(A) In order to identify relevant red flags, the utility considered, and shall continue to consider, the following risk factors:
(1) The types of covered accounts that it offers and maintains;
(2) The methods it provides to open its covered accounts;
(3) The methods its provides to access its covered accounts; and
(4) Its previous experiences with the chance of identity theft occurring.
(B) The utility incorporated relevant red flags from the following sources:
(1) Incidents of identity theft that could have happened;
(2) Methods of identity theft that the utility has identified that reflect changes in identity theft risks; and
(3) Applicable supervisory guidance.
(C) The utility identified the following red flags, in each of the listed categories:
(1) Suspicious documents.
(a) Receiving documents provided for identification that appear to be forged or altered;
(b) A customer’s photograph or physical description on an identification is not consistent with the person presenting the documentation;
(c) Receiving other documentation with information that is not consistent with existing customer information, such as signature or recent check; and
(d) Receiving an application for service that appears to have been altered or forged, or gives the appearance of being destroyed and reassembled.
(2) Suspicious identifying information.
(a) A customer’s identifying information is inconsistent with other sources of identifying information (such as an address not matching an address on a consumer report or a social security number that was never issued);
(b) A customer’s identifying information is inconsistent with other information the customer provides (such as inconsistent social security numbers or birth dates);
(c) A customer’s identifying information is the same as shown on other applications found to be fraudulent;
(d) A customer’s identifying information is consistent with fraudulent activity (such as an invalid phone number or fictitious billing address);
(e) A customer’s social security number is the same as another customers social security number;
(f) A customer’s address or phone number is the same as that of another person;
(g) A customer fails to provide complete personal identifying information on an application when reminded to do so; and
(h) A customer’s identifying information is not consistent with the information that is on file for the customer.
(3) Unusual use of, or suspicious activity related to, a covered account.
(a) A request to change the account holder’s name or add other parties is received shortly after a change of address for an account;
(b) A new account is used in manner consistent with fraud (such as the customer failing to make the first payment, or making the initial payment and no other payments);
(c) An account being used in a way that is not consistent with prior use (such as late or no payments when the account has been timely in the past);
(d) Mail sent to the account holder is repeatedly returned as undeliverable;
(e) The utility receives notice that a customer is not receiving his or her paper statements;
(f) The utility receives notice that an account has unauthorized activity;
(g) The utility’s computer system is breached; and
(h) Unauthorized access to our use of customer account information.
(4) Notice regarding possible identity theft. The utility receives notice from a customer, a victim of identity theft, law enforcement authority, or any other person regarding possible identity theft in connection with a covered account.
(Prior Code, § 37.33) (Ord. 09-02, passed 4-20-2009)