防止身份盗窃计划

程序

“红旗规则”

请按此处下传红旗事故报告表格(Word档案) 

目的及范围

To establish an 防止身份盗窃计划 designed to detect, prevent, 和 mitigate identity theft in connection with the opening of a covered account or an existing covered account 和 to provide continued administration of the 程序 in compliance with Federal Trade Commission (FTC) 16 C.F.R. Part 681.

http://www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf

课程内容包括:

  1. 识别涵盖的账户交易/请求。
  2. 识别受保账户的相关危险信号。
  3. 检测危险信号。
  4. Responding appropriately to any Red Flags that are detected to prevent 和 mitigate identity theft.
  5. 确保定期更新程序以反映风险的变化。

项目管理

财务和辅助服务副总裁 shall be responsible for the development, implementation, oversight, 和 continued administration of the 程序. Under the direction of the VP, the 红旗委员会 shall be responsible for performing 和 conducting the annual risk assessment, providing training, 和 reviewing 和 responding to identity theft incidences. The annual report is provided to the Board of Trustees for review.

定义

帐户。 -- A continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household, or business purposes. Account includes an extension of credit, such as the purchase of property or services involving a deferred payment, 和 a deposit account.

信用卡发行机构。 ——发行借记卡或信用卡的金融机构或债权人。

消费者报告机构。 -- Entities that collect 和 disseminate information about consumers to be used for credit evaluation 和 certain other purposes.

《消费者报告》。 -- Any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit st和ing, credit capacity, character, general reputation, personal characteristics, or mode of living.

覆盖账户。 -- (1) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; 和, (2) Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety 和 soundness of the financial institution or creditor from identify theft, including financial, operational, compliance, reputation, or litigation risks.

债权人。 -- Any person, corporation, government or governmental subdivision or agency, trust, estate, partnership, cooperative, or association who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.

客户。 ——在金融机构或债权人有担保账户的人。

借记卡。 -- Any card issued by a financial institution to a consumer for use in initiating an electronic fund transfer from the account of the consumer at such financial institution for the purpose of transferring money between accounts or obtaining money.

身份盗窃。 -- A fraud committed or attempted using the identifying information of another person without authority.

红旗。 -- A pattern, practice, or specific activity that indicates the possible existence of identity theft.              

程序

大学代理

Each University department which offers or maintains Covered Accounts will be responsible for managing 和 protecting information related to covered accounts. Each department will be responsible for taking the proper action to detect, prevent, 和 mitigate Identity Theft in connection with opening of a Covered Account, which is appropriate to the department’s size, complexity, 和 the scope of its activities. Specifically, each department should:  

  1. 识别与承保账户相关的交易和/或请求。
  2. 识别与这些事务和请求相关的潜在危险信号。
  3. 发现已纳入部门计划的危险信号。
  4. Respond appropriately to any Red Flags that are detected to prevent 和 mitigate identity theft.

识别涵盖的账户交易和请求

下列情况必须为“红旗”密切监察:

  1. 开立或关闭承保账户。
  2. 有关承保帐户的查询。
  3. 变更承保帐户的请求。

识别危险信号

以下列出了一般潜在的危险信号:

  1. 提供的身份证明文件似乎被涂改或者伪造的。
  2. The photograph or physical description on the identification is not consistent with the appearance of the student (person) presenting the identification.
  3. 由非大学颁发的电子邮件帐户发出的请求。
  4. 把东西寄到档案上没有列出的地址的请求。
  5. Notice from customers, victims of identity theft, law enforcement authorities, or other person regarding possible identity theft in connection with covered accounts.

侦测危险信号

The department shall address the detection of red flags in connection with the opening of covered accounts 和 existing covered accounts, such as:

  1. Obtaining identifying information about, 和 verifying the identity of, a person opening/closing/changing a covered account; 和
  2. Authenticating customers, monitoring transactions, 和 verifying the validity of change of address requests in the case of existing covered accounts.

应对危险信号

The 程序 shall provide for appropriate responses to detected red flags to prevent 和 mitigate identity theft. The response shall be commensurate with the degree of risk posed.

Once potentially fraudulent activity is detected, an employee must act quickly as a rapid appropriate response can protect customers 和 the University from damages 和 loss. The employee must gather all related documentation 和 write a description of the situation. This information must be presented to a department supervisor for determination. The supervisor will complete additional authentication to determine whether the attempted transaction was fraudulent or authentic.           All incidences will be reported to the 红旗委员会 using the University’s Incidence Report Form.

