IDENTITY THEFT PREVENTION PROGRAM



Similar documents
Oregon University System Identity Theft Prevention Program Effective May 1, 2009

The Florida A&M University. Identity Theft Prevention Program. Effective May 1, 2009

Identity theft. A fraud committed or attempted using the identifying information of another person without authority.

Green University. Identity Theft Prevention Program. Effective beginning October 31, 2008

Number: Index

Village of Brockport Identity Theft Prevention Program Effective December 1, 2009 Confirmed 7/21/14

Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009

Identity Theft Prevention Program

Identity Theft Prevention Program

University of Arkansas at Monticello Identity Theft Prevention Program

II. F. Identity Theft Prevention

Identity Theft Prevention Policy and Procedure

Texas A&M University Commerce. Identity Theft Prevention Program Effective beginning May 1, 2009

IDENTITY THEFT DETECTION POLICY

University of Alaska. Identity Theft Prevention Program

Florida Agricultural & Mechanical University Board of Trustees Policy

MARSHALL UNIVERSITY BOARD OF GOVERNORS

University of North Dakota. Identity Theft Prevention Program

Z1.01 Guideline: Identity Theft Prevention Program

Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention

Christopher Newport University Policy and Procedures

identity Theft Prevention and Identification Requirements For Utility

Identity Theft Prevention Program

I. Purpose. Definition. a. Identity Theft - a fraud committed or attempted using the identifying information of another person without authority.

UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM

Central Oregon Community College. Identity Theft Prevention Program

City of Hercules Hercules Municipal Utility Identity Theft Prevention Program

Approved by the Audit Committee of the Board of Trustees, effective February 3, 2009.

IDENTITY THEFT PREVENTION

Texas A&M International University Identity Theft Prevention Program

Springfield Technical Community College Identity Theft Prevention Program

Policy: 208 Subject: Identity Theft Prevention Program Approved for Board Action: December 22, 2009 Dates Amended:

THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM

TITLE XVIII: IDENTITY THEFT PREVENTION PROGRAM

Delta Township Compiled Policy Manual

Florida International University. Identity Theft Prevention Program. Effective beginning August 1, 2009

CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY

The University of North Carolina at Charlotte Identity Theft Prevention Program

Ouachita Baptist University. Identity Theft Policy and Program

Chatsworth Water Works Commission. Identity Theft Prevention Program. Effective beginning December 1, 2008

University System of New Hampshire. Identity Theft Prevention Program

University of Dayton Red Flag ID Theft Prevention Program

IDENTITY THEFT PREVENTION PROGRAM

[Institution or GPLS Name] Red Flag Rules - Identity Theft/Fraud Prevention Program. Effective beginning, 2009

Identity theft prevention program and red flag compliance policy.

POLICY TITLE: IDENTITY THEFT PROTECTION POLICY

NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)

CATAWBA COUNTY IDENTITY THEFT RED FLAGS POLICY

IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS)

City of Caro Identity Theft Prevention Policy

Travis County Water Control & Improvement District No. 17. Identity Theft Prevention Program. Effective beginning November 20, 2008

Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements

What is FERPA? This act is enforced by the Family Policy Compliance Office, U.S. Department of Educational, Washington, D.C.

DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED:

IDENTITY THEFT PREVENTION (Red Flag) POLICY

Identity Theft Prevention Program. Effective: November 1, 2009

UNIVERSITY OF RICHMOND IDENTITY THEFT PREVENTION PROGRAM

University of Nebraska - Lincoln Identity Theft Prevention Program

CITY OF ANDREWS IDENTITY THEFT PREVENTION PROGRAM

City of Watauga Utility Billing Department Identity Theft Prevention Program. Effective beginning November 1, 2008

IDENTITY THEFT AND MUNICIPAL UTILITIES

University Policy: Identity Theft Prevention Policy

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009

Red Flag Rules Information and Training

IDENTITY THEFT PROCEDURES

University of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response)

Identity Theft Prevention Program. Approved by the Arizona Board of Regents on May 1, 2009

RANDOLPH COUNTY PUBLIC WORKS. Identity Theft Prevention Program. Adopted September 1, 2009 Effective beginning September 1, 2009

