Learn How to Protect
Yourself and Your Business
A FREE E-book by the Nations Authority on Collecting Money,
Understanding Identity Theft, learn how to protect yourself and your business
Never Dunn Publishing, LLC – Plymouth, New Hampshire
By Michelle Dunn
2008 Michelle Dunn
Never Dunn Publishing LLC
PO Box 40
Plymouth, NH 03264
All rights reserved. No part of this book may be reproduced in any form or by any
means, without written permission by the author and publisher.
This book is designed to provide accurate and authoritive information in regard to the
subject matter covered. It is distributed with the understanding that the author is not
engaged in rendering legal advice or services. If legal advice is required, please see
Printed in the United States of America.
This book is designed to provide information to help you deal with identity theft. It is
sold with the understanding that the publisher and author are not giving legal,
accounting or other professional advice or services. The content of this book is based on
my own personal research and experience. If legal or other assistance is required,
please see your attorney or accountant.
Every effort has been made to make this book as accurate as possible. However, there
may be mistakes. This book is sold as a guide with what information is current as of the
date of the original printing. January 2009.
This book is sold to provide information and guidance. Never Dunn Publishing, LLC and
Michelle Dunn shall have no liability or responsibility to any person or entity for any
damage or alleged damage caused directly or indirectly by the information contained in
Copyright 2009. Michelle Dunn
No parts of this book can be copies or reproduced without the
written permission of the author.
Table of Contents
How the new Red Flag Rules impact your business
and 11 things you need to do about it now
Are you at Risk for Identity Theft?
Learn How to Protect Yourself
How can you tell if a money order is fraudulent?
How do these people get my name?
How can I prevent Identity Theft from happening to me?
What can you do If you are a victim of Identity theft?
How the new Red Flag Rules impact your business and 11 things
you need to do about it now
The Red Flag Rules are rules that apply to financial institutions and creditors who offer
or maintain one or more covered accounts. The rules specifically mandate that these
financial institutions and creditors create and implement identity theft prevention
programs to identify, detect and respond to patterns, practices or specific activities that
could indicate identity theft. The Red Flag Rule was developed in accordance with the
Fair and Accurate Credit Transactions Act of 2003. Under the rule, financial institutions
and creditors with covered accounts, accounts that involve making payments “on
account”, must have identity theft prevention programs to identify anything that could
lead to identity theft.
If you extend credit to your customers or clients, you will have to follow these Red Flag
Rules which will be enforced by the Fair Trade Commission and will be in effect on May
1, 2009. According to the FTC, any entity that ‘regularly extends, renews or continues
credit, or any creditor that is involved in the decision to extend credit must comply with
this rule. Examples of creditors who may need to put the Red Flag Rules into place for
their businesses are:
• Finance companies
• Automotive dealers
• Mortgage brokers
• Utility companies
• Oil companies
• Telecommunications companies
Just what are the “Red Flags”? According to the FTC’s final rule, the red flags can be
but are not limited to:
• Alerts, notifications or warnings from a consumer credit reporting agency.
• Suspicious documents, such as those that may appear to be forged.
• Suspicious personal information, such as a social security number that is off, or
doesn’t exist, or is listed on the Social Security Administrations Death Master
• Receiving requests for new, additional or replacement credit cards, debit cards,
cell phones or adding authorized users after receiving a change of address form.
• Address discrepancies
• Unusual credit activity, such as increased inquiries.
• Signatures that are inconsistent with information on file.
• Information on an ID not matching any address on a credit report.
• Drastic changes in payment patterns.
• Mail being returned for an undeliverable address yet the account is being used.
• Customers reporting that they are not receiving bills or statements.
The FTC estimates that as many as 9 million Americans have their identities stolen each
year, leading to over $56.6 billion in costs. According to the Better Business Bureau, the
average amount lost to fraud per case has increased from $5,249 in 2003 to $6,383 in
2006. If you are a business that extends credit to customers and do not comply with the
Red Flag Rules a civil penalty ca be up to $2,500 per violation to be enforced by the
FTC. The FTC will enforce the Red Flag Rules based on consumer complaints.
