By THOMAS HARTLEY
Business First

John Krenitsky knows identity theft when he sees it or scents it.

One of his responsibilities as administrative vice president of compliance for M&T Bank Corp. is to help protect consumers from identity theft and fraud.

He also knows firsthand about the skyrocketing national epidemic because identity theft struck his own home.

After his wife returned home to Western New York from a brief trip to California three years ago, she received notification from her bank that her credit card was used to make nearly $3,000 in purchases at grocery stores and home-improvement stores.

The charges, which she had not in fact incurred, raised at least four red flags of possible fraud: a number of purchases outside the primary area of her residence; a large volume of charges; many purchases in a brief period of time; and items purchased that would not normally be expected of someone from New York visiting California.

An investigation later concluded that a waiter had passed her credit card through a "skimmer" - a device that bypassed the restaurant's own scanner - to gain the information later used to make the purchases.

The fraud was uncovered because the bank had a system in place to spot suspicious activity.

To help curb the spreading epidemic, the Federal Trade Commission has crafted new "Red Flag Regulations" for the financial-services industry and others. The rules - guidelines to detect potential fraud or ID theft that is occurring, has occurred or could occur - take effect Nov. 1.

"M&T, and in most cases, the financial-services industry, already has ‘red flag' rules in place. Nov. 1 is when they become mandatory and formalized," Krenitsky said.

The new rules were authorized by the Fair and Accurate Credit Transactions Act of 2003. FACTA addressed unauthorized or inaccurate use of consumer accounts by banks, credit unions, consumer-finance companies, collection agencies, loan companies and credit-reporting agencies such as Equifax, Experian and Trans Union.

Also included are employers who use consumer reports if there is doubt about the authenticity of a person's address or other data in the report.

"If an address discrepancy is detected, it doesn't necessarily mean that identity theft has occurred, but it requires the employer to investigate the warning and document the response," said Corporate Investigations Inc., a Pittsburgh-based national provider of background investigations.

FACTA allows consumers to place "fraud alerts" on their credit records when they report to the agencies that they are a fraud victim, including cases of identity theft.

The new rules also are intended to strengthen communications among financial-services providers, credit raters and other companies, Krenitsky said.

Failure to comply with the new rules could result in civil liability.

By the Nov. 1 deadline, businesses covered by the law will have to define and implement a red-flag program and be able to document the steps they take to ensure that a consumer's privacy is verified and protected.

Warning signs include notices or fraud alerts received from credit-reporting agencies; suspicious-looking documents when an account is opened; a driver's license that doesn't look right; unusual credit-card purchases or suspicious identifying information in connection with opening an account, such as a middle-aged person providing a Social Security number that was recently issued.

"Retailers, as credit granters, also fall under the realm of red-flag compliance because they have credit-origination departments," said Steven Korn, Buffalo-area senior account executive for Experian.

"Since most (large retailers) are national chains, though, there are few, if any, in Western New York," he said.

Korn said some businesses might be unaware of their responsibility to comply.

"The federal government is not providing a lot of specifics beyond the obvious credit lenders," he said.