The purpose of Red Flag rules is to establish an identity theft program to detect, prevent and mitigate identity theft pursuant to the Federal Trade Commission (FTC) Red Flag rules.
Red Flags program is aimed at having companies set up procedures to look for and respond to "Red Flags" that indicate an identity thief is trying to use someone else's information. By doing so, Red Flag rules seek to reduce the damage identity thieves can inflict on victims of identity theft and on businesses left with accounts receivable balances that they'll never be able to collect. Companies set up procedures to look for and respond to "Red Flags" that indicate an identity thief is trying to use someone else's information
"Account"--means a continuing relationship established by a person with a creditor to obtain a product or service for personal, family, household or business purposes. It includes:
"Covered Account" is:
"Identity Theft" is a fraud committed or attempted using the identifying information of another person without authority
"Red Flag" is a pattern, practice, or specific activity that indicates the possible existence of identity theft
"Service Provider" is a person that provides a service directly to the financial institution or creditor
Examples of Covered Accounts that apply to the University are:
Consumer Credit Report Requests
Red Flags policy applies to your department if your department engages in any of the following activities:
It is the University's Policy to:
All personnel who play a role in processing of transactions related to covered accounts are required to take course on Red Flags-ID Theft Protection. This is an annual training requirement.
Department managers with covered accounts should conduct training for their staff to reinforce knowledge, discuss any changes to the program caused by internal business processes or the identification of new Red Flags, perform procedures to evaluate the effectiveness of the Red Flags program and implement changes, if needed.
Yes. As a University employee, it is your duty to comply with University programs and policies. You must act if you observe a violation of the Red Flags Rule.
Yes. One of the many benefits the University will have by your filing an incident report will be the opportunity to review the incident and offer advice to other departments who may experience similar Red Flags.
In order to further prevent the likelihood of identity theft occurring with respect to covered accounts, the University will take the following steps related to its internal operating procedures to protect identifying information:
If they process personal identifying information related to covered accounts, then we are responsible to ensure that they are Red Flag compliant. Language regarding their compliance is included in purchasing agreements.
An incident of identity theft can have serious consequences to the University:
Moreover, an incident of identity theft would be damaging to the University and your department's reputation. It would be detrimental to have fraud associated to the University in any way. A successful Red Flag program helps the University guard against damage to our reputation.
Additional information can be found at the following websites:
Federal Trade Commission's Red Flags Rule, 16 C.F.R. 681.2
Section 114 of the Fair and Accurate Credit Transactions Act