumer complaints were:

Rank Category Number of Complaints Percentage
1 Identity Theft 250,854 19%
2 Debt Collection 144,159 11%
3 Internet Services 65,565 5%
4 Prizes, Sweepstakes and Lotteries 64,085 5%
5 Shop-at-Home and Catalog Sales 60,205 4%
6 Imposter Scams 60,158 4%
7 Internet Auctions 56,107 4%
8 Foreign Money/Counterfeit Check Scams 43,866 3%
9 Telephone and Mobile Services 37,388 3%
10 Credit Cards 33,258 2%

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics. “Like” the FTC on Facebook and “follow” us on Twitter.




For Release:
03/04/2011

Statement by FTC Chairman Jon Leibowitz Regarding Court Ruling on Red Flags Rule

The U.S. Circuit Court of Appeals for the District of Columbia Circuit today issued its opinion and judgment in the matter of American Bar Association v. FTC. The Court held that, in light of the recent amendments to the Fair Credit Reporting Act, the ABA’s challenge to the FTC Red Flags Rule is moot. The court of appeals vacated the district court’s ruling, and remanded with instructions that the case be dismissed.

“Congress made a very good fix to a very badly written law,” FTC Chairman Jon Leibowitz said. “Not surprisingly, the DC Circuit vindicated the FTC’s position that the ABA’s case should be dismissed. The Commission will continue to carry out Congress’ directive to protect the American people from ID theft. We look forward to working with business and professional organizations to minimize compliance costs while safeguarding the public.”

Congress passed legislation resolving the uncertainty it created when it directed the federal financial institution regulatory agencies and the Federal Trade Commission to develop the Identity Theft Red Flags Rule, which requires many businesses and organizations to have a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations. The legislation clarifies which entities must comply with the Rule.

The Rule doesn’t require any specific practice or procedures. It gives businesses the flexibility to tailor their written ID theft detection program to the nature of the business and the risks it faces. Businesses with a high risk for identity theft may need more robust procedures – like using other information sources to confirm the identity of new customers or incorporating fraud detection software. Groups with a low risk for identity theft may have a more streamlined program – for example, simply having a plan for how they’ll respond if they find out there has been an incident of identity theft involving their business.

MEDIA CONTACT:
Office of Public Affairs
202-326-2180



For Release: 02/03/2011

Credit Report Resellers Settle FTC Charges; Security Failures Allowed Hackers to Access Consumers' Personal Information

As part of the Federal Trade Commission’s ongoing campaign to protect consumers’ personal information, three companies whose business is reselling consumers’ credit reports have agreed to settle FTC charges that they did not take reasonable steps to protect consumers’ personal information, failures that allowed computer hackers to access that data. The settlements require the companies to strengthen their data security procedures and submit to audits for 20 years. These are the FTC’s first cases against credit report resellers for their clients’ data security failures.

“These cases should send a strong message that companies giving their clients online access to sensitive consumer information must have reasonable procedures to secure it,” said David Vladeck, Director of the FTC’s Bureau of Consumer Protection. “Had these three companies taken adequate steps to ensure the use of basic computer security measures, they might have foiled the hackers who wound up gaining access to extensive personal information in the consumer reporting system.”

According to administrative complaints issued by the FTC, the three resellers buy credit reports from the three nationwide consumer reporting agencies (Equifax, Experian, and TransUnion) and combine them into special reports they sell to mortgage brokers and others to determine consumers’ eligibility for credit. Due to their lack of information security policies and procedures, the companies allegedly allowed clients without basic security measures, such as firewalls and updated antivirus software, to access their reports. As a result, hackers accessed more than 1,800 credit reports without authorization via the clients’ computer networks. In addition, even after becoming aware of the data breaches, the companies did not make reasonable efforts to protect against future breaches.

The resellers are SettlementOne Credit Corporation and its parent company, Sackett National Holdings Inc.; ACRAnet Inc.; Fajilan and Associates Inc., doing business as Statewide Credit Services; and Robert Fajilan. They are charged with violating the Fair Credit Reporting Act by failing to protect their internet portals and thereby furnishing credit reports to hackers who lacked a permissible purpose to have them, failing to maintain reasonable procedures to limit the furnishing of credit reports for such purposes, and furnishing credit reports when they had reasonable grounds for believing the reports would not be used for a permissible purpose. Their failure to protect consumers’ personal information also allegedly violated the FTC Act.

In addition, the resellers allegedly violated the Gramm-Leach-Bliley Safeguards Rule by failing to design and implement information safeguards to control the risks to consumer information; to regularly test or monitor the effectiveness of their controls and procedures; to evaluate and adjust their information security programs in light of known or identified risks; and to have comprehensive information security programs.