What you can do to comply:
1. Keep customers sensitive personal information secure.
2. Take stock – what personal information do you have in your files and
3. Clean out and throw away any outdated or personal information on
customers that you no longer need – buy a shredder.
4. Write a plan that is easy to follow and that will help you to respond to any
5. Require employees to log out in computer programs that have personal
customer information, after they are done accessing that information.
6. Use only one computer to store personal customer information and limit
access to it.
7. Keep up to date on alerts and vulnerabilities to your computer by visiting
8. Never give out any personal customer information over the phone or in
9. Change computer passwords frequently
10. Train employees, visit www.ftc.gov/infosecurity for a tutorial or
11. If you outsource any business functions- investigate that company’s data
security policies and practices and compare them to yours, visit their
facilities if possible.
If you have signed credit applications, personal guarantees, or any paperwork with
personal information for your customers, keep it under lock and key. This can include
invoices, receipts or statements. Take stock of what personal information you have in
your file cabinets, computers, laptops, flash drives, disks, emails and anywhere else your
company stores sensitive data, Once you have a clear picture of what you are dealing
with, it will be much easier to create a plan. Decide who in your business will have
access to this information and who will not. Make a firm decision and enforce it. Limit
who has a key and limit the number of keys.
When you are taking stock, if you find you don’t need some of the personal information
you have on some customers, get rid of it. Shred it and toss it. This paperwork might
look like a bunch of trash to you but it is a gold mine for an identity thief!
When you are putting your plan into writing remember to list who to notify in the event
of a security incident. This might include the customer, or consumer, law enforcement,
your attorney, the credit bureaus or other business owners that might be affected by a
breach. Your plan doesn’t have to be long and complicated, it should be written
according to your company’s size and complexity. Your plan must:
• Designate one or more employees to coordinate the information security program,
or be in charge of the program.
• Identify and assess any risks to customer information and evaluate the
effectiveness of your current safeguards for controlling those risks.
• Write and implement a safeguards program, as well as monitor and test it
regularly. For example, what will you do if someone’s identity is stolen and what
do you do now to prevent identity theft?
• Screen service providers that meet your security measures and make sure they
maintain those safeguards, and oversee their handling of your customer’s personal
• Evaluate and adjust the plan as things change within your business, with the law
or as the result of security testing and monitoring.
Your plan can be a single page, or multiple pages with many chapters. Make sure you
identify any unique risks your company might have, depending on the nature of your
business. If you have employees that work from home, research and write a specific plan
for those computers, emails and employees.
Are you at Risk for Identity Theft?
Learn How to Protect Yourself
Identity Theft is America’s fastest growing type of robbery. There have been an
estimated 9.9 million victims in America and over 40% of all consumer complaints in the
U.S. involve identity theft. About half of the victims do not know how the thief obtained
their personal information. The Boston Globe and Newsweek have both covered Identity
theft telling us how important it is for us to educate ourselves on preventing and
protecting ourselves from this type of robbery. Identity theft can happen anytime,
anywhere and to anyone, individuals or businesses. Everyone must be educated and
aware so it can be avoided. Michael Blanchard, US Postal Inspector says postal money
orders and business or certified checks are one way you can be at risk. Most identity
theft involves the U.S. Mail which is why the U.S. Postal Inspection Service is a lead
agency in investigating Identity Theft. Identity Theft is a criminal offense.
Some scams are internet related, you go into a chat room and chat with people there,
someone approaches you as a friend, or about an auction. You become comfortable with
these people you are chatting with and start a “friendship”. The person who has
befriended you may tell you such things as, “I am in the Peace Corp, and I have a money
order that I can’t cash where I am”, which is Lagos or Nigeria. They may ask you if they
send you the money order, if you will cash it and send them the money. This is a scam.
The money order you receive can be fraudulent, once you cash and send the money you
are out this money once the bank realizes the money order was no good.
