If you're a security pro, you might be familiar with the U.S. Treasury Department's Office of Foreign Asset Control (OFAC) requirements, which basically require companies to check their customers' identities against a list of known terrorists to prevent them from unwittingly providing products or services to an enemy. Most major credit bureaus check customers and applicants against these lists, so if you're vetting your partners and customers that way, you're probably covered.

However, you may not have heard yet about the Federal Trade Commission's "Red Flag" program, which is designed to warn companies when they are about to do business with identity thieves or money-laundering operations. The Red Flag program, which takes effect Nov. 1, requires enterprises to check their customers and suppliers against databases of known online criminals -- much like what OFAC does with terrorists -- and also carries potential fines and penalties for businesses that don't do their due diligence before making a major transaction.

"The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts," the FTC says in the rules, which were passed last year.