The proposed consent orders bar the respondents from violating the Safeguards Rule and require them to:

*       have comprehensive information security programs designed to protect the security, confidentiality, and integrity of consumers’ personal information, including information accessible to clients;

*       obtain independent audits of their security programs, every other year for 20 years;

*       furnish credit reports only to those with a permissible purpose; and

*       maintain reasonable procedures to limit the furnishing of credit reports to those with a permissible purpose.

The orders also contain record-keeping provisions to allow the FTC to monitor compliance.

The Commission vote to issue the three administrative complaints and to accept the consent agreement packages containing the proposed consent orders for public comment was 5-0. Commissioner Julie Brill, joined by Chairman Jon Leibowitz and Commissioners J. Thomas Rosch and Edith Ramirez, issued a statement emphasizing that “in the future we will call for imposition of civil penalties against resellers of consumer reports who do not take adequate measures to fulfill their obligations to protect information contained in consumer reports, as required by the Fair Credit Reporting Act.”

The FTC will publish a description of the consent agreement packages in the Federal Register shortly. The agreements will be subject to public comment for 30 days, beginning today and continuing through March 7, after which the Commission will decide whether to make the proposed consent orders final. Interested parties can submit written comments electronically or in paper form by following the instructions in the Invitation To Comment part of the “Supplementary Information” section. Comments in electronic form should be submitted using these Web links (https://ftcpublic.commentworks.com/ftc/settlementone,
https://ftcpublic.commentworks.com/ftc/acranet, https://ftcpublic.commentworks.com/ftc/statewide) and following the instructions on the web-based form. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113 (Annex D),
600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

Click here for information about what consumers can do if their personal information has been compromised, and here for tips for protecting personal information.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the respondent has actually violated the law. A consent agreement is for settlement purposes only and does not constitute an admission by the respondent that the law has been violated. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.

MEDIA CONTACT:

Frank Dorman
Office of Public Affairs

202-326-2674

STAFF CONTACT:

Katherine White
Bureau of Consumer Protection
202-326-2252

(FTC File Nos. 0823208, 0923088, 0923089)
(SettlementOne, ACRAnet, Statewide Credit Services)

E-mail this News Release
If you send this link to someone else, the FTC will not collect any personal information about you or the recipient.

Related Items:

In the Matter of SettlementOne Credit Corporation, a corporation, and Sackett National Holdings, Inc., a corporation
File No. 082 3208

In the Matter of ACRAnet, Inc., a corporation
File No. 092 3088

In the Matter of Fajilan and Associates, Inc., also doing business as Statewide Credit Services, a corporation, and Robert Fajilan, individually and as an officer of the corporation
File No. 092 3089

Consumer Information:

*                     What to Do If Your Personal Information Has Been Compromised

*                     Privacy: Tips for Protecting Your Personal Information

*                     Identity Theft Microsite

Business Information:

*                     Information Compromise and the Risk of Identity Theft: Guidance for Your Business

*                     Interactive Tutorial: Protecting Personal Information: A Guide for Business

*                     ftc.gov/infosecurity

*                     Financial Institutions and Customer Information: Complying with the Safeguards Rule

 



Featured News and Information

  • 2010 Mortgage Broker Annual Reports Due 03/31/2011
    All 2010 Mortgage Broker Annual Reports are due to DFI no later than March 31, 2011.
  • 2011 Mortgage Loan Originator Late License Renewals
    All Mortgage Loan Originator (MLO) licenses must be renewed annually. While all non-renewed licenses expired December 31, 2010, the license can be reinstated by completing a late renewal on
    or before Monday, February 28, 2011. Late renewal requests must be submitted through the NMLS.
  • Red Flags Rule Effective December 31, 2010
    The Federal Trade Commission (FTC) issued the Red Flags regulations under the Fair and Accurate Credit Transition Act of 2003, which requires the establishment of guidelines for financial institutions and creditors regarding identity theft. The FTC’s definition of a creditor in the Act was amended on December 8, 2010. The FTC delayed implementation of the rule multiple times to allow for Congressional clarification of this issue. If you have a question about the rule, the FTC has set up
    a toll free number at 1-877-FTC-HELP (1-877-382-4357)(tty 1-866-653-4261).
  • Short Sale Guidance
    Guidance to licensees providing services in short sale transactions from DFI and the Washington Department of Licensing.
  • New Mortgage Rules Adopted October 5, 2010 - Effective November 5, 2010
    DFI has adopted rules from the 2010 rulemaking to implement changes to the law.

