• Home

  • Documents

  • Office of Administration and Finance - Compliance Title: Identity … · 2019. 10. 2. · Detecting...
4
Office of Administration and Finance - Compliance Page 1 of 4 Title: Identity Theft Detection and Prevention (Red Flag) Policy; Staff Policy Reference: By-Laws of Benedictine University Background: The Federal Trade Commission's Red Flags Rule, implementing Section 114 of the Fair and Accurate Credit Transactions Act of 2003, requires Universities having Covered Accounts to implement Identity Theft prevention and detection programs appropriate to the size and complexity of their operations and account systems; and the nature and scope of their activities. The Rule mandates the creation and continued administration of a program designed to detect, prevent and mitigate Identity Theft in existing Covered Accounts or the opening of new Covered Accounts. Policy Statement: Benedictine University’s (“University”) Red Flag Program (“Program”) identifies and incorporates into the Program, relevant Red Flags for Covered Accounts; detects and reasonably responds to Red Flags in order to prevent and mitigate Identity Theft; and ensures the Program is updated periodically to reflect changes in risks to students from Identity Theft. Service Providers engaged to perform activities in connection with covered accounts or loans covered by the Program, are required by contract to perform in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of Identity Theft and to report detected Red Flags to the University. The Program applies to all employee and student loans with the University and all employee and student financial accounts or payment plans for debts owed to the University that involve multiple transactions or multiple payments. The Program does not apply to financial transactions where the University is not a creditor or lender (e.g., arrangements for employee direct deposit of payroll checks, acceptance of checks or credit cards for on-campus purchases or donor gifts to the University, etc.). Neither does the Program apply to any non-financial transaction (e.g., transcript requests, requests for issuance of keys to campus offices, requests to give an employee or student access to a confidential database.) Definitions: Covered Account: Employee or student accounts, loans and payment plans for debts owed to the University that involve multiple transactions or multiple payments and are administered by the University. Identifying Information: A name or number that may be used, alone or with other information, to identify a specific person, including: name, address, telephone number, date of birth, social security number, valid driver’s license or government issued identification number, alien registration number, passport number, taxpayer identification number, student number, Internet Protocol address, or routing code. Identity Theft: Unauthorized use of the Identifying Information of another person, to commit or attempt to commit a fraud. Red Flag: Activity that indicates the possibility of Identity Theft. Service Provider: Any third party providing services, goods, assets, or facilities to the

Office of Administration and Finance - Compliance Title: Identity … · 2019. 10. 2. · Detecting Red Flags • In order to detect Red Flags for new or existing accounts, Benedictine

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Office of Administration and Finance - Compliance Title: Identity … · 2019. 10. 2. · Detecting Red Flags • In order to detect Red Flags for new or existing accounts, Benedictine

Office of Administration and Finance - Compliance

Page 1 of 4

Title: Identity Theft Detection and Prevention (Red Flag) Policy; Staff

Policy Reference: By-Laws of Benedictine University

Background: The Federal Trade Commission's Red Flags Rule, implementing Section 114 of the Fair and Accurate Credit Transactions Act of 2003, requires Universities having Covered Accounts to implement Identity Theft prevention and detection programs appropriate to the size and complexity of their operations and account systems; and the nature and scope of their activities. The Rule mandates the creation and continued administration of a program designed to detect, prevent and mitigate Identity Theft in existing Covered Accounts or the opening of new Covered Accounts.

Policy Statement: Benedictine University’s (“University”) Red Flag Program (“Program”) identifies and incorporates into the Program, relevant Red Flags for Covered Accounts; detects and reasonably responds to Red Flags in order to prevent and mitigate Identity Theft; and ensures the Program is updated periodically to reflect changes in risks to students from Identity Theft. Service Providers engaged to perform activities in connection with covered accounts or loans covered by the Program, are required by contract to perform in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of Identity Theft and to report detected Red Flags to the University.

The Program applies to all employee and student loans with the University and all employee and student financial accounts or payment plans for debts owed to the University that involve multiple transactions or multiple payments. The Program does not apply to financial transactions where the University is not a creditor or lender (e.g., arrangements for employee direct deposit of payroll checks, acceptance of checks or credit cards for on-campus purchases or donor gifts to the University, etc.). Neither does the Program apply to any non-financial transaction (e.g., transcript requests, requests for issuance of keys to campus offices, requests to give an employee or student access to a confidential database.)

Definitions:

• Covered Account: Employee or student accounts, loans and payment plans for debtsowed to the University that involve multiple transactions or multiple payments and areadministered by the University.

• Identifying Information: A name or number that may be used, alone or with otherinformation, to identify a specific person, including: name, address, telephone number, dateof birth, social security number, valid driver’s license or government issued identificationnumber, alien registration number, passport number, taxpayer identification number, studentnumber, Internet Protocol address, or routing code.

• Identity Theft: Unauthorized use of the Identifying Information of another person, tocommit or attempt to commit a fraud.