Another scenario might be if you sell items at online auctions. Someone may email you
about your item that is for sale. They will tell you that they want to purchase your item,
and they are in Nigeria so they will send you extra money to pay for a shipper to send the
item to them. They will send you a counterfeit money order or check and ask you to cash
eh check and wire the extra money to them so they can pay the shippers to ship your
item. They may even ask you to go to a bank to cash the money order rather than the
post office. The reason for this is that the post office has a machine that can tell if the
money order if fake and they have much more experience with money orders than banks
Many of these types of scams originate in Nigeria, London and Toronto. If you are aware
of this, you can prevent this from happening to you. Most thieves still obtain personal
information through traditional rather than electronic channels. In the cases where the
method was known, 68.2% of information was obtained off-line versus only 11.6%
If you receive a fraudulent money order and take it to a bank, rather than the post office, a
bank can take a month or more before they notify you that the money order is fake. If
this happens, you are then responsible for the funds. If you do get caught up in this
situation, take your money order to a post office rather than a bank, it is not guaranteeing
you will not be “taken” but it lowers your chances.
How can you tell if a money order is fraudulent?
Fake money orders to not have a water mark. Hold up the money order to the window or
light, can you see the portrait, on the left side? This portrait needs to be backlit by light
to be seen and cannot be mimicked. Some producers of fake money orders try to use fake
pictures as a water mark; you will be able to tell if you hold it up to the light. These
money orders are generally printed in Nigeria, they use the same offset press we use to
print real money orders, so check your money orders! You can also check for type size,
color and fonts. Another step you can take is to call or go online to the Post Office and
give them the serial number off of the money order; they can tell if it is real. If you
receive a counterfeit money order, you will want to give it to the post office or police.
Possession of a counterfeit item is a felony.
Other scams include receiving an email or letter stating you have won a lottery, or a prize
notification. Some letters or announcements will arrive with a counterfeit check and you
pay a processing fee to get the prize. These checks are counterfeit; never send money to
anyone who is asking for money from you in order to give you money, whether it is
disguised as a prize or lottery. Any prize that requires you to pay anything is no prize.
How do these people get my name?
If you have a credit card, your name is sold to third parties, if you do not want this to
happen, you must contact your credit card companies to inform them that you do not
want your information sold. Check the privacy notice that comes with your bill. If you
enter contests, your information becomes public. Also, when you buy a new product, and
fill out the warranty cards, those companies sell that information you provide to other
companies. Since when does your toaster manufacturer need to know your households’
annual income to extend a warranty on your toaster? Thieves use dumpster digging,
phishing, and pharming to obtain your information. Things they steal from your trash
• Pre-approved credit card offers – they complete them and have the card send to
them at a different address.
• Loan applications – they complete the application and have the money sent to a
• Bank statements – they then have your bank account number and can print
Becky Palmer, a Consumer Credit Counselor, knew of someone who had their wallet
stolen, and they used the credit card to buy a $5000.00 gift card at Wal mart, this then
becomes very hard to trace.
People that are more at risk are senior citizens, people with disabilities and immigrants,
but remember that everyone, including children are at risk. Senior citizens are home all
day; they might get a phone call from a fake charity asking for money. Immigrants are
desperate for credit, they may have just arrive din the US and know they need credit to do
anything and are not aware of these scams. People with disabilities are home, and may
become a victim of phone or online fraud. There have also been cases of home care
providers taking advantage of their clients. Remember, it is not always a stranger that
can steal someone’s identity. Di you know children can be victims of identity theft?
This could affect or ruin their credit before they even are able to build up credit for
themselves. There have been cases of parents using a child’s name for their electric bill
or phone bill when they have bad credit or owe the utility company money. Thieves will
obtain the social security number of these children then use that number to get credit
cards and rack up purchases.
Some of these scammers will call you and say they are form a factious charity. They will
offer to have your contribution automatically deducted from your checking account and
will ask for your routing number, bank name and account number. DO NOT GIVE OUT
THIS INFORMATION! If you pick up a call from a telemarketer, ask them the following
questions and if they are a fraud, they will hang up quickly:
• Who do you work for? They will try to give you the name of the fake charity here,
so ask them, “Who pays your salary?”
