MIAMI - For the most part, when a company's database was breached, a laptop with personal information was lost or credit card numbers got swiped, it was up to consumers to put fraud alerts on their credit reports, check those reports frequently and put back the pieces of their credit history together on their own.

Starting Sunday, businesses that extend credit will have to take extra steps to protect your personal information on the front end, and investigate if they find something of concern.

That's when Federal Trade Commission rules will kick in. The so-called "Red Flags Rule" require businesses, small and large, to do a better job of verifying the identity of their customers - to keep them from being taken advantage of by identity thieves.

Businesses from utilities to physicians will be on the lookout for fraud alerts on consumers' credit reports, identification that doesn't look like the person presenting it and anything that looks forged.

These and 23 other potential red flags are supposed to lead businesses to take extra steps to figure out who they are doing business with.

"What it focuses on is any company that extends credit - such as where they bill you now and you pay in 30 days," said Miami attorney Luis Salazar, of Greenberg Traurig. "If there's a red flag, they have to investigate."

"Small businesses are not excluded, even the smallest business, if they qualify as a creditor," he said. Businesses that accept credit cards as a form of payment aren't necessarily subject to the rules, which were enacted in 2007.

The deadline to put the rules into effect was extended to give businesses time to come up with written plans to address identity theft.

Identity theft has been consumers' No. 1 complaint to the FTC for nine years running, with nearly 314,000 complaints in 2008.

"Nobody wants to be overburdened with regulations," Salazar said, "but they want to do something about" identity theft.

HELPFUL TIPS:

The red flags rule is supposed to help curb identity theft, by shifting some of the burden from consumers to businesses. Learn more at http://www.ftc.gov/redflagsrule.

But you should still keep a close watch on your personal information. Here are some suggestions from the Federal Trade Commission:

- Protect your Social Security number. Don't carry your card if you don't need it. Ask why someone needs it if it is requested.

- Handle mail with care. Shred documents that contain credit card numbers, banking information and credit card offers. Limit credit card offers: Call 888-5-OPT-OUT (888-567-8688).

- Don't give out personal information on the phone, via mail or the Internet, unless you initiated contact and are sure of whom you're dealing with.

- Freeze your credit report so potential creditors and others can't access it unless you lift the freeze. This has to be done by contacting individual credit agencies: Equifax, Experian and TransUnion. You can learn more about credit freezes at http://www.consumersunion.org/campaigns/learn-more/003484indiv.html.

- Check your credit report for free three times a year at http://www.annualcreditreport.com. You can check one report from each major credit bureau once a year. Beware of sites that have a similar web address as this official site but actually charge for their services or require enrollment in some kind of program. You can also call 877-322-8228.

- Use intricate passwords that don't involve your mother's maiden name, birthday or the last four digits of your Social Security number.

(c) 2009, The Miami Herald.

Distributed by McClatchy-Tribune Information Services.