All Mortgage Broker News Email Updates Subscribe To Email Updates





(Document certified by Superintendent of Documents <pkisupport@gpo.gov>) Signed by Superintendent of Documents <pkisupport@gpo.gov> Time: 2010.12.09 01:46:11 -05'00' Reason: GPO attests that this document has not been altered since it was disseminated by GPO Location: US GPO, Washington, DC 20401
S. 3987
One Hundred Eleventh Congress
of the
United States of America

AT THE SECOND SESSION

Begun and held at the City of Washington on Tuesday,
the fifth day of January, two thousand and ten

An Act

To amend the Fair Credit Reporting Act with respect to the applicability of identity
theft guidelines to creditors.

Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ‘‘Red Flag Program Clarification
Act of 2010’’.

SEC. 2. SCOPE OF CERTAIN CREDITOR REQUIREMENTS.

(a) AMENDMENT TO FCRA.—Section 615(e) of the Fair Credit
Reporting Act (15 U.S.C. 1681m(e)) is amended by adding at the
end the following:
‘‘(4) DEFINITIONS.—As used in this subsection, the term
‘creditor’—

‘‘(A) means a creditor, as defined in section 702 of
the Equal Credit Opportunity Act (15 U.S.C. 1691a), that
regularly and in the ordinary course of business—

‘‘(i) obtains or uses consumer reports, directly or
indirectly, in connection with a credit transaction;

‘‘(ii) furnishes information to consumer reporting
agencies, as described in section 623, in connection
with a credit transaction; or

‘‘(iii) advances funds to or on behalf of a person,
based on an obligation of the person to repay the
funds or repayable from specific property pledged by
or on behalf of the person;
‘‘(B) does not include a creditor described in subpara

graph (A)(iii) that advances funds on behalf of a person
for expenses incidental to a service provided by the creditor
to that person; and

‘‘(C) includes any other type of creditor, as defined
in that section 702, as the agency described in paragraph

(1) having authority over that creditor may determine
appropriate by rule promulgated by that agency, based
on a determination that such creditor offers or maintains
accounts that are subject to a reasonably foreseeable risk
of identity theft.’’.

S. 3987—2
(b) EFFECTIVE DATE.—The amendment made by this section
shall become effective on the date of enactment of this Act.
Speaker of the House of Representatives.

Vice President of the United States and
President of the Senate.




For Release:
12/08/2010

Statement by FTC Chairman Jon Leibowitz Regarding House and Senate Passage of Legislation Clarifying Red Flags Rule

Congress has passed legislation resolving the uncertainty it created when it directed the federal financial institution regulatory agencies and the Federal Trade Commission to develop the Identity Theft Red Flags Rule, which requires many businesses and organizations to have a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations. The legislation clarifies which entities must comply with the Rule.

“We’re pleased Congress clarified its lawconfirm the identity of new customers or incorporating fraud detection software. Groups with a low risk for ide, which was clearly overbroad.” FTC Chairman Jon Leibowitz said. “Now, we can go forward with less litigating and more protecting consumers from identity theft. I want to express my appreciation to Congressmen John Adler and Mike Simpson, and Senators John Thune and Mark Begich, for their excellent work in resolving the uncertainty created by Congress.”

The Rule doesn’t require any specific practice or procedures. It gives businesses the flexibility to tailor their written ID theft detection program to the nature of the business and the risks it faces. Businesses with a high risk for identity theft may need more robust procedures – like using other information sources to ntity theft may have a more streamlined program – for example, simply having a plan for how they’ll respond if they find out there has been an incident of identity theft involving their business.

MEDIA CONTACT:
Office of Public Affairs
202-326-2180

 


 
Joint Release: 04/15/2010
Board of Governors of the Federal Reserve System
Commodity Futures Trading Commission
Federal Deposit Insurance Corporation
Federal Trade Commission
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision
Securities and Exchange Commission

Federal Regulators Release Model Consumer Privacy Notice Online Form Builder

Eight federal regulators released an Online Form Builder today that financial institutions can download and use to develop and print customized versions of a model consumer privacy notice.

The Online Form Builder, based on the model form regulation published in the Federal Register on December 1, 2009, under the Gramm-Leach-Bliley Act, is available with several options.  Easy-to-follow instructions for the form builder will guide an institution to select the version of the model form that fits its practices, such as whether the institution provides an opt-out for consumers. 

To obtain a legal “safe harbor” and so satisfy the law’s disclosure requirements, institutions must follow the instructions in the model form regulation when using the Online Form Builder.

The model privacy form was developed jointly by the Board of Governors of the Federal Reserve System, Commodity Futures Trading Commission, Federal Deposit Insurance Corporation, Federal Trade Commission, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision, and Securities and Exchange Commission. 

The Online Form Builder is available at: http://www.federalreserve.gov/bankinforeg/privacy_notice_instructions.pdf. The agencies will post a link to this site on their websites.



For Release: 2/24/2010

FTC Issues Report of 2009 Top Consumer Complaints

New Video Details How to File a Complaint

The Federal Trade Commission today released a report listing top complaints consumers filed with the agency in 2009. It shows that while identity theft remains the top complaint category, identity theft complaints declined 5 percentage points from 2008.