How to Prevent Identity Theft at University

IDENTITY THEFT PREVENTION PROGRAM

NORTHEAST COMMUNITY COLLEGE ADMINISTRATIVE PROCEDURE NUMBER: AP FOR POLICY NUMBER: BP 3250 IDENITY THEFT PREVENTION PROGRAM PROCEDURES

IDENTITY THEFT PREVENTION PROGRAM

University Identity Theft and Detection Program (NEW) All Campuses and All Service Providers Subject to the Red Flags Rule

PITTSBURGH CARE PARTNERSHIP, INC. COMMUNITY LIFE PROGRAM POLICIES AND PROCEDURES. Identity Theft Prevention Program Policy for Health Care Providers

Identification of Red Flags, Detecting Red Flags, and Preventing and Mitigating Identity Theft

Covered Areas: Those EVMS departments that have activities with Covered Accounts.

ADRIAN COLLEGE IDENTITY THEFT POLICY

RANDOLPH COUNTY EMERGENCY SERVICES & TAX DEPARTMENT. Identity Theft Prevention Program. Adopted August 3, 2009 Effective beginning August 1, 2009

Identity Theft Prevention Program

City of Des Plaines. %SJ Miner Street. consent Agenda Items #6 & 6a. Finance Department MEMORANDUM. Date: May2,201l

Facts About FACTA Red Flag Identity Theft Prevention Program

Administrative Procedure 5800 Prevention of Identity Theft in Student Financial Transactions

Identity Theft Prevention Policy

RESOLUTION NO WHEREAS, the City of Wilsonville strives to protect all personal information that can be used by identity thieves, and;

IDENTITY THEFT PREVENTION PROGRAM

State Of Florida's Real Estate Law

ELKHORN RURAL PUBLIC POWER DISTRICT POLICY #1230. Identity Theft Prevention Policy

RANDOLPH COUNTY HEALTH DEPARTMENT. Identity Theft Prevention Program. Adopted August 3, 2009 Effective beginning August 1, 2009

policy All terms used in this policy that are defined in 16 C.F.R shall have the same meaning provided in that section.

OLYMPIC COLLEGE POLICY

Community College System of New Hampshire Identity Theft Prevention Program Revised 5/4/2009

RESOLUTION TO ADOPT IDENTITY THEFT POLICY

POLICY: Identity Theft Red Flag Prevention

University of Tennessee's Identity Theft Prevention Program

THE UNIVERSITY OF MICHIGAN IDENTITY THEFT PREVENTION PROGRAM

IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009

RADLEY ACURA RED FLAG IDENTITY THEFT PROTECTION PROGRAM and ADDRESS DISCREPANCY PROGRAM

Identity Theft Prevention Program (Approved by the Board of Trustees)

MOTLOW STATE COMMUNITY COLLEGE

Carleton College IDENTITY THEFT PREVENTION PROGRAM POLICY STATEMENT

Transcription:

LEGAL REQUIREMENTS Section 114 of the Federal Trade Commission s Fair and Accurate Credit Transactions Act of 2003 created the Red Flags Rule. This regulation requires the College to have an Identity Theft Prevention Program designed to detect, prevent, and mitigate identity theft in connection with opening a covered account or maintaining an existing covered account and to provide administration of the program. The College s program will: Identify relevant red flags for covered accounts it offers or maintains and incorporate those red flags into the program; Detect red flags that have been incorporated into the program; Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and Ensure the program is updated periodically to reflect changes in risks to students and to the safety and soundness of the creditor from identity theft. DEFINITIONS The following definitions are included as part of this policy: Identity theft is fraud committed or attempted using the identifying information of another person without authority. Covered account is an account that a creditor offers or maintains, primarily for personal, family, or household purposes that involves multiple payments or transactions; and, any other account the College offers or maintains for which there is reasonably foreseeable risk to customers or to the safety and soundness of the College from identity theft. Red flag is a pattern, practice or specific activity that indicates the possible existence of identity theft. Identifying information is any name or number that may be used, alone or in conjunction with any other information, to identify a specific person including: name, address, telephone number, social security number, date of birth, driver license, identification number, alien registration number, government passport, employer or taxpayer identification number, student identification number, computer s internet protocol address, or routing code. Page 1 of 8

