Loading...
IDENTITY THEFT PREVENTION PROGRAM
The purpose of this subchapter is to establish an identity theft prevention program designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the program in compliance with Part 681 of Title 16 of the Code of Federal Regulations implementing Sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (commonly known as “FACTA,” Public Law 108-159).
(Ord. 1046, passed 2-3-08)
For the purposes of this subchapter, the following definitions shall apply unless the context clearly indicates or requires a different meaning. Unless defined below or otherwise indicated by the context in which they are used, the words and phrases in this program shall have the meaning ascribed to them in the Act.
“ACT.” The Fair and Accurate Credit Transactions Act of 2003 (Public Law 108-159), as amended from time to time, and including Part 681 of Title 16 of the Code of Federal Regulations implementing Section 114 and 315 thereof.
“CLERK-TREASURER.” The duly elected Clerk-Treasurer of the Town of Cedar Lake, Lake County, Indiana.
“COVERED ACCOUNT.”
(1) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions. “COVERED ACCOUNTS” include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts and savings accounts; and
(2) Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or litigation risks.
“IDENTIFY THEFT.” A fraud committed or attempted using the identifying information of another person without authority.
“PROGRAM.” This identity theft prevention program, as amended from time to time.
“RED FLAG.” A pattern, practice or specific activity that indicates the possible existence of identity theft. “RED FLAGS” include, but are not limited to, any of the following:
(1) A fraud alert included with a consumer report;
(2) Notice of a credit freeze in response to a request for a consumer report;
(3) Consumer reporting agency providing a notice of address discrepancy;
(4) Unusual credit activity, such as an increased number of accounts or inquiries;
(5) Documents provided for identification appearing altered or forged;
(6) Photograph on identification inconsistent with appearance of customer presenting the information;
(7) Information on identification inconsistent with information provided by person opening account;
(8) Information on identification, such as signature, inconsistent with information on file at utility (such as a signature card or recent check);
(9) Application appearing forged or altered or destroyed and reassembled;
(10) Information on identification not matching any address in the consumer report;
(11) Lack of correlation between social security number range and date of birth;
(12) Personal identifying information associated with known fraud activity;
(13) Suspicious addresses supplied, such as a mail drop, or phone numbers associated with pagers or answering service;
(14) Social security number provided matching that submitted by another person opening an account or other customers;
(15) An address or phone number matching that supplied by a large number of applicants;
(16) The person opening the account unable to supply identifying information in response to notification that the application is incomplete;
(17) Personal information inconsistent with information already on file at utility;
(18) Person opening account or customer unable to correctly answer challenge questions;
(19) Shortly after change of address, utility receiving request for additional users of account;
(20) Customer fails to make first payment;
(21) Drastic change in payment patterns;
(22) An account that has been inactive for a lengthy time suddenly exhibiting unusual activity;
(23) Mail sent to customer repeatedly returned as undeliverable despite ongoing transactions on active account;
(24) Utility notified that customer is not receiving paper account statements;
(25) Utility notified of unauthorized charges or transactions on customer’s account;
(26) Utility notified that they have opened a fraudulent account for a person engaged in identity theft.
“TOWN.” The Town of Cedar Lake, Lake County, Indiana.
“TOWN ADMINISTRATOR.” The responsible and identified head administrative employee for the Town of Cedar Lake, Lake County, Indiana.
“TOWN COUNCIL.” The duly elected legislative and fiscal body of the Town of Cedar Lake, Lake County, Indiana.
“UTILITY.” The sewer utility owned, operated and managed by the town pursuant to the provisions of IC 36-9-23 et seq., and all other applicable laws.
(Ord. 1046, passed 2-3-08)
(A) The town hereby establishes, solely in connection with the ownership, management and operation of its utility, an identity theft prevention program to detect, prevent and mitigate identity theft. This program hereby includes reasonable policies and procedures to:
(1) Identify. Identify relevant red flags for covered accounts the town offers or maintains in connection with the ownership, management and operation of its utility and incorporate those red flags into this program;
(2) Detect. Detect red flags that have been incorporated into this program;
(3) Respond. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
(4) Update. Ensure this program is updated periodically to reflect changes in risks to utility customers and to the safety and soundness of the utility of the town, as the creditor, from identity theft.
(B) This program shall, as appropriate, incorporate existing policies and procedures of the town and the utility that control reasonably foreseeable risks.
(Ord. 1046, passed 2-3-08)
The Town Council shall be responsible for the overall development, implementation, oversight and continued administration of this program. The Town Administrator and Clerk-Treasurer shall be responsible for the day to day activities concerning said development, implementation, oversight and administration of this program. The Town Administrator and Clerk-Treasurer, with the oversight of the Town Council, shall coordinate the training of utility staff, as necessary, to effectively implement this program. The Town Council, in carrying out this program, shall exercise appropriate and effective oversight of any service provider arrangements.
(Ord. 1046, passed 2-3-08)
(A) This program includes relevant red flags from the following categories as appropriate:
(1) Alerts. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services (see items (1) through (4) under the definition of red flag in § 51.52 above);
(2) Suspicious documents. The presentation of suspicious documents (see items (5) through (9) under the definition of red flag in § 51.52 above);
(3) Suspicious identification. The presentation of suspicious personal identifying information when compared against external information sources used by the utility, such as suspicious address (see items (10) through (18) under the definition of red flag in § 51.52 above);
(4) Suspicious activity. The unusual use of, or other suspicious activity related to, a covered account (see items (19) through (26) under the definition of red flag in § 51.52 above); and
(5) Notice. Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts.
(B) This program shall consider the following risk factors in identifying relevant red flags for covered accounts as appropriate:
(1) Types of covered accounts. The types of covered accounts offered or maintained in connection with the utility;
(2) Methods to open. The methods provided by the utility to open covered accounts;
(3) Methods to access. The methods provided by the utility to access covered accounts; and
(4) Previous history. The prior history and experience of the utility and the town with identity theft.
(C) This program incorporates relevant red flags from sources such as:
(1) Prior incidents. Incidents of identity theft previously experienced by the utility and the town;
(2) Changes in risk. Methods of identity theft that reflect changes in risk; and
(3) Supervision. Applicable supervisory guidance.
(Ord. 1046, passed 2-3-08)
Loading...