The FTC is releasing a new animated video showing how people can file a complaint, and offers examples of what complaints the FTC handles. To watch the video, visit
http://ftc.gov/multimedia/video/scam-watch/file-a-complaint.shtm (also available in Spanish at http://ftc.gov/multimedia/video/scam-watch/file-a-complaint_es.shtm).

The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the 50 metropolitan areas reporting the highest incidence of identity theft are noted.

The top complaints were:

Rank Category No. of Complaints Percentages
1
Identity Theft 278,078 21%
2
Third Party and Creditor Debt Collection 119,549 9%
3
Internet Services 83,067 6%
4
Shop-at-Home and Catalog Sales 74,581 6%
5
Foreign Money Offers and Counterfeit Check Scams 61,736 5%
6
Internet Auction 57,821 4%
7
Credit Cards 45,203 3%
8
Prizes, Sweepstakes and Lotteries 41,763 3%
9
Advance-Fee Loans and Credit Protection/Repair 41,448 3%
10
Banks and Lenders 32,443 2%
11
Credit Bureaus, Information Furnishers and Report Users 31,629 2%
12
Television and Electronic Media 26,568 2%
13
Health Care 25,414 2%
14
Business Opportunities, Employment Agencies and Work-at-Home Plans 22,896 2%
15
Computer Equipment and Software 22,621 2%

A complete list of complaints can be found at: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2009.pdf.

The Federal Trade Commission works for the consumer to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, click http://www.ftccomplaintassistant.gov or call 1-877-382-4357. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to more than 1,700 civil and criminal law enforcement agencies in the U.S. and abroad. For free information on a variety of consumer topics, click http://www.ftc.gov/bcp/consumer.shtm


Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. 





New ‘Red Flag’ Requirements for Financial Institutions and Creditors Will Help Fight Identity Theft

Identity thieves use people’s personally identifying information to open new accounts and misuse existing accounts, creating havoc for consumers and businesses. Financial institutions and creditors soon will be required to implement a program to detect, prevent, and mitigate instances of identity theft.

The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) have issued regulations (the Red Flags Rules) requiring financial institutions and creditors to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. The programs must be in place by November 1, 2008, and must provide for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

Who must comply with the Red Flags Rules?

The Red Flags Rules apply to “financial institutions” and “creditors” with “covered accounts.”

Under the Rules, a financial institution is defined as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a consumer. Most of these institutions are regulated by the Federal bank regulatory agencies and the NCUA. Financial institutions under the FTC’s jurisdiction include state-chartered credit unions and certain other entities that hold consumer transaction accounts.

A transaction account is a deposit or other account from which the owner makes payments or transfers. Transaction accounts include checking accounts, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts.

A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not in and of itself make an entity a creditor. Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies. Where non-profit and government entities defer payment for goods or services, they, too, are to be considered creditors. Most creditors, except for those regulated by the Federal bank regulatory agencies and the NCUA, come under the jurisdiction of the FTC.

A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts. A covered account is also an account for which there is a foreseeable risk of identity theft – for example, small business or sole proprietorship accounts.

Complying with the Red Flags Rules

Under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Board of Directors or senior employees of the financial institution or creditor, include appropriate staff training, and provide for oversight of any service providers.

How flexible are the Red Flags Rules?

The Red Flags Rules provide all financial institutions and creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as the nature of their operations. Guidelines issued by the FTC, the federal banking agencies, and the NCUA (ftc.gov/opa/2007/10/redflag.shtm) should be helpful in assisting covered entities in designing their programs. A supplement to the Guidelines identifies 26 possible red flags. These red flags are not a checklist, but rather, are examples that financial institutions and creditors may want to use as a starting point. They fall into five categories:

  • alerts, notifications, or warnings from a consumer reporting agency;
  • suspicious documents;
  • suspicious personally identifying information, such as a suspicious address;
  • unusual use of – or suspicious activity relating to – a covered account; and
  • notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts.
    More detailed compliance guidance on the Red Flags Rules will be forthcoming. For questions about compliance with the Rules, you may contact RedFlags@ftc.gov.

     

    For More Information

    The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. 

    Your Opportunity to Comment

    The National Small Business Ombudsman and 10 Regional Fairness Boards collect comments from small businesses about federal compliance and enforcement activities. Each year, the Ombudsman evaluates the conduct of these activities and rates each agency's responsiveness to small businesses. Small businesses can comment to the Ombudsman without fear of reprisal. To comment, call toll-free 1-888-REGFAIR (1-888-734-3247) or go to www.sba.gov/ombudsman.

     

     

     

     

     

     

     

     

     

     

     

     

  •  

     

    Web Hosting Companies