(A) The Program shall include relevant red flags from the following categories as appropriate:
(1) Alerts, notifications or other warnings received from consumer reporting agencies or service providers, such as fraud detection services.
(2) The presentation of suspicious documents.
(3) The presentation of suspicious personal identifying information.
(4) The unusual use of, or other suspicious activity related to, a covered account.
(5) Notice from customers, victims of identity theft, law enforcement authorities, or other person regarding possible identity theft in connection with covered accounts.
(B) The Program shall consider the following risk factors in identifying relevant red flags for covered accounts as appropriate:
(1) The types of covered accounts offered or maintained.
(2) The methods provided to open covered accounts.
(3) The methods provided to access covered accounts.
(4) Its previous experience with identity theft.
(C) The Program shall incorporate relevant red flags from sources such as:
(1) Incidents of identity theft previously experienced.
(2) Methods of identity theft that reflect changes in risk.
(3) Applicable supervisory guidance.
(Res. 09-005, passed 7-14-09)