Identity Theft

Background

In late 2007 the Federal Trade Commission (FTC) and the Federal Banking agencies issued a regulation known as the Red Flag Rule under sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003. The regulation applies to any organization that offers credit or manages a “covered account”. The Red Flag rule requires any organization that maintains a “covered account” to establish, document and maintain an identity theft prevention program that identifies potential Red Flags, detects the occurrence of Red Flags and appropriately responds to Red Flags.

Definitions

A “Covered Account” is 1) any account the University offers or maintains primarily for personal, family or household purposes, that involves multiple payments or transactions or 2) any other account the University offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the University from Identity Theft.

A “Red Flag” is defined as a pattern, practice or specific activity that indicates the possible existence of identity theft. Examples of “Red Flag” incidents include presentation of suspicious identity documents or frequent address changes.

“Identifying Information” is any name or number that may be used, alone or in conjunction with any other information, to identify a specific person including:

  • Name

  • Address

  • Telephone number

  • Social security number

  • Date of birth

  • Government issued driver’s license or identification number

  • Alien registration number

  • Government passport number

  • Employer or taxpayer identification number

  • Unique electronic identification number

  • Computer‘s Internet Protocol address or routing code

“Identify Theft” is a fraud committed using the identifying information of another person without authority.

Program Established

The law requires that a Red Flag policy and program be approved by the organization’s governing board or a committee of the board. Oversight of the program is to be assigned to an administrator with program reviews conducted annually. Each Program must contain reasonable policies and procedures to detect, identify, and mitigate identity theft in its covered accounts.

The Red Flag rules were to be effective on May 1, 2009. The FTC extended the deadline several times with the final effective date of May 2010.

An Ad Hoc Committee of individuals was appointed to determine the impact of the Red Flag Rules on Emporia State University. The Committee included individuals who were directly impacted by the FTC’s Red Flag Rule. Individuals from Admissions, Financial Aid, Registration, Technology and Computing Services, Business Office, Graduate Office and Student Affairs met to discuss the development of an Identity Theft Prevention Program.

Emporia State University’s program was approved on November 9, 2009 by the President Michael Lane. The program can be found in ESU’s Policy Manual under Section 3H. IDENTITY THEFT PREVENTION PROGRAM.

Members are appointed each year to the Identity Theft Prevention Program Committee by the President or Interim President of Emporia State University. The Committee members consist of individuals from the following areas: Controller, Registrar, AVP Technology & Computing Services, Graduate Education, International Education and Admissions. The function of the committee is to assure implementation and compliance with ESU’s Identity Theft Program.

Awareness

While there are no guarantees about avoiding identity theft, it is important for you to know how to:

  • Deter identity thieves by safeguarding your personal information.

  • Detect suspicious activity by routinely monitoring your financial accounts and billing statements.

  • Defend against identity theft as soon as you suspect a problem.

Awareness is among the most powerful tools in the fight against identity theft. The more you know how to protect your identity and what to do if a problem occurs, the harder it is for identity thieves to commit their crimes.

Educating our Campus Community about identity theft, including our students, is critically important. Education will save time and money by reducing the risk of being victimized, detecting any problems quickly and knowing what to do. Education will help avoid or reduce the emotional stress that often comes with identity theft. Education will provide peace of mind that comes from better understanding this issue and knowing how to take action.

Actions

Deter identity thieves by safeguarding your information.

  • Shred financial documents and paperwork with personal information before you discard them.

  • Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.

  • Don’t give out personal information on the phone, through the mail, or over the Internet unless you have initiated the contact and know who you are dealing with.

  • Never click on links sent in unsolicited emails; instead, type in a Web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date.

  • Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.

  • Keep your personal information in a secure place at home, especially if you have roommates, employ outside help or have work done in your house.

Detect suspicious activity by routinely monitoring your financial accounts and billing statements.

  • Be alert to signs that require immediate attention:

    • Mail or bills that do not arrive as expected

    • Unexpected credit cards or account statements

    • Denials of credit for no apparent reason

    • Calls or letters about purchases you did not make

  • Inspect Your Credit Report. Credit reports have information about you, including what accounts you have and your bill paying history.

    • The law requires the major nationwide consumer reporting companies – Equifax, Experian, and TransUnion – to give you a free copy of your credit report each year if you ask for it.

    • Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. You also can write: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281

  • Inspect Your Financial Statements. Review financial accounts and billing statements regularly, looking for charges you did not make.

Defend against identity theft as soon as you suspect a problem.

  • Place a “Fraud Alert” on your credit reports and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make certain changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90 day fraud alert; a call to one company is sufficient:

    • Equifax: 1-800-525-6285

    • Experian: 1-888-397-3742

    • TransUnion: 1-800-680-7289

Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open and debts on your accounts that you can’t explain.

  • Close accounts. Close any accounts that have been tampered with or established fraudulently.

    • Call the security or fraud departments of each company where an account was opened or changed without your okay. Follow up in writing, with copies of supporting documents.

    • Use the ID Theft Affidavit at http://www.ftc.gov/idtheft to support your written statement.

    • Ask for written verification that the disputed account has been closed and the fraudulent debts discharged.

    • Keep copies of documents and records of your conversations about the theft.

  • File a police report. File a report with law enforcement officials to help you with creditors who may want proof of the crime.

  • Report your complaint to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations.

    • Online: http://www.ftc.gov/idtheft

    • By phone: 1-877-438-4338 or TTY, 1-866-653-4261

    • By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580

What to do at ESU

In the event that University personnel detect any identified Red Flags, such personnel shall respond by taking one or more of the following steps, depending on the degree of risk posed by the Red Flag:

1. Notify the Program Administrator for determination of the appropriate step(s) to take;

2. Continue to monitor a Covered Account for evidence of Identity Theft;

3. Contact the customer, student or applicant (for which a credit report was run);

4. Change any passwords or other security devices that permit access to Covered Accounts;

5. Not open a new Covered Account;

6. Close an existing Account;

7. Provide the customer or student with a new customer or student identification number;

8. Notify law enforcement, KBOR or other entities and individuals as appropriate;

9. File or assist in filing a Suspicious Activities Report (“SAR”); or

10. Determine that no response is warranted under the particular circumstances.

Become familiar with the Identity Theft Prevention Program which is located in the policy manual under section 3H.

Look for suspicious activity or suspicious behavior as outlined in the policy manual and notify the Program Administrator.

The Controller at Emporia State University has been designated the Program Administrator for the Identity Theft Prevention Program. The Controller can be reached at 620-341-5413.

Emporia State University acknowledges the use and adaptation of portions of the FTC’s publication “Talking About Identity Theft: A How-To Guide” found online at: http://www.ftc.gov/bcp/edu/microsites/idtheft/