(a) The supervisors and staff shall, when opening new covered accounts or reviewing and/or monitoring covered accounts shall look for the following red flags
(1) Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services;
(2) The presentation of suspicious documents;
(3) The presentation of suspicious personal identifying information such as altered identification card or photo and physical description do not match the appearance of the individual;
(4) An application for services appears altered or destroyed and reassembled;
(5) Customer fails to provide all information requested; and
(6) Information provided is known to be associated with fraudulent activity (e.g. address that is a mail drop or prison, non-working phone number or associated with an answering service/pager); and
(7) Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts;
The above list is not intended to be all-inclusive and other suspicious activity may be investigated as necessary.
(b) Once a red flag has been detected, the staff shall notify the supervisors or other senior management and respond appropriately to prevent and mitigate the identity theft commensurate with the degree of the risk posed. Such action may include:
(1) Obtaining identifying information about, and verifying the identity of, a person opening a covered account;
(2) Authenticating customers, monitoring transactions, and verifying the validity of change of address requests in the case of existing covered accounts;
(3) Contacting the customer;
(4) Changing any passwords, security codes or other security devices that permit access to a covered account;
(5) Reopening a covered account with a new account number;
(6) Refusing the request to open a new covered account;
(7) Closing an existing covered account;
(8) Notifying City law enforcement; or
(9) Determining no response is warranted under the particular circumstances.
(c) In determining the appropriate response, the staff shall take into account any aggravating factors that may heighten the risk of identity theft, such as:
(1) A data security incident that results in unauthorized access to a customer's account records held by the City; or
(2) Notice from either the customer or another financial/creditor agency that someone has fraudulently claimed to represent the customer.
(Ord. 2009-20. Passed 5-19-09.)