Section
54.01 Title
54.02 Purpose
54.03 Definitions
54.04 Findings
54.05 Red flags
54.06 Red proof of identity
54.07 Red confidentiality of applications and account information
54.08 Red access to utility account information
54.09 Red credit card transactions
54.10 Red suspicious transactions
54.11 Notification of law enforcement
54.12 Third party service providers
54.13 Compliance officer and training
54.14 Annual report
The purpose of this chapter is to comply with 16 CFR § 681.2 in order to detect, prevent and mitigate identity theft by identifying and detecting identity theft red flags and by responding to such red flags in a manner that will prevent identity theft.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
For the purpose of this chapter, the following definitions shall apply unless the context clearly indicates or requires a different meaning.
CITY. The City of Tontitown.
COVERED ACCOUNT.
(1) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and
(2) Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.
CREDIT. The right granted by a creditor to a debtor to defer payment of a debt or to incur debts and defer its payment or to purchase property or services and defer payment therefore.
CREDITOR. Any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit and includes utility companies and telecommunications companies.
CUSTOMER. A person that has a covered account with a creditor.
IDENTITY THEFT. A fraud committed or attempted using identifying information of another person without authority.
PERSON. A natural person, a corporation, government or governmental subdivision or agency, trust, estate, partnership, cooperative, or association.
PERSONAL IDENTIFYING INFORMATION. Includes but is not limited to a person’s credit card account information, debit card information, bank account information and drivers’ license information and for a natural person includes their social security number, mother’s birth name, and date of birth.
RED FLAG. A pattern, practice, or specific activity that indicates the possible existence of identity theft.
SERVICE PROVIDER. A person that provides a service directly to the city.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
The Federal Trade Commission (“FTC”) requires every utility, including public water and sewer systems, such as the Tontitown Water and Sewer Department to implement an Identity Theft Prevention Program (“ITPP”). The FTC requirements and regulations are necessary because of § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). The TRC has set forth the ITPP requirement in 16 C.F.R. § 681.2. Identity theft is defined as a fraud committed or attempted using identifying information of another person without authority. The City of Tontitown adopts the program set forth in this chapter to comply with FTC rules and regulations. In drafting its ITPP, the city has considered: (1) the methods it provides to open its accounts; (2) the methods it provides to access its accounts; and (3) its previous experiences with identity theft. Based on these considerations, the City Council hereby determines that the City Water and Sewer Department is a low to moderate risk entity, and as a result develops and implements the streamlined ITPP set forth hereto. Further, the city determines that the only covered accounts offered by the city are those under its water and sewer utilities.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
The FTC regulations identify numerous red flags that must be considered in adopting an ITPP. The FTC has defined a red flag as a pattern, practice, or specific activity that indicates the possible existence of identity theft. The City identifies the following red flags from the examples provided in the regulations of the FTC:
(A) Notifications from consumer reporting agencies. The city does not request, receive, obtain or maintain information about its utility customers from any consumer reporting agency.
(B) Suspicious documents - possible red flags include:
(1) Presentation of documents appearing to be altered or forged;
(2) Presentation of photographs or physical descriptions that are not consistent with the appearance of the applicant or customer;
(3) Presentation of other documentation that is not consistent with the information provided when the account was opened or existing customer information;
(4) Presentation of information that is not consistent with the account application; or
(5) Presentation of an application that appears to have been altered, forged, destroyed, or reassembled.
(C) Suspicious personal identifying information - possible red flags include:
(1) Personal identifying information is being provided by the customer that is not consistent with other personal identifying information provided by the customer or is not consistent with the customer’s account application;
(2) Personal identifying information associated with known fraudulent activity;
(3) The social security number (if required or obtained) is the same as that submitted by another customer;
(4) The telephone number or address is the same as that submitted by another customer;
(5) The applicant’s failure to provide all personal identifying information requested on the application; or
(6) The applicant or customer’s inability to provide authenticating information beyond that which generally would be available to a consumer.
(D) Unusual use or suspicious activity related to an account - possible red flags include:
(1) A change of address for an account followed by a request to change the account holder’s name;
(2) A change of address for an account followed by a request to add new or additional authorized users or representatives;
(3) An account is not being used in a way that is consistent with prior use (such as late or no payments when the account has been timely in the past);
(4) A new account is used in a manner commonly associated with known patterns of fraudulent activity (such as customer fails to make the first payment or makes the first payment but not subsequent payments);
(5) Mail sent to the account holder is repeatedly returned as undeliverable;
(6) The city receives notice that a customer is not receiving his or her paper statements; or
(7) The city receives notice of unauthorized activity on the account.
(E) Notice regarding possible identity theft - possible red flags include: notice from a customer, an identity theft victim, law enforcement personnel or other reliable sources regarding possible identity theft or phishing related to utility accounts.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
Any person or entity opening a utility account shall provide a complete application and provide satisfactory evidence of their identity and/or address. The proof may include but not be limited to: a valid driver’s license; passport; state, federal, employer, or school issued identification card; or military identification card. The required application must be completed in its entirety and must be signed in order to establish a utility account.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
Loading...