• How much of my donation (percentage) goes to this charity and what is the rest of
the money used for? If they are for real, they can easily give you this information.
• What is the charity’s full name, address, phone number and website?
Once you have the above information you can check with the state attorney generals’
office or secretary of state to see if the charity is registered. Also check the charity’s
rating thru the Better Business Bureau at www.give.org
How can I prevent Identity Theft from happening to me?
Never leave your receipt or slip in the ATM or gas pump. Pay attention to your habits,
lock up or organize and file your bills and bank statements. Shred them using a cross
shredder before throwing them away.
Some steps you can take to avoid becoming a victim of Identity Theft are:
• Get a copy of your credit report from all three credit bureaus.
• Opt out of mailing lists by contacting the credit bureaus.
• Opt out by reading eh privacy notice that comes with your credit card and
following the instructions.
• Call the National Do Not Call Registry at 1-888-382-1222 or visit
www.donotcall.gov and be sure to call from the number you want to register.
• Do not carry your Social Security Card in your wallet.
• Do not print your Social Security number on your checks.
• Do not get your Social Security number printed on your driver’s license.
• Do not carry your medicade card with you, Medicade #’s are your Social Security
• Delete any emails from Nigeria, or lottery or prize notifications, do not open
• Stop credit card offers by calling 888-5-OPT-OUT
• Remove your name from National mailing lists by visiting www.the-dma.org
• Install firewall and virus protection software on your computer.
• Password protect your computer and private personal files.
• Format your hard drive or physically destroy it when disposing of your old
• When you order new checks, get your first initial printed on them instead of your
• Use a cross shredder to shred your bills and bank statements or any junk mail.
• Bring your mail to the post office or a secure mail box rather than leaving it in a
• Use only one designated credit card for online purchases.
• Be sure all online purchases are made through a secure server – notice the “lock”
icon and how the URL address changes from http to https. The S means
• Do not carry your PIN# in your wallet.
• Do not use your date of birth as a password or PIN.
• Do not give out personal or financial information over the phone.
• Grind up or shred back up CD’s you are throwing away.
• Check your online banking account at least 3 times a week and change your
What can you do if you are already a victim of ID theft?
• Contact the fraud departments of the three major credit bureaus, to place a fraud
alert on your credit file.
• Close all accounts that have been affected and request copies of frau-dispute
forms and complete and return them immediately. KEEP COPIES!
• File a police report in each jurisdiction the theft occurred.
• Send copies of the report tot your creditors or anyone that requires proof of the
• File a complaint with the FTC at www.consumer.gov/idtheft or call 800-
IDTHEFT and the post office.
• Contact the Identity Theft Resource Center at 858-693-7935 or
• Request a new driver’s license from the state of motor vehicles and have a fraud
report attached to your driving record.
• Notify check-verification firms about any fraudulent checks: International check
• Call 1-888-CALL-FCC and file a complaint.
• Change your passwords and PIN immediately.
Be aware that 40 million crooks obtained credit card numbers this past year, “Be
Suspicious”; also be aware that most identity theft is not reported, especially when it
involves family members, so the statistics are off. These statistics show that consumers
lost $5 billion last year when in actuality it is closer to $50 billion. There have been an
estimated 9.9 million victims in America.
For more information on the rules or to educate yourself or your staff contact Michael
Barnett at Barnett Training, www.BarnettTraining.com or visit the FTC website at
U.S. Postal Inspection Service
Federal Trade Commission
877-IDTHEFT or TTY – 202-326-2502
U.S. Secret Service
Department of Justice
Federal Deposit Insurance Corporation
Training www.ftc.gov/infosecurity or www.OnGuardOnline.gov
About Michelle Dunn
Michelle Dunn helps companies that want to have customers that pay
on time or early, she works with companies that are struggling with
customers that pay late or don’t pay.
Michelle has over 21 years experience in credit & debt collection, is the
author many books and possesses a depth of knowledge and a whole tool
kit of products and services that can make a big difference for your