9.39 Red Flag Rules Compliance for Identity Theft Detection

POLICY STATEMENT

The Federal Trade Commission Code of Federal Regulations (CFR) Title 16, Part 681 has implemented the Red Flag Rules, which requires that 世界杯官方app adopt guidelines to address the following situations:

• Receiving a Notice of an Address Discrepancy after requesting a consumer report from a consumer reporting agency (as per 681.1).
• Upon accepting an extension of certain types of credit - either directly or indirectly - by 世界杯官方app (as per 681.2). 
• Requesting an additional or replacement debit or credit card that following closely after an address change request (as per 681.3).

RATIONALE

世界杯官方app must implement an Identity (ID) Theft Prevention Program to protect consumers against identity theft.

SCOPE

All areas, departments, colleges and schools of the University which hold personally identifiable financial records and information and/or covered accounts must comply with the requirements of this guideline.

WEBSITE ADDRESS FOR THIS POLICY

http://ireh.shorinji-kempo.net/hop/chapter9/9-39.html

RELATED STATUTES, POLICIES, REQUIREMENTS OR STANDARDS

 

CONTACTS

If you have any questions about Red Flag Rules, contact the following office(s):

The Director of Financial Services and University Bursar is responsible for this policy and can be reached at 210-458-4221.

DEFINITIONS  

Account
A continuing relationship established by a person with an institution to obtain a product or service for personal, family, household or business purposes. It may involve the extension of credit for the purchase of a product or service or a deposit account.

Account Holder
Student, employee, retired employee, patient or other person that has a covered account held by or on behalf of 世界杯官方app.
NOTE: An account holder may also be referred to as a debtor.

Cardholder
Consumer to whom 世界杯官方app has issued a credit card or debit card.

Consumer
Student, employee, prospective employee or other individual.

Consumer Report
Any written, oral or other communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility for purposes set forth in 15 U.S.C 161a (d).

Consumer Reporting Agency or Agency
Any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.

Covered Account
An account that involves or is designed to permit multiple payments or transactions, which is primarily for personal, family or household purposes. It is also any account for which there is a reasonably foreseeable risk of identity theft.
Examples of Covered Accounts include, but are not limited to:

• Student loan and tuition accounts
• Patient medical service accounts
• Accounts associated with employee benefits, student debit cards and meal plans.

Credit Card
Any card, plate, coupon book or other credit device existing for the purpose of obtaining money, property, labor, or services on credit.

Creditor
Any institution that regularly extends, renews, or continues credit; any institution that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor that participates in the decision to extend, renew, or continue credit.
NOTE: 世界杯官方app is considered a creditor.

Debit Card
Any card issued by 世界杯官方app to a consumer for use in initiating an electronic fund transfer from the account of the consumer at 世界杯官方app for the purpose of transferring money between accounts or obtaining money, property, labor, or services.

Identity Theft
Any use or attempt by an individual to use another person's individual identifying information to obtain a thing of value including money, credit; items or services, such as medical care or education services to which the individual is not entitled.

Individual/Consumer Identifying Information
Any information that may be used alone or with other information to identify an individual, including, but not limited to:

• Name
• Social security number
• Date of birth
• Telephone or cell phone number
• Government issued driver's license or identification number
• Alien registration number
• Passport number
• Employer or taxpayer identification number
• Credit, debit, banking account numbers
• Unique biometric data such as fingerprint, voice print, retina or iris image or other unique physical representation
• Unique electronic identification number; address or routing code; IP or other computer identifying address; or telecommunication identifying information or other access device.

NOTE: Includes information received about a consumer from a third party source.

Red Flag
A pattern, practice or specific activity that indicates the possible existence of identity theft.

Responsible Party
Appropriate senior officer or employee with sufficient training, experience and authority to develop, maintain, and oversee compliance with the University's Program.

Service Provider
Any person or entity that provides a service to the University.

RESPONSIBILITIES 

Responsible Party
The Director of Financial Services and University Bursar serves as 世界杯官方app's Responsible Party and is responsible for developing, implementing and maintaining the Identity Theft Prevention Program. The Director of Financial Services and University Bursar is also responsible for identifying those areas where covered accounts are held by the University, ensure University personnel are appropriately trained and provides an annual report to the University President on compliance with the program. A copy of this report is maintained on file.