• Red Flag: Activity that indicates the possibility of Identity Theft.• Service Provider: Any third party providing services, goods, assets, or facilities to the

krappel
Typewritten Text
Page 2: Office of Administration and Finance - Compliance Title: Identity … · 2019. 10. 2. · Detecting Red Flags • In order to detect Red Flags for new or existing accounts, Benedictine

Office of Administration and Finance- Compliance

Page 2 of 4

University including contractors, sub-contractors, consultants, professional service contractors, and suppliers.

Roles and Responsibilities:

Detecting Red Flags • In order to detect Red Flags for new or existing accounts, Benedictine University employees

are responsible to:• Require identifying information such as name, date of birth, academic records, home

address or other identification to verify the person’s identity at the time ofemployment, enrollment, opening an account or applying for a loan;

• Verify the person’s identity by reviewing a driver’s license or other government- issued photo identification at the time Bencards are issued;

• Verify the identity of students and employees requesting account or loan information(in person, via telephone, via facsimile, via email); or attempting to conducttransactions on covered accounts;

• Verify the validity of requests to change billing addresses by mail or email and providethe student a reasonable means of promptly reporting incorrect billing address changes;

• Verify changes in banking information given for billing and payment purposes;• Use reasonable measures to monitor transactions on particular accounts including

employee and student tuition loans, loan repayment assistance programs, tuitionpayment plans, payroll advances, and employee and student accounts billed monthly;

• Require Service Providers by contract, to have reasonable policies for the detection,prevention and mitigation of Identity Theft and to report any detected red flags to theUniversity.

• Use appropriate diligence, and follow other University policies and procedures forany transaction outside the scope of the Program having privacy or informationsecurity implications;

• In order to detect Red Flags in a credit or background report obtained for volunteer or jobapplicant, Benedictine University employees are responsible to:• Require written verification from all applicants that the address provided by the

applicant is accurate at the time the request for the credit report is made to theconsumer reporting agency;

• If a notice of address discrepancy is received, verify that the credit report pertains tothe applicant for whom the request was made and report the confirmed address for theapplicant to the consumer reporting agency.

Preventing and Mitigating Identity Theft • In the event a Red Flag is detected, Benedictine University employees are responsible to take

one or more of the following steps, depending on the degree of risk posed by the Red Flag:• Immediately notify their manager, University Police or the Chief Legal and Risk

Management Officer for determination of the appropriate step(s) to take;• Monitor the Covered Account for evidence of Identity Theft;• Contact the student or applicant (for whom a credit report was obtained);• Change passwords or other security devices that permit access to Covered Accounts;

Page 3: Office of Administration and Finance - Compliance Title: Identity … · 2019. 10. 2. · Detecting Red Flags • In order to detect Red Flags for new or existing accounts, Benedictine

Office of Administration and Finance - Compliance

Page 3 of 4

• Not open a new Covered Account;• Provide the student with a new student identification number;• Notify law enforcement;• Determine that no response is warranted under the particular circumstances.

• In order to further reduce the risk of Identity Theft, University employees are responsible toprotect student identifying information by taking the following steps:• Avoid use of social security numbers;• Require only the student information necessary for University purposes.• Password protect office computers with access to Covered Account information;• Completely and securely destroy paper documents and computer files containing student

account information when a decision has been made to no longer maintain suchinformation;

Program Administration • At least annually or as otherwise requested by the Chief Legal and Risk Management Officer,

University managers responsible for development, implementation, and administration of the Program shall report on compliance with this Program. The report should address;

•Significant incidents involving identity theft;

• Management’s response;• Recommendations for changes to the Program;• Service provider arrangements;

• The Chief Legal and Risk Management Officer is responsible to:• Ensure appropriate training of University staff to effectively implement the Program;• Review particular cases or issues of possible Identity Theft reported by University

employees and determine what preventive or mitigating measures are appropriateunder the circumstances;

• Consider periodic changes to the Program.• Assess compliance with the Program during periodic Compliance Reviews.

• Information about the University’s specific Red Flag identification, detection, and mitigationand prevention practices is limited to those employees with a need to know them. Programdocuments describing specific practices are considered “confidential” and should not beshared with other University employees or the public.

Contacts:

• Nancy Stoecker, Chief Legal and Risk Management Officer

(630) 829-6402 • Timothy Hopkins, Chief Information Officer (630) 829-6584 • Marco Masini, Dean of Students (630) 829-6006• Senior Associate Dean Financial Aid (630) 829-6415 • Derek Ferguson, Chief of Police (630) 829-1101

Page 4: Office of Administration and Finance - Compliance Title: Identity … · 2019. 10. 2. · Detecting Red Flags • In order to detect Red Flags for new or existing accounts, Benedictine

Office of Administration and Finance - Compliance

Page 4 of 4

Additional Resources: • Benedictine Universit y Red Flags List• Faculty Handbook 2018• Employee Handbook 2008Date of Issuance: July 29, 2009 Last Revised: October 2, 2019 Department Responsible: Compliance


