A RED FLAG is a pattern, practice, or specific activity that indicates the possible existence of identity theft. In order to identify relevant red flags, the city considered the types of accounts that it offers and maintains, the methods it provides to open its accounts, the methods it provides to access its accounts, and its previous experiences with identity theft. The city identifies the following red flags, in each of the listed categories:
(A) Notifications and warnings from consumer reporting agencies. Possible red flags for this category include:
(1) Receiving a report or notice from a consumer reporting agency of a credit freeze;
(2) Receiving a report of fraud with a consumer report; and
(3) Receiving indication from a consumer report of activity that is inconsistent with a customer's usual pattern or activity.
(B) Suspicious documents. Possible red flags for this category include:
(1) Receiving documents that are provided for identification that appear to be forged or altered;
(2) Receiving documentation on which a person's photograph or physical description is not consistent with the person presenting the documentation;
(3) Receiving other documentation with information that is not consistent with existing customer information (such as if a person's signature on a check appears forged); and
(4) Receiving an application for service that appears to have been altered or forged.
(C) Suspicious personal identifying information. Possible red flags for this category include:
(1) A person's identifying information is inconsistent with other sources of information (such as an address not matching an address on a consumer report or a SSN that was never issued);
(2) A person's identifying information is inconsistent with other information the customer provides (such as inconsistent SSNs or birth dates);
(3) A person's identifying information is the same as shown on other applications found to be fraudulent;
(4) A person's identifying information is consistent with fraudulent activity (such as an invalid phone number or fictitious billing address);
(5) A person's SSN is the same as another customer's SSN;
(6) A person's address or phone number is the same as that of another person;
(7) A person fails to provide complete personal identifying information on an application when reminded to do so; and
(8) A person's identifying information is not consistent with the information that is on file for the customer.
(D) Unusual use of or suspicious activity related to an account. Possible red flags for the category include:
(1) A change of address for an account followed by a request to change the account holder's name;
(2) An account being used in a way that is not consistent with prior use (such as late or no payments when the account has been timely in the past);
(3) Mail sent to the account holder is repeatedly returned as undeliverable;
(4) The utility receives notice that a customer is not receiving his paper statements;
(5) The utility receives notice that an account has unauthorized activity;
(6) Breaches in a city computer system; and
(7) Unauthorized access to or use of customer account information.
(E) Notice regarding possible identity theft. Red flags for this category include:
(1) The utility receives notice from a customer, an identity theft victim, law enforcement or any other person that it has opened or is maintaining a fraudulent account for a person engaged in identity theft.
(Ord. 2480, passed 9-11-2012)