COVERED ACCOUNTS The College has identified the following types of accounts that fall under the definition of covered accounts: Refunds of student tuition, fees, grants and loans Student tuition and fee payment plans ACH processed transactions Student billings, payments and other transactions processed through Touchnet 1098-T information Wisconsin Tax Refund Intercept Program accounts Delinquent accounts sent to a collection agency Contracted agreements including third-party arrangements The College has identified State Collection Services and Wisconsin TRIP program as types of accounts that fall under the definition of service provider covered accounts. Please refer to Service Provider Arrangements on page 7. IDENTIFICATION OF RED FLAGS The following risk factors will be used to identify relevant red flags for covered accounts: The types of covered accounts as identified above The methods provided to open covered accounts, which includes gathering information such as: o Admissions application and registration with personally identifying information o FAFSA application for financial aid assistance o High school transcripts, GED, HSED or other equivalent documents o Official test scores, such as ACT, SAT, COMPASS, ACCUPLACER, TABE o Letters of recommendation o Entrance medical record o Criminal background check information o Driver s license o Military Service Records o Residency documents, such as Visa, I-9, I-551, etc. o Financial status documentation o Post-secondary transcripts Page 2 of 8

The methods used to access covered accounts, which include gathering the following information: o Disbursement requests obtained in person require picture identification o Disbursement requests obtained by mail can only be mailed to an address on file o Disbursement requests obtained by internet require a previously authorized password The College s previous history of identity theft The following Red Flags will be considered: Notifications and Warnings from Consumer Reporting Agencies o Report of fraud accompanying a consumer reporting agency report o Notice of report from a consumer reporting agency of a credit freeze o Notice or report from a consumer reporting agency of an active duty alert o Receipt of a notice of address discrepancy in response to a consumer reporting agency report request o Indication from a consumer reporting agency report of activity that is inconsistent with usual pattern or activity Suspicious Documents o Identification document or card that appears to be forged, altered or inauthentic o The photograph or physical description on the identification is not consistent with the appearance of the student presenting the identification o A request for service that appears to have been altered or forged o A request made from a non-college issued e-mail account o A request to mail something to an address not listed on the file o A request to reset a password Page 3 of 8

Suspicious Identifying Information o Identifying information presented that is inconsistent with other information the student provides such as inconsistent birth dates, different signatures o Identifying information presented that is inconsistent with other sources of information such as an address mismatch on personal documents o Identifying information presented that is the same information shown on other applications that were found to be fraudulent o Identifying information presented that is consistent with fraudulent activity such as an invalid phone number or fictitious billing address o Social security number presented that is the same as one given by another person o Failure to provide complete personal identifying information on a deferred payment plan when reminded to do so o Identifying information that is not consistent with the information that is on file for the student Suspicious Account Activity o Account used in a way that is not consistent with prior use o Mail sent to a student that is repeatedly returned as undeliverable although transactions continue in connection with the student s covered account o Notice to the College that a student is not receiving mail sent by the College o Notice to the College that an account has unauthorized activity o Breach in the College s computer security system o Unauthorized access to or use of student account information o Numerous unsuccessful attempts to gain computer access to a student s account Alerts from Others o Notice to the College from a student, identity theft victim, law enforcement or other persons that the College has opened or is maintaining a fraudulent account for a person engaged in identity theft Page 4 of 8

DETECTION OF RED FLAGS Student Enrollment In order to detect any of the red flags identified above associated with the enrollment of a student, College personnel will take the following steps to obtain and verify the identity of the person opening the account: 1. Require certain identifying information such as name, date of birth, academic records, home address or other identification 2. Verify the student s identity at time of issuance of student identification card by reviewing government issued photo identification or other personally identifiable information to confirm domicile such as a utility bill, tax return, bank statement, school transcript or pay stub 3. Require student selected personal information to be used for resetting a computer access password Existing Accounts In order to detect any of the Red Flags identified above for an existing covered account, College personnel will take the following steps to monitor transactions on an account: 1. Verify the identification of students if they request information in person, via telephone, via facsimile or via email 2. Verify the validity of requests to change billing addresses by mail or email and provide the student a reasonable means of promptly reporting incorrect billing address changes 3. Verify changes in banking information given for billing and payment purposes 4. Verify student selected personal information prior to resetting passwords PREVENTING AND MITIGATING IDENTITY THEFT When a red flag is triggered, personnel shall take one or more of the following steps, depending on the degree of risk posed by the red flag: Protect and Prevent Student Identifying Information In order to further prevent the likelihood of identity theft occurring with respect to covered accounts, the College will take the following steps with respect to its internal operating procedures to protect student identifying information: Page 5 of 8