Using red flags to identify serious pathologysussexmskpartnershipcentral.co.uk/.../06/Using-red-flags-to-identify-serious-pathology.pdfUsing red flags to identify serious pathology

Using red flags to identify serious pathologysussexmskpartnershipcentral.co.uk/.../06/Using-red-flags-to-identify-serious-pathology.pdfUsing red flags to identify serious pathology

Documents
Spotting Every Day Red Flags

Spotting Every Day Red Flags

Documents
Creating Your Red Flags Rule Playbook

Creating Your Red Flags Rule Playbook

Technology
Anti-money laundering program | Compliance...Customer Behavior Red Flags Customer Transaction Red Flags Source of Funds Red Flags Revision History Minnesota Life Anti-Money Laundering

Anti-money laundering program | Compliance...Customer Behavior Red Flags Customer Transaction Red Flags Source of Funds Red Flags Revision History Minnesota Life Anti-Money Laundering

Documents
Fraud Risk: Red Flags in Context

Fraud Risk: Red Flags in Context

Education
Cardiovascular Red Flags Overview - Home Page - … Red Flags in ... Cardiovascular Red Flags Overview ... • List the findings from an athlete’s physical examination that

Cardiovascular Red Flags Overview - Home Page - … Red Flags in ... Cardiovascular Red Flags Overview ... • List the findings from an athlete’s physical examination that

Documents
Cardiovascular Red Flags Overview...Cardiovascular Red Flags Overview • Learning objectives • Personal history red flags • Family history red flags • Physical examination findings

Cardiovascular Red Flags Overview...Cardiovascular Red Flags Overview • Learning objectives • Personal history red flags • Family history red flags • Physical examination findings

Documents
Moving Company Red Flags to Avoid

Moving Company Red Flags to Avoid

Lifestyle
Red Flags & Iron Crosses 1

Red Flags & Iron Crosses 1

Documents
‘Red Flags of Corruption’ in World Bank Projects€¦ · red flags analyzed; (ii) potentially tainted contracts did not exhibit notably more red flags than control contracts;

‘Red Flags of Corruption’ in World Bank Projects€¦ · red flags analyzed; (ii) potentially tainted contracts did not exhibit notably more red flags than control contracts;

Documents
10 Red Flags

10 Red Flags

Education
Sclerosi Multipla: “Red Flags” neuroradiologiche ... Flags radiologi… · Sclerosi Multipla: “Red Flags” neuroradiologiche Massimiliano Calabrese La diagnosi di Sclerosi

Sclerosi Multipla: “Red Flags” neuroradiologiche ... Flags radiologi… · Sclerosi Multipla: “Red Flags” neuroradiologiche Massimiliano Calabrese La diagnosi di Sclerosi

Documents
Audit Red Flags Of The IRS

Audit Red Flags Of The IRS

Law
Red Flags for Primary Teachers

Red Flags for Primary Teachers

Documents
Red Flags (CCSA Study Guide)

Red Flags (CCSA Study Guide)

Documents
Developmental Red Flags

Developmental Red Flags

Documents
Red Flags and Telltales - National Board of Boiler and ... · Red Flags and Telltales: Spotting Signs of Risky Behavior . Outline of Talk I. Overview II. Red Flags of Deception and

Red Flags and Telltales - National Board of Boiler and ... · Red Flags and Telltales: Spotting Signs of Risky Behavior . Outline of Talk I. Overview II. Red Flags of Deception and

Documents
Post Holdings Red Flags Galore

Post Holdings Red Flags Galore

Documents
RED FLAGS AND FRAUD PREVENTION ON RURAL BANKSkonsultanbpr.com/wp-content/uploads/2018/11/Red-Flags... · 2018. 11. 30. · Red Flags and Fraud Prevention on Rural Banks 179 Berdasarkan

RED FLAGS AND FRAUD PREVENTION ON RURAL BANKSkonsultanbpr.com/wp-content/uploads/2018/11/Red-Flags... · 2018. 11. 30. · Red Flags and Fraud Prevention on Rural Banks 179 Berdasarkan

Documents
Orthopaedic red flags - Vula

Orthopaedic red flags - Vula

Documents
Post-Surgical Red Flags

Post-Surgical Red Flags

Documents
Red Flags Rule General

Red Flags Rule General

Business
Red Flags in Programming

Red Flags in Programming

Technology
MRI Diagnostic Red Flags

MRI Diagnostic Red Flags

Documents
Fraudulent Financial Reporting – Identifying Red Flags

Fraudulent Financial Reporting – Identifying Red Flags

Documents
EMERGENCY RED FLAGS

EMERGENCY RED FLAGS

Health & Medicine
Dharan-bufkins Enron Red Flags

Dharan-bufkins Enron Red Flags

Documents
NFC FIRE RED FLAGS

NFC FIRE RED FLAGS

Documents
Developmental milestones and red flags

Developmental milestones and red flags

Education
Atypical Optic Neuritis -Red Flags

Atypical Optic Neuritis -Red Flags

Education