Skip to code content (skip section selection)
Compare to:
Tontitown Overview
Tontitown, AR Code of Ordinances
TONTITOWN, ARKANSAS CODE OF ORDINANCES
CITY OFFICIALS
ADOPTING ORDINANCES
TITLE I: GENERAL PROVISIONS
TITLE III: ADMINISTRATION
TITLE V: PUBLIC WORKS
CHAPTER 50: GENERAL UTILITIES
CHAPTER 51: WATER SERVICE
CHAPTER 52: SEWER REGULATIONS
CHAPTER 53: GARBAGE
CHAPTER 54: IDENTITY THEFT PREVENTION PROGRAM
§ 54.01 TITLE.
§ 54.02 PURPOSE.
§ 54.03 DEFINITIONS.
§ 54.04 FINDINGS.
§ 54.05 RED FLAGS.
§ 54.06 RED PROOF OF IDENTITY.
§ 54.07 RED CONFIDENTIALITY OF APPLICATIONS AND ACCOUNT INFORMATION.
§ 54.08 RED ACCESS TO UTILITY ACCOUNT INFORMATION.
§ 54.09 RED CREDIT CARD TRANSACTIONS.
§ 54.10 RED SUSPICIOUS TRANSACTIONS.
§ 54.11 NOTIFICATION OF LAW ENFORCEMENT.
§ 54.12 THIRD PARTY SERVICE PROVIDERS.
§ 54.13 COMPLIANCE OFFICER AND TRAINING.
§ 54.14 ANNUAL REPORT.
TITLE VII: TRAFFIC CODE
TITLE IX: GENERAL REGULATIONS
TITLE XI: BUSINESS REGULATIONS
TITLE XIII: GENERAL OFFENSES
TITLE XV: LAND USAGE
TABLE OF SPECIAL ORDINANCES
PARALLEL REFERENCES
§ 54.02 PURPOSE.
   The purpose of this chapter is to comply with 16 CFR § 681.2 in order to detect, prevent and mitigate identity theft by identifying and detecting identity theft red flags and by responding to such red flags in a manner that will prevent identity theft.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
§ 54.03 DEFINITIONS.
   For the purpose of this chapter, the following definitions shall apply unless the context clearly indicates or requires a different meaning.
   CITY. The City of Tontitown.
   COVERED ACCOUNT.
      (1)   An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and
      (2)   Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.
   CREDIT. The right granted by a creditor to a debtor to defer payment of a debt or to incur debts and defer its payment or to purchase property or services and defer payment therefore.
   CREDITOR. Any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit and includes utility companies and telecommunications companies.
   CUSTOMER. A person that has a covered account with a creditor.
   IDENTITY THEFT. A fraud committed or attempted using identifying information of another person without authority.
   PERSON. A natural person, a corporation, government or governmental subdivision or agency, trust, estate, partnership, cooperative, or association.
   PERSONAL IDENTIFYING INFORMATION. Includes but is not limited to a person’s credit card account information, debit card information, bank account information and drivers’ license information and for a natural person includes their social security number, mother’s birth name, and date of birth.
   RED FLAG. A pattern, practice, or specific activity that indicates the possible existence of identity theft.
   SERVICE PROVIDER. A person that provides a service directly to the city.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
§ 54.04 FINDINGS.
   The Federal Trade Commission (“FTC”) requires every utility, including public water and sewer systems, such as the Tontitown Water and Sewer Department to implement an Identity Theft Prevention Program (“ITPP”). The FTC requirements and regulations are necessary because of § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). The TRC has set forth the ITPP requirement in 16 C.F.R. § 681.2. Identity theft is defined as a fraud committed or attempted using identifying information of another person without authority. The City of Tontitown adopts the program set forth in this chapter to comply with FTC rules and regulations. In drafting its ITPP, the city has considered: (1) the methods it provides to open its accounts; (2) the methods it provides to access its accounts; and (3) its previous experiences with identity theft. Based on these considerations, the City Council hereby determines that the City Water and Sewer Department is a low to moderate risk entity, and as a result develops and implements the streamlined ITPP set forth hereto. Further, the city determines that the only covered accounts offered by the city are those under its water and sewer utilities.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
§ 54.05 RED FLAGS.
   The FTC regulations identify numerous red flags that must be considered in adopting an ITPP. The FTC has defined a red flag as a pattern, practice, or specific activity that indicates the possible existence of identity theft. The City identifies the following red flags from the examples provided in the regulations of the FTC:
   (A)   Notifications from consumer reporting agencies. The city does not request, receive, obtain or maintain information about its utility customers from any consumer reporting agency.
   (B)   Suspicious documents - possible red flags include:
      (1)   Presentation of documents appearing to be altered or forged;
      (2)   Presentation of photographs or physical descriptions that are not consistent with the appearance of the applicant or customer;
      (3)   Presentation of other documentation that is not consistent with the information provided when the account was opened or existing customer information;
      (4)   Presentation of information that is not consistent with the account application; or