Mitigate o Ensure that its website is secure or provide clear notice that the website is not secure o Ensure complete and secure destruction of paper documents and computer files containing student account information when a decision has been made to no longer maintain such information o Ensure that office computers with access to covered account information are password protected o Avoid use of social security numbers o Ensure computer virus protection is up to date o Require and keep only the kinds of student information that are necessary for College purposes o Automatic lock-out for computers o Ensure secured access to imaged documents o Require student previously selected personal information be provided before resetting computer access passwords o Continue to monitor a covered account for evidence of identity theft o Contact the student or applicant to prove identity o Change any passwords or other security devices that permit access to covered accounts o Not open a new covered account o Notify the Program Administrator for determination of the appropriate step(s) to take o Notify law enforcement o Determine that no response is warranted under the particular circumstances o Provide ability to enable FERPA block on directory information PROGRAM ADMINISTRATION Oversight The Vice President of Finance and College Operations will serve as the Program Administrator and is responsible for developing, implementing and updating this program. The Program Administrator will be responsible for ensuring appropriate training of College staff on the program, for reviewing any staff reports regarding the detection of red flags and the steps for preventing and mitigating identity theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the program. Page 6 of 8

Staff Training and Reports College staff responsible for implementing the Program shall be trained, as necessary, in the detection of red flags and the responsive steps to be taken when a red flag is detected. College employees are expected to notify the Program Administrator once they become aware of an incident of identity theft or of the College s failure to comply with this program. At least annually, College staff responsible for development, implementation, and administration of the program shall report to the Program Administrator on compliance with this program. The report should address such issues as effectiveness of the policies and procedures in addressing the risk of identity theft in connection with the opening and maintenance of covered accounts, service provider agreements, significant incidents involving identity theft and management s response, and recommendations for changes to the program. Service Provider Arrangements In the event the College engages a service provider to perform an activity in connection with one or more covered accounts, the College will take the following steps to ensure the service provider performs its activity in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft. Require, by contract, that service providers have such policies and procedures in place Require, by contract, that service providers review the College s program and report any red flags to the Program Administrator Specific Program Elements and Confidentiality For the effectiveness of this Identity Theft Prevention Program, knowledge about specific red flag identification, detection, mitigation and prevention practices may need to be limited to the committee who developed this program and to those employees with a need to know them. Any documents that may have been produced or are produced in order to develop or implement this program that list or describe such specific practices and the information those documents contains are considered confidential and should not be shared with other College employees or the public. The Program Administrator shall inform the employees with a need to know the information of those documents or specific practices which should be maintained in a confidential manner. Page 7 of 8

Program Updates The Program Administrator will periodically review and update this program to reflect changes in risks to students and the soundness of the College from identity theft. In doing so, the Program Administrator will consider the College s experiences with identity theft situations, changes in identity theft methods, changes in identity theft detection and prevention methods, and changes in the College s business arrangements with other entities. After considering these factors, the Program Administrator will determine whether changes to the program, including the list of red flags, are warranted. If warranted, the Program Administrator will update the program. Incident Documentation The Program Administrator will keep detailed files on all incidences where there have been actual identity thefts, attempts at identity thefts or suspicions of identity thefts. These files will, at a minimum, provide a complete description of the incident, procedures taken to determine any harm caused to the student involved, any procedures taken to prevent and mitigate identity theft and procedures taken to monitor activity in the student s account to ensure that no further compromise to the student s information occurred. These documents will be used for the evaluation of the effectiveness of this policy and provide appropriate changes to the College s Red Flag Policy. These documents will remain on file for a minimum of five years. Disclaimer While reasonable efforts will be made to detect, prevent and mitigate identify theft, the College makes no representations or warranties that the program described above will in fact ensure the absence of identity theft or prevent financial losses. All warranties against loss, either express or implied, are hereby disclaimed. Furthermore, the College will not be liable for any damages, whether direct, indirect or consequential. References: FTC Fair and Accurate Credit Transactions Act, Section 114 Administrative Regulation Adopted: February 22, 2010 Page 8 of 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information