compliance with federal trade commission’s “red flag rule”
Post on 31-Mar-2015
215 Views
Preview:
TRANSCRIPT
Compliance with Compliance with Federal Trade Federal Trade
Commission’s “Red Commission’s “Red Flag Rule”Flag Rule”
BackgroundBackground
Identify Theft is one of the fastest growing areas of white collar crime
U.S. Congress passed Fair and Accurate Credit Transactions of 2003 (FACT Act)
Act charged Federal Trade Commission (FTC) to address identity theft
FTC issued “Red Flags Rules”
Primarily designed for banks Primarily designed for banks and financial institutionsand financial institutions
Red Flags Rules requires “financial institutions” and “creditors” that hold “covered accounts” to develop and implement “an identity theft prevention program”
Why Lehigh?Why Lehigh?
We meet the criteria because of loan programs, installment payment plans, use of credit reports. For example:
◦Federal Perkins Loans◦University Loans◦Bursar’s Office Installment Payment Plans◦Lehigh credit and/or background checks
University systems maintain and communicate confidential personal information, consider for example:
W-2’s1098-T’sLoan NotesOffer Letters
Why Lehigh?
Implementation of the ProgramImplementation of the Program
Board of Trustees has approved Lehigh’s Identity Theft Prevention Program
Oversight by Peggy Plympton
Training appropriate University staff is part of the program
New hires will be trained in coordination with Banner training
Questions to Consider:Questions to Consider:
What’s a common method used to gain information about someone in order to “steal” their identity?
What’s a thief’s common strategy to delay someone from discovering their identity has already been stolen?
Answer: Change their address
Why are you being trained?Why are you being trained?
You have access to change addresses in BANNER using one of the following forms:
1. SPAIDEN2. PPAIDEN3. FOAIDEN4. APAIDEN
Lehigh is already “ahead of the curve”
The University has already established policies and procedures that include very good controls to safeguard identity and financial information
Purpose of the trainingPurpose of the training
To raise your level of awareness
To help you maximize the effectiveness of your department’s policies and procedures
To make sure your day-to-day practices = your policies and procedures
To know what to do if you encounter a red flag
Three Key Rules Three Key Rules
1) Debit and credit card issuers must develop policies and procedures to assess validity of a request for change of address
2) Users of consumer reports must develop reasonable policies and procedures to apply when they receive notice of an address discrepancy from a consumer reporting agency
3) Financial institutions and creditors holding “covered accounts” must develop and implement a written identity theft prevention program
How can you help?How can you help?
Identify relevant “red flags” you may encounter
Detect those “red flags”
Respond appropriately to detected red flags
Update the procedures periodically
““Red Flags” that could occur at Red Flags” that could occur at LehighLehigh
Documents provided for identification appearing altered or forged
Photograph on ID inconsistent with appearance of customer
Personal information inconsistent with information already on file at Lehigh
More red flags:More red flags:
Mail sent to customer repeatedly returned as undeliverable despite being an active account
A fraud alert included with a consumer report
A consumer reporting agency providing a notice of address discrepancy
Making an address changeMaking an address change
Preferred method of making student address changes is for the individual to make his/her own changes via Banner self-service.
See Registrar’s Office website for complete instructions
Requests made In-PersonRequests made In-Person
Acceptable identity verification:Government issued Picture ID
Additional confirming information is required if :
Picture ID is issued by non-government organization (ex: employer-issued ID card) OR
ID does not include a picture(ex: Social Security Card)
NOTE: All requests for change of address must be in writing!
Requests made by EmailRequests made by Email
Acceptable by Itself:
◦Email from a “lehigh.edu” account
Additional Confirmation is Required If:
◦Email is sent from any other email account
Requests by Mail or FaxRequests by Mail or Fax
All such requests must be signed. If any question about validity, take additional steps to confirm, for example:
Photocopy of driver’s licenseCopy of utility billSend sample mail to address to confirmPhone directoryInternet directories
Requests by PhoneRequests by Phone
No address should be changed without having something in writing from the customer.
This is for your protection as well as the customer’s.
Red Flags are not Black & Red Flags are not Black & White!White!
Before concluding you have an identity theft situation, consider the “big picture”:
Did a payment accompany the updated information?
How much was the payment?How/who benefited from the payment?Can the individual answer questions only student
would know?Have you ever temporarily forgotten some of
your personal information?
What to Do If You Suspect What to Do If You Suspect Identify TheftIdentify Theft
Delay opening new account
Suspend access to an existing account
Attempt to contact customer at the last known legitimate address/phone number
If you’ve done the above and still suspect identity theft, contact Lehigh Police
Why you should be concernedWhy you should be concerned
Fines from the government
Costs to Lehigh to help mitigate damages
Possible lawsuit
Damage to Lehigh’s reputation
Its the right thing to do!
Where to go for more InformationWhere to go for more Information
Contact Mike King, Bursar
See Federal Trade Commission website: www.ftc.gov
top related