Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Theft Prevention Program Fighting Fraud at The University of Montana Red Flags Rules.

Similar presentations


Presentation on theme: "Identity Theft Prevention Program Fighting Fraud at The University of Montana Red Flags Rules."— Presentation transcript:

1 Identity Theft Prevention Program Fighting Fraud at The University of Montana Red Flags Rules

2 The University of Montana - Identity Theft Prevention Program 2 Training Objective: Ensure staff understand their responsibility to protect sensitive information, and know the steps to prevent, detect and respond to identity theft. This training is required as part of the University of Montana Identity Theft Prevention Program. Identity Theft Prevention Program

3 The University of Montana - Identity Theft Prevention Program 3 Training Objective: A Short quiz will follow this presentation. Correct answers will allow you to move forward and submit your answers. With incorrect answers, you will be taken back to the section stating the correct answer. You may resume the quiz by clicking the Resume Quiz link on the left. Identity Theft Prevention Program

4 The University of Montana - Identity Theft Prevention Program 4 Agenda  Background Why me? What information are we talking about?  Preventing Identity Theft How do I secure sensitive information to make sure this doesn’t happen?  Detecting Identity Theft What is a Red Flag, and how do I know one when I see one?  Responding to Identity Theft I found a Red Flag… now what do I do?  For more information… Where can I learn more? Identity Theft Prevention Program

5 The University of Montana - Identity Theft Prevention Program 5  The amount of data captured and stored by businesses doubles every months. Information Week  $221 billion a year is lost by businesses worldwide due to identity theft. The Aberdeen Group  As many as 10 million Americans a year are victims of identity theft. Identity Theft Resource Center, The Aftermath Study Background Failure to protect sensitive data can lead to identity theft or other harm to consumers — and also can harm The University of Montana, not just financially but also in loss of public trust.

6 The Gramm-Leach-Bliley Act’s Safeguards Rule requires financial institutions to provide reasonable safeguards for customer data. Under the Act, “financial institution” includes any entity that allows deferred payment for services (for example, attending class before tuition and fees are paid in full). In other words… This includes all affiliated campuses of The University of Montana, their contractors and sub-contractors. Background

7 The University of Montana - Identity Theft Prevention Program 7 Existing laws require us to:  “Implement measures that are reasonable and appropriate under the circumstances to protect sensitive consumer information,” and  Notify affected customers if there's a data breach. Examples of protected sensitive information include social security number, account information and information derived from credit reports. Background FTC Disposal Rule Fair and Accurate Credit Transaction Act (FACT) Gramm-Leach-Bliley Act Fair Credit Reporting Act Health Insurance Portability and Accountability Act (HIPAA) Federal Educational Right to Privacy Act (FERPA) Drivers Privacy Protection Act (DPPA) State Laws Federal Trade Commission Act

8 The University of Montana - Identity Theft Prevention Program 8 What is Personally Identifiable Information? Information that can be used alone, or in conjunction with other information, to identify a specific person. Some examples:  Name  Address  Social security number  Birth date  Drivers license number  Other identification number (790)  Passport number Preventing Identity Theft

9 The University of Montana - Identity Theft Prevention Program 9 Are you keeping information secure? Safeguarding sensitive information on your computers and in your files is YOUR RESPONSIBILITY, and is critical in preventing identity theft. A sound information security plan is built on five principles:  Take stock – know what you have  Scale down – keep only what you need  Lock it – protect the information in your care  Pitch it – properly dispose of what you don’t need  Plan ahead – know how to respond to incidents Preventing Identity Theft

10 The University of Montana - Identity Theft Prevention Program 10 Take Stock  Check Files and Computers for what information you have and where it is stored.  Don’t forget portable devices and offsite locations, including employees’ home computers. For example, an employee s to a personal account, or copies to USB storage, sensitive information for use while working from home.  Trace the flow of information from data entry, receipt/filing to disposal. At every stage, determine who has access – and who should have access. Preventing Identity Theft

11 The University of Montana - Identity Theft Prevention Program 11 Scale Down  Collect only what you need, and keep it only for the time you need it.  Be cautious of what you store on devices connected to the internet!  For receipts you give to customers, eliminate sensitive or personally identifying information (for example, 790 number or credit card number).  Do not collect social security numbers out of habit or convenience. Only collect them when needed (for example, payroll reporting to IRS). Preventing Identity Theft