Departmental Responsibilities for Covered Accounts
Each 世界杯官方app department below has been identified as being responsible for opening - directly or indirectly - or maintaining covered accounts at 世界杯官方app and is responsible for adhering to this program.

世界杯官方app departments not specifically listed below must follow these guidelines and report their actions to the Responsible Party if identity theft is suspected.

Business Affairs:

• Administration: Business Auxiliary Services Operations
• Financial Affairs: Financial Services and University Bursar, Perkins Student Loans, Fiscal Services Office
• 世界杯官方app Police Department

Student Affairs:

• Admissions
• Registrar
• Student Enrollment Services Center
• Student Financial Aid

These departments may incorporate existing internal policies and procedures that promote the purpose of the ID Theft Prevention Program, including available security tools, as long as these tools can assist with the implementation of this program.

Departmental Responsibilities for Consumer Reports
The 世界杯官方app Police Department has been identified as being responsible for requesting consumer credit reports for 世界杯官方appPD Officer candidates via a contracted third-party vendor and must adhere to this policy.

Departmental Responsibilities for Issuing Debit Card and Credit Cards
The 世界杯官方app Card Office - within Business Auxiliary Services - has been identified as being responsible for issuing and reissuing the 世界杯官方appCard, a photo identification and all-campus debit card that is used by current students, faculty and staff.

PROCEDURES  

 Risk Assessment and Program Review for Covered Accounts

An annual risk assessment is performed by the Responsible Party to determine if additional departments and/or areas have become responsible for opening or maintaining covered accounts. Each department must determine the following:

• Types of covered accounts offered or maintained
• Existing account opening processes
• Methods that existing accounts are accessed
• Previous instances where identity theft has occurred

Additionally, the Responsible Party completes an annual program and reviews any incidents of identity theft occurring since last review, changes in methods of identity theft, the types of accounts being opened and/or maintained and changes to the methods of identifying and preventing identity theft. The Responsible Party is also responsible for preparing and submitting an annual report to the University President, illustrating the program's effectiveness, any third-party service provider agreements, significant incidents of identity theft and management's response and any recommended changes to the program.

Training
Staff working in departments involved in the creation, modification or administration of covered accounts must complete the identity theft prevention training to ensure compliance with the Identity Theft Prevention Program.

Oversight of Third Party Service Providers
In the event 世界杯官方app contracts with a service provider to perform an activity in connection with any section of this policy, 世界杯官方app will ensure that the contractor performs its contracted activities in a secure manner by including contract provisions that require the service providers have reasonable policies and procedures in place to prevent, detect and mitigate the risk of identity theft and that any suspected or actual situations involving identity theft be reported to the Responsible Party.

Consumer Reports
As a general rule, 世界杯官方app does not request reports of creditworthiness during background checks on candidates for employment by 世界杯官方app.  When such a requirement is justified, advance approval by the Associate Vice President for Human Resources is required to assure compliance with federal regulation Title 16: 681.1 Identity Theft Rules: Duties Regarding Address Discrepancies Related to Consumer Reports.

NOTE: 世界杯官方app has contracted with a third-party vendor to provide consumer credit reports for 世界杯官方appPD Officer candidates. It is the responsibility of 世界杯官方app to comply with these provisions.

Debit Card and Credit Card Issuance
世界杯官方app offers the 世界杯官方appCard, a photo identification and all-campus debit card that is used by current students, faculty and staff.

Initial card requests must be made in-person at the 世界杯官方app Card office and be accompanied by a valid photo identification, such as a state issued identification card, driver's license, passport or military ID.

Requests for replacement 世界杯官方appCard's - due to theft or loss - must also be made in-person at the 世界杯官方app Card Office. Requestors may be asked to provide a form of identification, such as a state issued identification card, driver's license, passport or military ID for verification.

See Financial Guideline - Identifying and Responding to Red Flags for detailed procedures.

NOTE: 世界杯官方app does not issue credit cards.

Red Flags
Red Flags are suspicious patterns or practices or specific activities that indicate the possibility that identity theft may occur. All departments must review the required responses and actions if presented with any red flags. See Financial Management Operational Guideline 4.2 - Identifying and Responding to Red Flags for details.

FORMS AND TOOLS/ONLINE PROCESSES

• Identity Theft Prevention Training Presentation (currently being developed)