Red Flags Response
Red Flags Response
Policy
________________________________________
Document Number: REDFLAG--115 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 01/03/2012
________________________________________
General Description
Description: Information about the red flags response relative to Red Flags Identity Theft Policy.
Purpose: Delineation of policy.
Scope: All faculty, staff, students, and administrators
Responsibility: Executive VP
VP of Business and Finance
________________________________________
Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes
Terms and Definitions: Additional training
Corrective Action
Loss of privilege, general
Termination
________________________________________
Policy Provisions
1. Red Flags Response
1.1 Response to Alerts, Notifications or Warnings from a Consumer Reporting Agency
When a company representative is presented with an alert, notification or warning from a consumer reporting agency, they must act quickly in an effort to prevent or mitigate loss for the customer and the University. Appropriate responses are as follows:
1. Take additional steps to verify identity.
2. Flag relevant accounts.
3. Monitor account activity.
4. Decline account application.
5. Validate address.
6. Document with a Suspicious Activity Report (SAR).
7. Notify existing customer on record.
8. Other
1.2 Response to Suspicious Documents
In the course of business, a company representative may be presented with suspicious documents. Appropriate responses are as follows:
1. Verify using third party resources.
2. Verify using existing account records.
3. Decline application.
4. Decline account access.
5. Document with a Suspicious Activity Report (SAR).
6. Notify law enforcement (if necessary)
7. Notify existing customer on record
8. Other
1.3 Response to Suspicious Identifying Personal Information
When a person provides suspicious or inconsistent identifying information to a company representative, the response is as follows:
1. Escalate verification to a higher level.
2. Decline account application.
3. Decline account access.
4. Notify existing customer on record.
5. Change account access information.
6. Change account numbers.
7. Document with a Suspicious Activity Report (SAR).
8. Involve law enforcement.
9. Other
1.4 Response to Unusual Use of or Suspicious Activity Related to the Covered Account
Company representatives shall be vigilant in protecting customer accounts when transacting, servicing, or processing business. When suspicious activity or unusual patterns emerge in covered accounts, the appropriate responses are as follows:
1. Use Personal Knowledge questions for verification.
2. Validate address.
3. Decline account access.
4. Document with a Suspicious Activity Report (SAR).
5. Notify existing customer on record.
6. Change account access information.
7. Change account numbers.
8. Involve law enforcement.
9. Other
1.5 Response to Notice From Customers, Victims of Identity Theft, Law Enforcement Authorities, or Other Persons Regarding Possible Identity Theft in Connection with Covered Accounts
Company representatives that are notified of a security incident from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts must immediately inform senior management and the Identity Theft Prevention Officer. Appropriate responses are as follows:
1. Decline account access
2. Close fraudulent account
3. Document with a Suspicious Activity Report (SAR)
4. Notify existing customer on record
5. Open new account
6. Do Not Attempt to Collect on the Fraudulent Account from the True Identity
7. Cooperate with law enforcement
8. Other
________________________________________
Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate
Consequences: Further training
Job Termination
________________________________________
Subject Experts
The following may be consulted for additional information.
Executive VP
VP of Business and Finance