The FTC regulations identify numerous red flags that must be considered in adopting an ITPP. The FTC has defined a red flag as a pattern, practice, or specific activity that indicates the possible existence of identity theft. The City identifies the following red flags from the examples provided in the regulations of the FTC:
(A) Notifications from consumer reporting agencies. The city does not request, receive, obtain or maintain information about its utility customers from any consumer reporting agency.
(B) Suspicious documents - possible red flags include:
(1) Presentation of documents appearing to be altered or forged;
(2) Presentation of photographs or physical descriptions that are not consistent with the appearance of the applicant or customer;
(3) Presentation of other documentation that is not consistent with the information provided when the account was opened or existing customer information;
(4) Presentation of information that is not consistent with the account application; or
(5) Presentation of an application that appears to have been altered, forged, destroyed, or reassembled.
(C) Suspicious personal identifying information - possible red flags include:
(1) Personal identifying information is being provided by the customer that is not consistent with other personal identifying information provided by the customer or is not consistent with the customer’s account application;
(2) Personal identifying information associated with known fraudulent activity;
(3) The social security number (if required or obtained) is the same as that submitted by another customer;
(4) The telephone number or address is the same as that submitted by another customer;
(5) The applicant’s failure to provide all personal identifying information requested on the application; or
(6) The applicant or customer’s inability to provide authenticating information beyond that which generally would be available to a consumer.
(D) Unusual use or suspicious activity related to an account - possible red flags include:
(1) A change of address for an account followed by a request to change the account holder’s name;
(2) A change of address for an account followed by a request to add new or additional authorized users or representatives;
(3) An account is not being used in a way that is consistent with prior use (such as late or no payments when the account has been timely in the past);
(4) A new account is used in a manner commonly associated with known patterns of fraudulent activity (such as customer fails to make the first payment or makes the first payment but not subsequent payments);
(5) Mail sent to the account holder is repeatedly returned as undeliverable;
(6) The city receives notice that a customer is not receiving his or her paper statements; or
(7) The city receives notice of unauthorized activity on the account.
(E) Notice regarding possible identity theft - possible red flags include: notice from a customer, an identity theft victim, law enforcement personnel or other reliable sources regarding possible identity theft or phishing related to utility accounts.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)