12 The University of Montana - Identity Theft Prevention Program 12 Lock It  Lock offices, desks, store rooms and file drawers, and train employees to keep them that way.  Limit access to databases, computer files and storage areas with sensitive files to only those people required to use that information as part of their job duties.  Don’t store sensitive information on a workstation or mobile device.  Secure data that is shipped or stored offsite. Preventing Identity Theft

13 The University of Montana - Identity Theft Prevention Program 13 Pitch It  Shred paper records you don’t need. Make sure you’ve met any applicable retention requirements! State Records Retention Schedules  Use disk wiping utility programs on computers and portable storage devices before disposing of them. MUS Board of Regents Policy 1308 MUS Board of Regents Policy 1308 (Disposal of Computer Storage Devices) Preventing Identity Theft

14 The University of Montana - Identity Theft Prevention Program 14 Plan Ahead  Put together a “What if?” plan to detect and respond to a security incident.  Designate a senior staff member to coordinate your response.  Investigate right away and know how to preserve evidence, such as computer logs and files, and original documents.  Take steps to close off vulnerabilities, for example disconnect compromised computers from the Internet.  Inform the Identity Theft Program Administrator for your campus and Public Safety or law enforcement. Preventing Identity Theft

15 The University of Montana - Identity Theft Prevention Program 15 Training and Oversight  Train your employees!  Oversee contractors and service providers  Use good hiring practices (check references, and consider background checks in security-sensitive positions)  Build information security training into orientation. Preventing Identity Theft

16 The University of Montana - Identity Theft Prevention Program 16 What is a Red Flag? “A pattern, practice, or specific activity that indicates the possible existence of Identity Theft” In other words…  A Red Flag helps us detect Identity Theft.  A Red Flag is a warning that something may be wrong.  It can be something one says, does, or gives you that makes you suspect he or she is not who they claim to be.  It can be something that happens on an account that is unusual or suspicious. Detecting Identity Theft

17 The University of Montana - Identity Theft Prevention Program 17 Five Categories of Red Flags An alert, notification or warning from a consumer reporting agency Suspicious documents Suspicious personally identifying information Unusual use of, or suspicious activity related to, a covered account Notification by a victim of identity theft, a law enforcement authority, or other person, that the account is being used for identity theft Detecting Identity Theft

18 The University of Montana - Identity Theft Prevention Program 18 What are covered accounts?  Any account that the University offers or maintains that is designed to permit multiple payments or transactions.  Other types of accounts if there is a reasonably foreseeable risk of fraud or identity theft risk to customers or The University. Detecting Identity Theft Student Accounts Payroll Accounts Student Loans & Financial Aid Campus ID Cards!

19 The University of Montana - Identity Theft Prevention Program 19 Suspicious Documents  Documents that appear to be altered or forged.  A photo ID that does not reasonably resemble the person presenting it.  Information on an ID that does not agree with other information being provided, for example different names or birth dates, or signatures that are not reasonably alike.  Information that does not agree with data already on file. Detecting Identity Theft Hmm…

20 The University of Montana - Identity Theft Prevention Program 20 Suspicious Personally Identifying Information  PII provided: -Is not consistent when compared with external sources -Is not consistent with other PII provided by the customer -Is associated with known fraudulent activity -Is a type commonly associated with fraudulent activity -Is not consistent with other PII on file with the University  The social security number provided is the same as that submitted by someone else  The address or telephone number provided is the same as an unusually large number of other people  The person attempting to open a new account fails to provide all required PII on request Detecting Identity Theft

21 The University of Montana - Identity Theft Prevention Program 21 Unusual Use or Suspicious Activity - Examples  Shortly following the notice of a change of address, the University receives a request for a new card or additional authorized users of an account  The covered account is used in a manner that is not consistent with established patterns of activity  Mail is repeatedly returned as undeliverable though transactions continue to be conducted on the account  An account that has been inactive for a relatively long period of time is used  The University is notified that the account holder is no longer receiving paper account statements  The University is notified of unauthorized changes or transactions in connection with a covered account. Detecting Identity Theft

