(a) Once potentially fraudulent activity is detected, an employee must act quickly as a rapid appropriate response can protect customers and the municipality from damages and loss. If a potential fraud is suspected, gather all related documentation and write a detailed description of the situation. Present this information to the designated authority or your immediate supervisor for determination. The designated authority will complete additional authentication to determine whether the attempted transaction was fraudulent or authentic.
(b) If a transaction is determined to be fraudulent, appropriate actions must be taken immediately. Actions may include:
(1) Monitoring a covered account for evidence of identity theft;
(2) Canceling the transaction and reopening the covered account with a new account number or not opening a new covered account or closing an existing covered account;
(3) Notifying and cooperating with appropriate law enforcement;
(4) Notifying the customer that a fraud has been committed;
(5) Changing any passwords, security codes, or other security devices that permit access to a covered account;
(6) Not attempting to sell or assign a covered account to a debt collector;
(7) Determining the extent of liability of the municipality and contact legal counsel.
(c) In an effort to mitigate the damage caused by identity theft, the following programs/software are being used, and the City of Steubenville’s continued use thereof is incorporated and made part of this policy:
(1) Software Solutions Incorporated (SSI) Utility Billing Software.
(2) Symantec End Point.
(3) Cisco Pix Firewall.
(4) Barracuda Email Server.
(5) Websense Content Filtering Service.
(d) For the protection of our customers, all service providers hired by the City of Steubenville to perform any activity in connection with any covered account must also take appropriate steps to prevent identity theft.
(Ord. 2011-5. Passed 1-4-11.)