(A) A red flag is a pattern, practice, or specific activity that indicates the possible existence of identity theft. In order to identify relevant red flags, the utility considered risk factors such as the types of accounts that it offers and maintains, the methods it provides to open its accounts, the methods it provides to access its accounts, and its previous experiences with identity theft.
(B) The utility identified the following red flags, in each of the listed categories.
(1) Notifications and warnings from consumer reporting agencies. Possible red flags for this category include:
(a) A fraud or activity alert is included with a consumer report;
(b) Receiving a report or notice from a consumer reporting agency of a credit freeze;
(c) Receiving a report of fraud with a consumer report; and
(d) Receiving indication from a consumer report of activity that is inconsistent with a customer’s usual pattern or activity. (A utility will likely only have a listing in this category if it reports to or obtains information from consumer reporting agencies.)
(2) Suspicious documents. Possible red flags for this category include:
(a) Receiving documents that are provided for identification that appear to be forged or altered;
(b) Receiving documentation on which a person’s photograph or physical description is not consistent with the person presenting the documentation;
(c) Receiving other documentation with information that is not consistent with existing customer information (such as if a person’s signature on a check appears forged); and
(d) Receiving an application for service that appears to have been altered or forged.
(3) Suspicious personal identifying information. Possible red flags for this category include:
(a) A person’s identifying information is inconsistent with other sources of information (such as an address not matching an address on a consumer report or a Social Security number that was never issued);
(b) A person’s identifying information is inconsistent with other information the customer provides (such as inconsistent Social Security numbers or birth dates);
(c) A person’s identifying information is the same as shown on other applications found to be fraudulent;
(d) A person’s identifying information is consistent with fraudulent activity (such as an invalid phone number or fictitious billing address);
(e) A person’s Social Security number is the same as another customer’s Social Security number;
(f) A person’s address or phone number is the same as that of another person;
(g) A person fails to provide complete personal identifying information on an application when reminded to do so; and
(h) A person’s identifying information is not consistent with the information that is on file for the customer.
(4) Unusual use of or suspicious activity related to an account. Possible red flags for the category include:
(a) A change of address for an account followed by a request to change the account holder’s name or add other parties;
(b) A new account is used in a manner consistent with fraud (such as the customer failing to make the first payment, or making the initial payment and no other payments);
(c) An account being used in a way that is not consistent with prior use (such as late or no payments when the account has been timely in the past);
(d) Mail sent to the account holder is repeatedly returned as undeliverable;
(e) The utility receives notice that a customer is not receiving his or her paper statements;
(f) The utility receives notice that an account has unauthorized activity; and
(g) Breach in the utility’s computer system.
(5) Notice regarding possible identity theft. Possible red flags for this category include: the utility receives notices from a customer, an identity theft victim, law enforcement, or any other person that has opened or is maintaining a fraudulent account for a person engaged in identity theft.
(Ord. passed - -)