22 The University of Montana - Identity Theft Prevention Program 22 University Experience and Guidance Follow your department’s procedures for verifying the identity of your customer. Offices and departments should also incorporate identity theft experience of the University, office or school into their procedures, such as:  Actual past incidents of identity theft  Additional methods the University has identified that reflect changes in identity theft risks  Updates to the Identity Theft Prevention Program Ask your Identity Theft Prevention Program Administrator for help in making sure your procedures are sufficient. Detecting Identity Theft

23 The University of Montana - Identity Theft Prevention Program 23 When should I look for Red Flags? Student Enrollment Offices (new accounts)  Require certain identifying information such as name, date of birth, academic records, home address or other identification.  Verify the student’s identity when you issue the student ID card (with drivers license or other government-issued photo identification) Ask your supervisor for information on the specific documents that are (and are not!) acceptable to verify identity. Detecting Identity Theft

24 The University of Montana - Identity Theft Prevention Program 24 When should I look for Red Flags? For Existing Accounts  Verify the identification of students if they request any information about their records or account, regardless of whether the request is in person, by phone, by fax or by .  Verify the validity of any request to change billing address, and provide the student a reasonable means of promptly reporting incorrect billing address changes.  Verify any request to change banking information given for billing and payment purposes. Detecting Identity Theft

25 The University of Montana - Identity Theft Prevention Program 25 What do I do if I suspect identity theft? 1.Notify your supervisor. 2.Investigate to the extent needed to determine if identity theft is likely or a data breach has occurred. Responding to Identity Theft 3.Assess whether a response is needed and take immediate action if necessary. 4.Notify your Identity Theft Prevention Program Administrator and Public Safety or local law enforcement (if applicable), and plan your response.

26 The University of Montana - Identity Theft Prevention Program 26 Actions to Consider (depending on circumstances) :  Cancel the suspected fraudulent transaction if possible  Contact the person who “owns” the account (for example, the student)  Change any passwords or security codes/devices that permit access to the account  Monitor activity on the account  Place a hold on the account Responding to Identity Theft

27 The University of Montana - Identity Theft Prevention Program 27 Actions to Consider (depending on circumstances) :  Close the account  Reopen the account with a new account number  Refuse to open a new account  Refuse payments on an account  Other actions based on advice from -Identity Theft Prevention Program Administrator for your campus -Public Safety or local law enforcement -IT Security Officer -Internal Audit Responding to Identity Theft

28 The University of Montana - Identity Theft Prevention Program 28 For More Information  Policies and Procedures – MUS Board of Regents Policy (Identity Theft Prevention Program) MUS Board of Regents Policy – MUS Board of Regents Policy (Information Security) MUS Board of Regents Policy – UM Policy – UM Identity Theft Prevention Program  Other Resources for Businesses (to help us protect our customers) – Federal Trade Commission Fighting Fraud with the Red Flags Rule: A How-To Guide for Business Fighting Back Against Identity Theft Information Compromise and the Risk of Identity Theft: Guidance for your Business – US Department of the Treasury, President’s Task Force on Identity Theft, Combating Identity Theft: A Strategic PlanCombating Identity Theft: A Strategic Plan – Department of Defense, Personally Identifiable Information TrainingPersonally Identifiable Information Training Identity Theft Prevention Program

29 The University of Montana - Identity Theft Prevention Program 29 For More Information  Other Resources for Consumers (to help you protect yourself!) – Federal Trade Commission, Avoid Identity Theft videoAvoid Identity Theft – Federal Trade Commission, Take Charge: Fighting Back Against Identity TheftTake Charge: Fighting Back Against Identity Theft – OnGuard OnLine, ID Theft Face Off online game/quizID Theft Face Off – National Consumers League National Consumers League Identity Theft Prevention Program

30 The University of Montana - Identity Theft Prevention Program 30 Questions/Comments?  Identity Theft Prevention Program Administrator Russ Fillner (UM Helena COT), Mark Pullium (UM Missoula),  IT Security Officer Adrian Irish,  Internal Audit Dyan Hudson, Identity Theft Prevention Program


Download ppt "Identity Theft Prevention Program Fighting Fraud at The University of Montana Red Flags Rules."

Similar presentations


Ads by Google