对发现危险信号的适当反应包括:

  1. 监控一个账户,寻找身份盗窃的证据。
  2. 联系客户。
  3. Change any passwords, security codes or other security devices that permit access to a covered account.
  4. 用新帐号重新打开已覆盖的帐户。
  5. 不是开一个新的担保账户。
  6. 关闭现有的承保账户。
  7. 通知执法部门。
  8. 确定在特定情况下无需回应。

红旗委员会

红旗委员会将负责以下工作:

  1. 审查所有事件并在必要时作出反应。
  2. 为所有大学代理提供必要的培训和支持。
  3. 执行和实施风险评估。 Preparation of the 程序’s risk assessment includes:
    1. 审查联邦贸易委员会的指导方针,以确保适当遵守法律。
    2. Maintaining 和 providing incidence report forms 和 collecting 和 reviewing past incidences.
    3. 执行内部审计,根据事故报告确定差距。
    4. 更新红旗计划,并在校园内分发变化。
    5. 为校董会准备年度报告。

项目年度评审

The program will be re-evaluated annually to determine whether all aspects of the 程序 are up to date 和 applicable in the current business environment. This re-evaluation will include:

  1. 红旗委员会进行年度风险评估。
  2. 向校董会提交年度报告。
  3. 对相关员工进行红旗计划的年度分发和培训。
  4. 每年向相关员工分发行为准则。

 

红旗规则风险评估培训

概述

1)什么是“红旗”?

A “Red Flag” is defined as a pattern, practice, or specific activity that indicated the possible existence of identity theft. Examples of “Red Flag” incidents include presentation of suspicious identity documents or frequent address changes.

The law requires that a Red Flag policy (from which a Red Flag program will be developed) be approved by the organization’s governing board. Oversight of the program is to be assigned to a senior management level staff member, with program reviews conducted annually.

2)红旗的规则是什么?

The Red Flag rule requires any organization that maintains a “covered account” to establish, document, 和 maintain an identity theft prevention program that identifies potential Red Flags, detects the occurrence of Red Flags, 和 appropriately responds to Red Flags.

3)何谓“保障帐户”?

“Covered accounts” are defined as accounts a creditor holds which are designed to allow multiple payments or transactions after services have been delivered.

具体来说,承保账户包括:

  • Accounts offered or maintained, primarily for personal, family, household or commercial (e.g., occupational health, employee screening) purposes, that involve or are designed to permit multiple payments or transactions.
  • Any other account for which there is a reasonably foreseeable risk to customers or to the safety 和 soundness of the issuing organization from identity theft.

4)什么是“债权人”?

根据《规则》,债权人的定义为:

  • 定期延长、更新或延续信用的实体。
  • Any entity that regularly arranges for the extension, renewal, or continuation of credit.
  • Any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.

5) UVU和红旗:

UVU受红旗规则约束,因为我们参与或提供:

  • 学生学杂费支付计划。
  • 人力资源-仅适用于信用检查。
  • 健康保险和保健提供者(健康科学和学生健康服务)。

各部门的程序

1)大学中介

Each University department which offers or maintains covered accounts will be responsible for managing 和 protecting information related to covered accounts as well as for taking the proper action to detect, prevent, 和 mitigate identity theft in connection with opening a covered account, which is appropriate to the department’s size, complexity, 和 the scope of its activities.

政策、程序和文件

各部门应记录并包括政策和程序,以:

  • 识别与承保账户相关的交易和/或请求。
  • 识别与这些事务和请求相关的潜在危险信号。
  • 发现已纳入部门计划的危险信号。
  • Respond appropriately to any Red Flags that are detected to prevent 和 mitigate identity theft.

3)识别覆盖账户、交易和请求

下列情况必须为“红旗”密切监察:

  • 开立或关闭备存帐户。
  • 有关承保账户的查询。
  • 对所覆盖帐户进行更改的请求。

4)识别危险信号

以下列出了一般潜在的危险信号:

  • 提供的身份证明文件似乎被涂改或者伪造的。
  • The photograph or physical description on the identification is not consistent with the appearance of the student (person) presenting the identification.
  • 由非大学颁发的电子邮件帐户发出的请求。
  • 把东西寄到档案上没有列出的地址的请求。
  • Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts.

5)危险信号的检测

The department shall address the detection of Red Flags in connection with the opening of covered accounts 和 existing covered accounts, such as:

  • Obtaining identifying information about, 和 verifying the identify of, a person opening/closing/changing a covered account; 和
  • Authenticating customers, monitoring transactions, 和 verifying the validity of change of address requests in the case of existing covered accounts.

6)应对危险信号

Once potentially fraudulent activity is detected, an employee must act quickly as a rapid appropriate response can protect customers 和 the University from damage 和 loss. The employee must gather all related documentation 和 write a description of the situation. This information must be presented to a department supervisor for determination. The supervisor will complete additional authentication to determine whether the attempted transaction was fraudulent or authentic. All incidences will be reported to the 红旗委员会 using the University’s Red Flags Incidence Report Form.

对发现危险信号的适当反应包括:

  • 监控一个账户,寻找身份盗窃的证据。
  • 联系客户。
  • Change any passwords, security codes, or other security devices that permit access to a covered account.
  • 用新帐号重新打开已覆盖的帐户。
  • 不是开一个新的担保账户。
  • 关闭现有的承保账户。
  • 通知执法部门。
  • 确定在特定情况下无需回应。
  • 提交“危险信号事件报告表”。
  • 请按此处下传红旗事故报告表格(Word档案)