In late 2007 the Federal Trade Commission (FTC) and the Federal Banking agencies issued a regulation known as the Red Flag Rule under sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003. The regulation applies to any organization that offers credit or manages a “covered account”. The Red Flag rule requires any organization that maintains a “covered account” to establish, document and maintain an identity theft prevention program that identifies potential Red Flags, detects the occurrence of Red Flags and appropriately responds to Red Flags.
A “Covered Account” is 1) any account the University offers or maintains primarily for personal, family or household purposes, that involves multiple payments or transactions or 2) any other account the University offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the University from Identity Theft.
A “Red Flag” is defined as a pattern, practice or specific activity that indicates the possible existence of identity theft. Examples of “Red Flag” incidents include presentation of suspicious identity documents or frequent address changes.
“Identifying Information” is any name or number that may be used, alone or in conjunction with any other information, to identify a specific person including:
Social security number
Date of birth
Government issued driver’s license or identification number
Alien registration number
Government passport number
Employer or taxpayer identification number
Unique electronic identification number
Computer‘s Internet Protocol address or routing code
“Identify Theft” is a fraud committed using the identifying information of another person without authority.
The law requires that a Red Flag policy and program be approved by the organization’s governing board or a committee of the board. Oversight of the program is to be assigned to an administrator with program reviews conducted annually. Each Program must contain reasonable policies and procedures to detect, identify, and mitigate identity theft in its covered accounts.
The Red Flag rules were to be effective on May 1, 2009. The FTC extended the deadline several times with the final effective date of May 2010.
An Ad Hoc Committee of individuals was appointed to determine the impact of the Red Flag Rules on Emporia State University. The Committee included individuals who were directly impacted by the FTC’s Red Flag Rule. Individuals from Admissions, Financial Aid, Registration, Technology and Computing Services, Business Office, Graduate Office and Student Affairs met to discuss the development of an Identity Theft Prevention Program.
Emporia State University’s program was approved on November 9, 2009 by the President Michael Lane. The program can be found in ESU’s Policy Manual under Section 3H. IDENTITY THEFT PREVENTION PROGRAM at the following website: http://www.emporia.edu/acadaff/pdf/EmployeePolicyManual.pdf
Members are appointed each year to the Identity Theft Prevention Program Committee by the President or Interim President of Emporia State University. The Committee members consist of individuals from the following areas: Controller, Registrar, AVP Technology & Computing Services, Graduate Education, International Education and Admissions. The function of the committee is to assure implementation and compliance with ESU’s Identity Theft Program.
While there are no guarantees about avoiding identity theft, it is important for you to know how to:
Deter identity thieves by safeguarding your personal information,
Detect suspicious activity by routinely monitoring your financial accounts and billing statements
Defend against identity theft as soon as you suspect a problem.
Awareness is among the most powerful tools in the fight against identity theft. The more you know how to protect your identity and what to do if a problem occurs, the harder it is for identity thieves to commit their crimes.
Educating our Campus Community about identity theft, including our students, is critically important. Education will save time and money by reducing the risk of being victimized, detecting any problems quickly and knowing what to do. Education will help avoid or reduce the emotional stress that often comes with identity theft. Education will provide peace of mind that comes from better understanding this issue and knowing how to take action.
Deter identity thieves by safeguarding your information.
Detect suspicious activity by routinely monitoring your financial accounts and billing statements.
Defend against identity theft as soon as you suspect a problem.
Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open and debts on your accounts that you can’t explain.
In the event that University personnel detect any identified Red Flags, such personnel shall respond by taking one or more of the following steps, depending on the degree of risk posed by the Red Flag:
1. Notify the Program Administrator for determination of the appropriate step(s) to take;
2. Continue to monitor a Covered Account for evidence of Identity Theft;
3. Contact the customer, student or applicant (for which a credit report was run);
4. Change any passwords or other security devices that permit access to Covered Accounts;
5. Not open a new Covered Account;
6. Close an existing Account;
7. Provide the customer or student with a new customer or student identification number;
8. Notify law enforcement, KBOR or other entities and individuals as appropriate;
9. File or assist in filing a Suspicious Activities Report (“SAR”); or
10. Determine that no response is warranted under the particular circumstances.
Become familiar with the Identity Theft Prevention Program which is located in the policy manual under section 3H.: http://www.emporia.edu/acadaff/pdf/EmployeePolicyManual.pdf
Look for suspicious activity or suspicious behavior as outlined in the policy manual and notify the Program Administrator.
The Controller at Emporia State University has been designated the Program Administrator for the Identity Theft Prevention Program. The Controller can be reached at 620-341-5413.
Emporia State University acknowledges the use and adaptation of portions of the FTC’s publication “Talking About Identity Theft: A How-To Guide” found online at: http://www.ftc.gov/bcp/edu/microsites/idtheft/