(A) This program includes relevant red flags from the following categories as appropriate:
(1) Alerts. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services (see items (1) through (4) under the definition of red flag in § 51.52 above);
(2) Suspicious documents. The presentation of suspicious documents (see items (5) through (9) under the definition of red flag in § 51.52 above);
(3) Suspicious identification. The presentation of suspicious personal identifying information when compared against external information sources used by the utility, such as suspicious address (see items (10) through (18) under the definition of red flag in § 51.52 above);
(4) Suspicious activity. The unusual use of, or other suspicious activity related to, a covered account (see items (19) through (26) under the definition of red flag in § 51.52 above); and
(5) Notice. Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts.
(B) This program shall consider the following risk factors in identifying relevant red flags for covered accounts as appropriate:
(1) Types of covered accounts. The types of covered accounts offered or maintained in connection with the utility;
(2) Methods to open. The methods provided by the utility to open covered accounts;
(3) Methods to access. The methods provided by the utility to access covered accounts; and
(4) Previous history. The prior history and experience of the utility and the town with identity theft.
(C) This program incorporates relevant red flags from sources such as:
(1) Prior incidents. Incidents of identity theft previously experienced by the utility and the town;
(2) Changes in risk. Methods of identity theft that reflect changes in risk; and
(3) Supervision. Applicable supervisory guidance.
(Ord. 1046, passed 2-3-08)