§ 36.08 SOURCES AND TYPES OF RED FLAGS.
   All employees responsible for or involved in the process of opening a covered account, restoring a covered account, or accepting payment for a covered account shall check for red flags as indicators of possible identity theft. Such red flags shall include, but not be limited to:
   (A)   Alerts from consumer reporting agencies, fraud detection agencies or service providers. Examples of such alerts are:
      (1)   A fraud or active duty alert that is included with a consumer report;
      (2)   A notice of credit freeze in response to a request for a consumer report; or
      (3)   A notice of address discrepancy discovered through the County Geographic Information System.
   (B)   Suspicious documents. Examples of suspicious documents include:
      (1)   Documents provided for identification that appear to be altered or forged;
      (2)   Identification on which the photograph or physical description is inconsistent with the appearance of the applicant or customer;
      (3)   Identification on which the information is inconsistent with information provided by the applicant or customer;
      (4)   Identification on which the information is inconsistent with readily accessible information that is on file, such as a signature card or a recent check; or
      (5)   An application that appeal’s to have been altered or forged, or appears to have been destroyed and reassembled.
   (C)   Suspicious personal identifying information. Examples include:
      (1)   Personal identifying information that is inconsistent with external information sources used by the financial institution or creditor. For example: the address does not match any address in the consumer report;
      (2)   Personal identifying information or a phone number or address, is associated with known fraudulent applications or activities as indicated by internal or third-party sources used by the financial institution or creditor;
      (3)   Other information provided, such as fictitious mailing address, mail drop addresses, jail addresses, invalid phone numbers, pager numbers or answering services, is associated with fraudulent activity;
      (4)   The SSN provided is the same as that submitted by other applicants or customers;
      (5)   The address or telephone number provided is the same or similar to the account number or telephone number submitted by an unusually large number of applicants or customers;
      (6)   The applicant or customer fails to provide all required personal identifying information on an application or in response to notification that the application is incomplete;
      (7)   Personal identifying information is not consistent with personal identifying information that is on file with the financial institution or creditor; or
      (8)   The applicant or customer cannot provide authenticating information beyond that which generally would be available from a wallet or consumer-report.
   (D)   Unusual use of or suspicious activity relating to a covered account. Examples include:
      (1)   Shortly following the notice of a change of address for an account, there is a request for the addition of authorized users on the account;
      (2)   A new revolving credit account is used in a manner commonly associated with known patterns of fraud patterns, such as where the customer fails to make the first payment or makes an initial payment but no subsequent payments;
      (3)   An account is used in a manner that is not consistent with established patterns of activity on the account, such as nonpayment when there is no history of late or missed payments;
      (4)   Mail sent to the customer is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer’s account;
      (5)   The town is notified that the customer is not receiving paper account statements;
      (6)   The town is notified of unauthorized charges or transactions in connection with a customer’s account; or
      (7)   The town is notified by a customer, law enforcement or another person that it has opened a fraudulent account for a person engaged in identity theft.
   (E)   Notice from customers, law enforcement, victims or other reliable sources regarding possible identity theft or phishing relating to covered accounts
(Ord. 030915, passed 3-23-2015)