DENVER, Colo. — Businesses need to be aware of the extent to which identity misrepresentation and identity theft can affect their operations and profitability, as well as their customers or clients, according to Bryan Thornton, director of information security planning for Denver-based idBUSINESS ( Thornton is available to speak with news media and other business information aggregators regarding the FTC extension and the risks faced by businesses in coping with rampant identity theft schemes.

idBUSINESS Denver“Since the FTC has delayed the deadline for Red Flag Rules compliance until August 1, 2009, it will be tempting for businesses and organizations to put them on the back burner until another deadline looms,” says Thornton. “Unfortunately, identity theft is not abating even if the enforcement of a regulation is postponed.”

Businesses that insist on treating Red Flag Rules requirements as merely an issue of FTC compliance are misunderstanding the far greater risk of identity compromise and identity misrepresentation to their operation, he explains.

According to an April 30 announcement (,

“The Federal Trade Commission will delay enforcement of the new ‘Red Flags Rule’ until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. For entities that have a low risk of identity theft, such as businesses that know their customers personally, the Commission will soon release a template to help them comply with the law. Today’s announcement does not affect other federal agencies’ enforcement of the original November 1, 2008 compliance deadline for institutions subject to their oversight.”

Enacted by Congress, and enforced by the Federal Trade Commission, the Red Flag Rules are an effort to activate businesses to respond in their own, and their customers’, best interest, Thornton explains. They are neither the cause of the challenges they address, nor are they the solution.

“The front line of identity theft and identity misrepresentation has shifted to encompass physical points of sale or points of service, meaning that businesses must completely restructure their behavior and thought processes around information security. By focusing purely on regulatory sticks and carrots, businesses are failing to adopt a more vigilant perspective on information security, both physical and digital,” he said.

Developing a Red Flag Rules policy, and understanding how that policy fits within your overall business operations, is a good place to begin building that perspective, Thornton proposes. Businesses must ask themselves critical questions to challenge their understanding of how identity theft might penetrate their operations: Can you be certain that your customers are who they say they are? How much exposure does your place of work receive from third party vendors such as maintenance personnel or third party service providers? What is left on your employees’ desks at the end of the day? How many different points of access are there to your computer and digital information networks?


idBUSINESS is the standard Information Security operating system for small- to mid-sized businesses. It provides information security planning tools that identify needs, assess risks, comply with the law, and secure an organization’s data.

idBUSINESS is powered by two leading firms in information security, ID Experts, the nation’s leader in date breach prevention and remediation services, and Net Reaction, providers of forensics and information security planning products and services.

To learn more, please visit .

All trademarks and service marks are the property of the respective parties.

Send2Press(R) is the originating wire service for this story, Copr. 2009.