Cyber Crime Increases Impact on Business
Anyone who uses a computer or mobile device, banks online or holds sensitive information in a database is exposed to cyber crime that can wreak havoc on business and individuals. Studies show that this activity has grown 300% since the 2007 passage of the Red Flags Rule. The FBI reports that virus writers are writing 60,000 new viruses each day and current detection programs are only 30% effective. The original rules may have excluded many businesses due to the way in which customer credit accounts were classified. The common threat of this crime may impact the way in which accounts are defined, thus expanding these rules to any firm that allows customers to defer payment.
These rules compel compliance for businesses that meet the definition of “creditor.” It also requires covered businesses to conduct a periodic risk assessment to determine if they have “covered accounts.” With covered accounts comes the requirement to have a written identity theft protection program.
Definition of Creditor:
According to the rules, any firm that grants credit or deferred payment for goods and services or participates in the decision to extend, renew, or set the terms of credit AND secures or uses consumer reports, provides information to credit companies or advances funds to or for someone who must repay them, is defined as a “creditor.”
Definition of Covered Accounts:
Existing or new accounts for customers for “personal, family or household purposes that involve or allow multiple payments or transactions” OR “any account that a creditor offers for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the creditor from identity theft.”
The growth in the risk and threat of cyber crime coupled with the ever-present warnings could deem every small business customer account to be at “reasonable foreseeable risk.” This means that every small business should have a written identity theft program. Frost Risk Advisors also recommends that every business explore Cyber Liability/Privacy and Security coverages available to offset costs associated with claims and notification costs in the event of a data breach.
Lisa Foster, Frost Insurance
The Federal Trade Commission has issued rules and policies designed to protect consumer information. Additionally there are data breach and consumer notification requirements in place at both federal and state levels. The full text can be found at http://www.ftc.gov/fedreg/2007/november/071109redflags.pdf