Upload
brianne-mitchell
View
220
Download
1
Tags:
Embed Size (px)
Citation preview
Identity Theft and Red FlagIdentity Theft and Red FlagRulesRules
Training ModuleTraining Module
The University of Texas at Tyler
Identity Theft - Red FlagIdentity Theft - Red FlagTrainingTraining
This training is intended for view prior to each area creating their own unique policies and procedures for identifying, detecting, preventing, and mitigating identity theft.
Identity Theft - Red FlagsIdentity Theft - Red Flags
Red flags in this training means a pattern, practice, or specific activity that indicates the possible existence of identity theft.
Red Flag Rules Background Red Flag Rules Background
In November 2007, final rules were issued to implement the Identity Theft Flags Rule.
The Rule applies to financial Institutions including universities that offer or maintain Accounts;
The Rule requires the implementation of a written Identity Theft Prevention Program.
UT Tyler falls within the scope of the Red Flag UT Tyler falls within the scope of the Red Flag
Rules because we act as a “creditor” by:Rules because we act as a “creditor” by: regularly extending, renewing, or continuing credit; regularly arranging for such credit; acting as an assignee of an original creditor.
Simply accepting credit cards as a form of payment does not make you a “creditor” under the Red Flags Rule. But if you offer a debit or credit card, arrange credit for your customers, or extend credit by selling customers goods or services now and billing them later, you are a “creditor” under the law.
COVERED ACCOUNTSCOVERED ACCOUNTS
The Rule’s goal is to detect, prevent, and mitigate identity theft in certain 'covered accounts.'
A ‘covered account’ is any account that the University of Texas at Tyler offers or maintains: – Primarily for personal, family, or household purposes, or – That permits multiple payments or transactions, or – For which there is a reasonably foreseeable risk of identity theft.
THE RULETHE RULE …is actually three different but related rules - all will
definitely apply to the following areas at UT Tyler: (681.1) Users of Consumer Reports and background
checks (681.2) Creditors holding ‘Covered Accounts’ (681.3) Issuers of Debit and Credit Cards
USERS OF CONSUMER REPORTSUSERS OF CONSUMER REPORTS
(681.1) Users of consumer reports must develop reasonable policies and procedures
to verify the identity of consumers and confirm their addresses, when necessary. Applies to any areas of UT Tyler that utilize
consumer reporting agencies (Equifax, Experion, TransUnion) for any reason, i.e. credit or background checks for loans or collection purposes, or for new hire applicants. Includes Human Resources, Campus Police, Nursing, etc.
CREDITORSCREDITORS
(681.2) “…creditors holding ‘covered accounts’ must develop and implement written procedures for both new and existing accounts.” – This provision applies to any areas of UT Tyler
that issue any type of credit, i.e. Stafford Loans, Housing or Meal Payment Plans, Student Deferred Payment Plans, emergency loans, P2 cards, Swoop cards, Procards, Travel cards, etc.
Debit and Credit Card IssuersDebit and Credit Card Issuers
(681.3) Debit and credit card issuers must develop reasonable policies and procedures to assess the validity of a request for change of address followed closely by a request for an additional or replacement card.
Identifying Red FlagsIdentifying Red Flagsand Fraud Indicatorsand Fraud Indicators
A Red Flag, or any situation closely resembling one, should be investigated for verification.
The following are potential indicators of fraud:
Alerts, notifications, or other warnings from credit agencies
• Suspicious documents or personal identifying information
• Unusual or suspicious account activities • Notices from customers, victims of identity theft, law
enforcement authorities, or others
Alerts, Notifications, and WarningsAlerts, Notifications, and Warnings
Watch for these notices from consumer reporting Watch for these notices from consumer reporting agencies, service providers, or fraud detection services: agencies, service providers, or fraud detection services: – An An active duty alert or a fraud alert included with a consumer
report; – A notice of A notice of credit freeze in response to a request for a consumer
report; or– A notice of A notice of address discrepancy.
You'll need to add a procedure for appropriate You'll need to add a procedure for appropriate responses to notices.responses to notices.
Suspicious DocumentsSuspicious Documents
Identification documents that appear to have been altered or forged.
The photograph or physical description on an ID that doesn’t match the Customer presenting it.
Information on the identification that is inconsistent with other information provided or readily accessible, such as a signature card or a recent check.
An application or document that appears to have been destroyed and reassembled.
Suspicious Personal InformationSuspicious Personal Information
Personal Identifying Information (PII) is any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual.
Examples of suspicious personal information: PII provided is inconsistent with PII that is on file, or when
compared to external sources. For example, The address does not match any address in the consumer
report; The SSN has not been issued or is listed on the Social
Security Administration’s Death Master File; There is a lack of correlation between the SSN range and
date of birth.
Fraudulent Personal InformationFraudulent Personal Information
PII provided is associated with known fraudulent activity, or is of a type commonly associated with fraudulent activity. For example,
The address on a document is the same as the address provided on a known fraudulent document;
The address on a document is fictitious, a mail drop, or a prison;
The phone number is invalid or is associated with a pager or answering service.
