All employees responsible for or involved in the process of opening a covered account, restoring a covered account, or accepting payment for a covered account shall check for red flags as indicators of possible identity theft. Such red flags shall include, but not be limited to:
(A) (1) Alerts from consumer reporting agencies, fraud detection agencies, or service providers.
(2) Examples of such alerts are:
(a) A fraud or active duty alert that is included with a consumer report;
(b) A notice of credit freeze in response to a request for a consumer report; and
(c) A notice of address discrepancy discovered through the county’s geographic information system.
(B) Suspicious documents. Examples of suspicious documents include:
(1) Documents provided for identification that appear to be altered or forged;
(2) Identification on which the photograph or physical description is inconsistent with the appearance of the applicant or customer;
(3) Identification on which the information is inconsistent with information provided by the applicant or customer;
(4) Identification on which the information is inconsistent with readily accessible information that is on file, such as a signature card or a recent check; and
(5) An application that appears to have been altered or forged, or appears to have been destroyed and reassembled.
(C) Suspicious personal identifying information. Examples include:
(1) Personal identifying information that is inconsistent with external information sources used by the financial institution or creditor. For example: the address does not match any address in the customer report;
(2) Personal identifying information or a phone number or address is associated with known fraudulent applications or activities as indicated by internal or third-party sources used by the financial institution or creditor;
(3) Other information provided, such as fictitious mailing address, mail drop addresses, jail addresses, invalid phone numbers, pager numbers, or answering services, is associated with fraudulent activity;
(4) The social security number provided is the same as that submitted by other applicants or customers;
(5) The address or telephone number provided is the same or similar to the account number or telephone number submitted by an unusually large number of applicants or customers;
(6) The applicant or customer fails to provide all required personal identifying information on an application or in response to notification that the application is incomplete;
(7) Personal identifying information is not consistent with personal identifying information that is on file with the financial institution or creditor; and
(8) The applicant or customer cannot provide authenticating information beyond that which generally would be available from a wallet or customer report.
(D) Unusual use of or suspicious activity relating to a covered account. Examples include:
(1) Shortly following the notice of a change of address for an account, there is a request for the addition of authorized users on the account;
(2) A new revolving credit account is used in a manner commonly associated with known patterns of fraud patterns, such as where the customer fails to make the first payment or makes an initial payment but no subsequent payments;
(3) An account is used in a manner that is not consistent with established patterns of activity on the account, such as nonpayment when there is no history of late or missed payments;
(4) Mail sent to the customer is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer’s account;
(5) The Customer Service Department is notified that the customer is not receiving paper account statements;
(6) The Customer Service Department is notified of unauthorized charges or transactions in connection with a customer’s account; and
(7) The Customer Service Department is notified by a customer, law enforcement, or another person that it has opened a fraudulent account for a person engaged in identity theft.
(E) Notice from customers, law enforcement, victims, or other reliable sources regarding possible identity theft or phishing relating to covered accounts.
(Ord. 2009-9, passed 5-13-2009)