A. Identification: The City will consider the following risk factors in identifying red flags for covered accounts as appropriate:
1. The types of covered accounts it offers or maintains.
2. The methods it provides to open covered accounts.
3. The methods it provides to access covered accounts.
4. Previous experience with identity theft including, but not limited to:
a. Prior instances of identity theft.
b. Methods of identity theft that reflect changes in risk.
c. Applicable supervisory guidance.
B. Categories: Red flags shall include, but are not limited to:
1. The presentation of suspicious documents:
a. Documents provided for identification that appear to have been altered or forged.
b. Information in the document is inconsistent with information previously provided by the person when opening a new account.
c. An application appears to have been altered or forged, or gives the appearance of having been destroyed and reassembled.
2. The presentation of suspicious personal information:
a. Presentation of personal identifying information that is not consistent with other personal identifying information provided by the individual.
b. Presentation of personal identifying information is associated with known fraudulent activity as indicated by internal or third party sources used by the City.
3. The unusual use of, or other suspicious activity related to, a covered account:
a. Mail sent to the account owner is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the covered account.
b. The City is notified that the account owner is not receiving account statements mailed by the City.
c. The City is notified of unauthorized charges or transactions in connection with a covered account.
4. Notification from account holders, victims of identity theft, law enforcement agencies or other persons regarding possible identity theft in connection with covered accounts.
C. Detection: The City will incorporate procedures for the detection of red flags in connection with covered accounts by:
1. Obtaining identifying information of a person prior to establishing a new account.
2. Monitoring transactions in connection with covered accounts for suspicious activities.
D. Response: The City will document a response to all red flags detected, commensurate with the degree of risk posed.
1. The City will consider factors that may heighten the risk of identity theft in determining an appropriate response to detection of a red flag including, but not limited to, the categories outlined in subsection B of this section.
2. Appropriate responses by the City when a red flag is detected include, but are not limited to:
a. Monitoring a covered account for evidence of identity theft.
b. Contacting the account owner.
c. Changing any passwords, security codes or other security devices that permit access to a covered account.
d. Reopening a covered account with a new account number.
e. Closing an existing covered account.
f. Not opening a new covered account.
g. Not attempting to collect on a billing connected with a covered account or not selling a covered account to a debt collector.
h. Notifying the Wright County Sheriff, Attorney General of the State of Minnesota, or other law enforcement agencies.
i. Determining that no response is required based on the specific circumstances related to the red flag.
3. The FACT Officer shall advise the City Council of the red flag and the City's response. (Prior Code § 2-6-4)