      (5)   Presentation of an application that appears to have been altered, forged, destroyed, or reassembled.
   (C)   Suspicious personal identifying information - possible red flags include:
      (1)   Personal identifying information is being provided by the customer that is not consistent with other personal identifying information provided by the customer or is not consistent with the customer’s account application;
      (2)   Personal identifying information associated with known fraudulent activity;
      (3)   The social security number (if required or obtained) is the same as that submitted by another customer;
      (4)   The telephone number or address is the same as that submitted by another customer;
      (5)   The applicant’s failure to provide all personal identifying information requested on the application; or
      (6)   The applicant or customer’s inability to provide authenticating information beyond that which generally would be available to a consumer.
   (D)   Unusual use or suspicious activity related to an account - possible red flags include:
      (1)   A change of address for an account followed by a request to change the account holder’s name;
      (2)   A change of address for an account followed by a request to add new or additional authorized users or representatives;
      (3)   An account is not being used in a way that is consistent with prior use (such as late or no payments when the account has been timely in the past);
      (4)   A new account is used in a manner commonly associated with known patterns of fraudulent activity (such as customer fails to make the first payment or makes the first payment but not subsequent payments);
      (5)   Mail sent to the account holder is repeatedly returned as undeliverable;
      (6)   The city receives notice that a customer is not receiving his or her paper statements; or
      (7)   The city receives notice of unauthorized activity on the account.
   (E)   Notice regarding possible identity theft - possible red flags include: notice from a customer, an identity theft victim, law enforcement personnel or other reliable sources regarding possible identity theft or phishing related to utility accounts.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
§ 54.06 RED PROOF OF IDENTITY.
   Any person or entity opening a utility account shall provide a complete application and provide satisfactory evidence of their identity and/or address. The proof may include but not be limited to: a valid driver’s license; passport; state, federal, employer, or school issued identification card; or military identification card. The required application must be completed in its entirety and must be signed in order to establish a utility account.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
§ 54.07 RED CONFIDENTIALITY OF APPLICATIONS AND ACCOUNT INFORMATION.
   All personal information, personal identifying information, account applications and account information collected and maintained by the city shall be a confidential record of the city and shall not be subject to disclosure unless otherwise required by state and federal law. Additionally, any employee with access to utility customers’ personal information, account applications or account information shall be required to keep such information in confidence and protect the privacy of customers, and may be required to execute and abide by a written confidentiality and non-disclosure policy.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
§ 54.08 RED ACCESS TO UTILITY ACCOUNT INFORMATION.
   Access to utility account information shall be limited to employees that provide customer service and technical support to the city’s utilities. Any computer that has access to utility customer account or personal identifying information shall be password protected and all computer screens shall lock after not more than 15 minutes of inactivity. All paper and non-electronic based utility account or customer personal identifying information shall be stored and maintained in a locked room or cabinet and access shall only be granted by the Compliance Officer or his or her designee, or in the alternative shall be scanned for secure, password protected, digital storage, and then shredded.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)

Disclaimer: This Code of Ordinances and/or any other documents that appear on this site may not reflect the most current legislation adopted by the Municipality. American Legal Publishing provides these documents for informational purposes only. These documents should not be relied upon as the definitive authority for local legislation. Additionally, the formatting and pagination of the posted documents varies from the formatting and pagination of the official copy. The official printed copy of a Code of Ordinances should be consulted prior to any action being taken. For further information regarding the official version of any of this Code of Ordinances or other documents posted on this site, please contact the Municipality directly or contact American Legal Publishing toll-free at 800-445-5588.

Hosted by: American Legal Publishing

Back to Code Library
Previous Doc
Next Doc