Just how suspicious….?Just how suspicious….?
…a SSN provided for an account is the same as one provided by another person for a different account?
– How would you know?
– …the person opening a Covered Account fails to provide all the required personal identifying information on an application and then doesn’t respond to notices that the application is incomplete?
What do you do next?
…a person requesting access to a Covered Account cannot answer the security questions (mother’s maiden name, pet’s name, etc.)?
How do you handle this?
Looking Below the SurfaceLooking Below the Surface
Sometimes fraudulent activity is not that obvious.
Do you know what to do if…
…mail sent to the account-holder is returned repeatedly as
undeliverable although transactions continue to be conducted in connection with the Covered Account??
…the University is notified that a customer is not receiving paper account statements, even though they are being mailed and not returned??
On The Other Hand…On The Other Hand…
Sometimes the problem is obvious, but do you know the procedure when…
…the University receives a notice regarding possible identity theft in connection with Covered Accounts held by your unit???
…the University is notified that your department has opened a fraudulent account for a person engaged in identity theft???
Responding to Red FlagsResponding to Red Flags
Report known and suspected fraudulent activity immediately - to protect both Customers and the University from damages and loss:
Gather all related documentation and
– provide a complete description of the situation and report to your supervisor.
Taking ActionTaking Action
If a transaction is or appears to be fraudulent, take appropriate actions immediately:
Cancel the transaction; Notify your supervisor and if necessary, contact
and cooperate with University Police and appropriate law enforcement;
Determine the extent of liability of the University; Notify the Customer that fraud has been
attempted.
The Next Steps:The Next Steps:
Identify the red flags in your area; Set up procedures to detect those red
flags in day-to-day operations; Train all employees on the procedures; Decide what actions to take when a red
flag is detected; Periodically review the red flag list to
ensure that they are still relevant.
Test Your KnowledgeTest Your Knowledge
Following are several questions to test your knowledge of the information presented.
Answer all questions correctly to receive credit for the training.
Question #1Question #1
The Red Flag Rules applies to financial institutions and creditors that offer or maintain “Accounts”. Universities must comply with the Red Flag Rules.
TRUETRUE FALSEFALSE
REVIEWREVIEW
Question #2Question #2
The Rule’s goal is to detect, prevent, and mitigate identify theft in certain covered accounts the University maintains.
TRUETRUE FALSEFALSE
REVIEWREVIEW
Question #3Question #3
Users of consumer reports must develop reasonable policies and procedures to verify the identity of consumers and confirm their address when necessary.
TRUETRUE FALSEFALSE
REVIEWREVIEW
Question #4Question #4
Debit and Credit cards must develop reasonable policies and procedures to assess the validity of a request for change of address followed closely by a request for an additional or replacement card.
TRUETRUE FALSEFALSE
REVIEWREVIEW
Question #5Question #5Which of the following are potential indicators of fraud?
Alerts, notifications, or other Alerts, notifications, or other warnings from credit agencieswarnings from credit agencies
Suspicious documents or personalSuspicious documents or personalidentifying informationidentifying information
Unusual or suspicious accountUnusual or suspicious accountactivitiesactivities
Any and all of the aboveAny and all of the above
REVIEWREVIEW
Question #6Question #6
“Suspicious” documents include:
Identification documents appearIdentification documents appearto have been altered or forgedto have been altered or forged
Driver’s license photo does notDriver’s license photo does notmatch personmatch person
Identification provided isIdentification provided isinconsistent with information on fileinconsistent with information on file
Any and all of the aboveAny and all of the above
REVIEWREVIEW
Question #7Question #7
Personal Identification Information (PII) includes any name or number that may be used alone or in conjunction with any other information, to identify a specific individual.
TRUETRUE FALSEFALSE
REVIEWREVIEW
Question #8Question #8If a transaction is or appears to be fraudulent, you should immediately cancel the transaction, notify your supervisor and if necessary the campus police, determine the extent of liability of the University, and notify the customer that a fraud has been attempted.
TRUETRUE FALSEFALSE
REVIEWREVIEW
Question #9Question #9After you have identified the red flags of ID theft, what do you do next?
Set up procedures to detect thoseSet up procedures to detect thosered flags in your daily operations.red flags in your daily operations.
Train all employees who will useTrain all employees who will usethe procedures.the procedures.
Decide what actions to take whenDecide what actions to take whena red flag is detected.a red flag is detected.
All of the above.All of the above.
REVIEWREVIEW
Question #10Question #10
Your list of red flags should be reviewed periodically to be sure they are still relevant.
TRUETRUE FALSEFALSE
REVIEWREVIEW
Congratulations… Congratulations… you have completed your training you have completed your training
on Identity Theft and Red Flag on Identity Theft and Red Flag Rules.Rules.
The University of Texas at Tyler
General Compliance Training
The Training Post An Educational Computer Based Training Program
CBT