Presentation on theme: "Identity Theft and Red Flag Rules Training Module The University of Texas at Tyler."— Presentation transcript:
Identity Theft and Red Flag Rules Training Module The University of Texas at Tyler
Identity Theft - Red Flag Training This training is intended for view prior to each area creating their own unique policies and procedures for identifying, detecting, preventing, and mitigating identity theft.
Identity Theft - Red Flags Red flags in this training means a pattern, practice, or specific activity that indicates the possible existence of identity theft.
Red Flag Rules Background n In November 2007, final rules were issued to implement the Identity Theft Flags Rule. n The Rule applies to financial Institutions including universities that offer or maintain Accounts; n The Rule requires the implementation of a written Identity Theft Prevention Program.
UT Tyler falls within the scope of the Red Flag Rules because we act as a “creditor” by: n regularly extending, renewing, or continuing credit; n regularly arranging for such credit; n acting as an assignee of an original creditor. Simply accepting credit cards as a form of payment does not make you a “creditor” under the Red Flags Rule. But if you offer a debit or credit card, arrange credit for your customers, or extend credit by selling customers goods or services now and billing them later, you are a “creditor” under the law.
COVERED ACCOUNTS n The Rule’s goal is to detect, prevent, and mitigate identity theft in certain 'covered accounts.' n A ‘covered account’ is any account that the University of Texas at Tyler offers or maintains: –Primarily for personal, family, or household purposes, or –That permits multiple payments or transactions, or –For which there is a reasonably foreseeable risk of identity theft.
THE RULE n …is actually three different but related rules - all will definitely apply to the following areas at UT Tyler: n (681.1) Users of Consumer Reports and background checks n (681.2) Creditors holding ‘Covered Accounts’ n (681.3) Issuers of Debit and Credit Cards
USERS OF CONSUMER REPORTS (681.1) Users of consumer reports must develop reasonable policies and procedures to verify the identity of consumers and confirm their addresses, when necessary. Applies to any areas of UT Tyler that utilize consumer reporting agencies (Equifax, Experion, TransUnion) for any reason, i.e. credit or background checks for loans or collection purposes, or for new hire applicants. Includes Human Resources, Campus Police, Nursing, etc.
CREDITORS n (681.2) “…creditors holding ‘covered accounts’ must develop and implement written procedures for both new and existing accounts.” –This provision applies to any areas of UT Tyler that issue any type of credit, i.e. Stafford Loans, Housing or Meal Payment Plans, Student Deferred Payment Plans, emergency loans, P2 cards, Swoop cards, Procards, Travel cards, etc.
Debit and Credit Card Issuers n (681.3) Debit and credit card issuers must develop reasonable policies and procedures to assess the validity of a request for change of address followed closely by a request for an additional or replacement card.
Identifying Red Flags and Fraud Indicators n A Red Flag, or any situation closely resembling one, should be investigated for verification. n The following are potential indicators of fraud: Alerts, notifications, or other warnings from credit agencies Suspicious documents or personal identifying information Unusual or suspicious account activities Notices from customers, victims of identity theft, law enforcement authorities, or others
Alerts, Notifications, and Warnings n Watch for these notices from consumer reporting agencies, service providers, or fraud detection services: –An active duty alert or a fraud alert included with a consumer report; active duty alertfraud alertactive duty alertfraud alert –A notice of credit freeze in response to a request for a consumer report; or credit freezecredit freeze –A notice of address discrepancy. address discrepancyaddress discrepancy n You'll need to add a procedure for appropriate responses to notices.
Suspicious Documents n Identification documents that appear to have been altered or forged. n The photograph or physical description on an ID that doesn’t match the Customer presenting it. n Information on the identification that is inconsistent with other information provided or readily accessible, such as a signature card or a recent check. n An application or document that appears to have been destroyed and reassembled.
Suspicious Personal Information n Personal Identifying Information (PII) is any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual. Examples of suspicious personal information: n PII provided is inconsistent with PII that is on file, or when compared to external sources. For example, The address does not match any address in the consumer report; The SSN has not been issued or is listed on the Social Security Administration’s Death Master File; There is a lack of correlation between the SSN range and date of birth.
