(A) Considerations in identifying Red Flags. In order to identify relevant Red Flags, the city considers the types of accounts that it offers and maintains, the methods it provides to open its accounts, the methods it provides to access its accounts, and its previous experiences with identity theft.
(B) Notifications and warnings from credit reporting agencies. The city identifies the following Red Flags concerning notifications and warnings from credit reporting agencies:
(1) A report of fraud accompanying a credit report;
(2) A notice or report from a credit agency of a credit freeze on a customer or an applicant;
(3) A notice or report from a credit agency of an active duty alert for an applicant; and
(4) Indication from a credit report of activity that is inconsistent with a customer’s usual pattern or activity.
(C) Suspicious documents. The city identifies the following Red Flags concerning suspicious documents:
(1) Any identification document or card that appears to be forged, altered or inauthentic;
(2) Any identification document or card on which a person’s photograph or physical description is not consistent with the person presenting the document;
(3) Any other document with information that is not consistent with existing customer information (such as if a person’s signature on a check appears forged); and
(4) Any application for service that appears to have been altered or forged.
(D) Suspicious personal identifying information. The city identifies the following Red Flags concerning suspicious personal identifying information:
(1) Any identifying information that is presented that is inconsistent with other information that the customer provides (such as inconsistent birth dates);
(2) Any identifying information that is presented that is inconsistent with other sources of information (such as an address that does not match the address on a credit report);
(3) Any identifying information that is presented that is the same as information shown on other applications that were found to be fraudulent;
(4) Any identifying information that is presented that is consistent with fraudulent activity (such as an invalid phone number or fictitious billing address);
(5) A social security number that is presented that is the same as one given by another customer;
(6) An address or phone number that is presented that is the same as that of another person;
(7) Any instance where a person fails to provide complete personal identifying information on an application after being reminded to do so; and
(8) Any instance where a person’s identifying information is not consistent with the information that is on file for that customer.
(E) Suspicious account activity or unusual use of account. The city identifies the following Red Flags concerning suspicious account activity or an unusual use of an account:
(1) A change of address for an account that is followed by a request to change the account holder’s name;
(2) Any instance where payments stop on an otherwise consistently up-to-date account;
(3) Any instance where an account is used in a way that is inconsistent with its prior use (example: very high activity);
(4) Any instance where mail that was sent to the account holder is repeatedly returned as undeliverable;
(5) Any instance where the city is notified that a customer is not receiving mail that was sent by the city;
(6) Any notice to the city that an account has unauthorized activity;
(7) A breach of the city’s computer-system security; and
(8) Any unauthorized access to or use of customer-account information.
(F) Alerts from others. The city identifies it as a Red Flag if the city receives notice from a customer, an identity theft victim, law enforcement or other person that the city has opened or is maintaining a fraudulent account for a person engaged in identity theft.
(Ord. 2010-15, passed 9-7-2010)