Fraudulent Personal Information n PII provided is associated with known fraudulent activity, or is of a type commonly associated with fraudulent activity. For example, The address on a document is the same as the address provided on a known fraudulent document; The address on a document is fictitious, a mail drop, or a prison; The phone number is invalid or is associated with a pager or answering service.
Just how suspicious….? n …a SSN provided for an account is the same as one provided by another person for a different account? –How would you know? – …the person opening a Covered Account fails to provide all the required personal identifying information on an application and then doesn’t respond to notices that the application is incomplete? n What do you do next? n …a person requesting access to a Covered Account cannot answer the security questions (mother’s maiden name, pet’s name, etc.)? n How do you handle this?
Looking Below the Surface n Sometimes fraudulent activity is not that obvious. Do you know what to do if… n …mail sent to the account-holder is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the Covered Account?? n …the University is notified that a customer is not receiving paper account statements, even though they are being mailed and not returned??
On The Other Hand… n Sometimes the problem is obvious, but do you know the procedure when… n …the University receives a notice regarding possible identity theft in connection with Covered Accounts held by your unit??? n …the University is notified that your department has opened a fraudulent account for a person engaged in identity theft???
Responding to Red Flags n Report known and suspected fraudulent activity immediately - to protect both Customers and the University from damages and loss: n Gather all related documentation and –provide a complete description of the situation and report to your supervisor.
Taking Action n If a transaction is or appears to be fraudulent, take appropriate actions immediately: n Cancel the transaction; n Notify your supervisor and if necessary, contact and cooperate with University Police and appropriate law enforcement; n Determine the extent of liability of the University; n Notify the Customer that fraud has been attempted.
The Next Steps: n Identify the red flags in your area; n Set up procedures to detect those red flags in day-to-day operations; n Train all employees on the procedures; n Decide what actions to take when a red flag is detected; n Periodically review the red flag list to ensure that they are still relevant.
Test Your Knowledge Following are several questions to test your knowledge of the information presented. Answer all questions correctly to receive credit for the training.
Question #1 The Red Flag Rules applies to financial institutions and creditors that offer or maintain “Accounts”. Universities must comply with the Red Flag Rules. TRUE FALSE
Question #2 The Rule’s goal is to detect, prevent, and mitigate identify theft in certain covered accounts the University maintains. TRUE FALSE
Question #3 Users of consumer reports must develop reasonable policies and procedures to verify the identity of consumers and confirm their address when necessary. TRUE FALSE
Question #4 Debit and Credit cards must develop reasonable policies and procedures to assess the validity of a request for change of address followed closely by a request for an additional or replacement card. TRUE FALSE
Question #5 Which of the following are potential indicators of fraud? Alerts, notifications, or other Alerts, notifications, or other warnings from credit agencies warnings from credit agencies Suspicious documents or personal Suspicious documents or personal identifying information identifying information Unusual or suspicious account Unusual or suspicious account activities Any and all of the above Any and all of the above
Question #6 “Suspicious” documents include: Identification documents appear Identification documents appear to have been altered or forged to have been altered or forged Driver’s license photo does not Driver’s license photo does not match person match person Identification provided is Identification provided is inconsistent with information on file inconsistent with information on file Any and all of the above Any and all of the above
Question #7 Personal Identification Information (PII) includes any name or number that may be used alone or in conjunction with any other information, to identify a specific individual. TRUE FALSE
Question #8 If a transaction is or appears to be fraudulent, you should immediately cancel the transaction, notify your supervisor and if necessary the campus police, determine the extent of liability of the University, and notify the customer that a fraud has been attempted. TRUE FALSE
Question #9 After you have identified the red flags of ID theft, what do you do next? Set up procedures to detect those Set up procedures to detect those red flags in your daily operations. red flags in your daily operations. Train all employees who will use Train all employees who will use the procedures. the procedures. Decide what actions to take when Decide what actions to take when a red flag is detected. a red flag is detected. All of the above. All of the above.
Question #10 Your list of red flags should be reviewed periodically to be sure they are still relevant. TRUE FALSE
Congratulations… you have completed your training on Identity Theft and Red Flag Rules. The University of Texas at Tyler General Compliance Training
The Training Post An Educational Computer Based Training Program CBTCBT