Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of St. Thomas

Published bySucianty Halim Modified over 6 years ago

Similar presentations

Presentation on theme: "University of St. Thomas"— Presentation transcript:

1 University of St. Thomas
Red Flags Rule University of St. Thomas The following power point presentation is meant to be a self-guided overview of the Red Flags Rule and relative policies and procedures at the University of St. Thomas. September 18, 2018

2 In case you are interested in the regulatory history…
Issued by the Federal Trade Commission (FTC) on November 9, 2007 Implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT Act) of 2003 Higher Education required to be compliant with the regulations by November 1, 2009

3 What does the FTC have to do with UST?
The Red Flags Rule applies to all financial institutions and CREDITORS that have “covered accounts.” UST is a CREDITOR that indeed has covered accounts!

4 So what is a “covered account?”
A consumer account that involves multiple payments or transactions, such as a loan or account that is billed or payable in installments Also included are any other accounts for which there is a reasonably foreseeable risk of identity theft UST covered accounts include: Participation in the Federal Perkins Loan Program Refund of credit balances, with/without PLUS loans Payment plans for student accounts Deferment of tuition payments Emergency loan funds Use of credit reports

5 I’m convinced we have to comply…what exactly is this Red Flags Rule?
Purpose – to detect and stop identity thieves from using someone else’s identifying information at UST to commit fraud Requirements for UST: Implement a written Identity Theft Prevention Program to assist members of the UST community in detecting, preventing, and mitigating identity fraud by recognizing and responding to applicable “red flags” The program must cover both new and existing accounts and be appropriate to the size and complexity of UST The program must be updated periodically to address changing risks

6 How is this any different from all the other regulations we have to comply with?
Most other current legislation governing UST at this time (FERPA, PCI DSS, GLB) focuses on data security in order to avoid theft of personal, confidential information The Red Flags Rule is supposed to pick-up where the others leave off – requiring businesses to be proactive in trying to stop identity thieves from actually being able to use the information they have already stolen for their nefarious endeavors

7 Just to make sure we are on the same page - tell me what a “red flag” is when it comes to this rule.
Red flag – a pattern, practice, or specific activity that indicates the possible existence of identity theft Common categories of red flags (included, but not limited to): Alerts, notifications, and warnings from a credit reporting company Suspicious documents Suspicious personal identifying information Suspicious account activity Notice from other sources

8 Why is it so important that I learn about this rule?
As a faculty, staff, or student employee of St. Thomas, it is your responsibility to help prevent identity fraud from occurring through business conducted in your department You will need to be able to identify common potential red flags for the activities in your department You will need to be able to detect when suspicious activity takes place (i.e., spot “red flags”) You will need to understand the correct action to take if you spot any red flags (responding and/or reporting)

9 I’m no McGruff®. How am I supposed to help take a bite out of crime?
Because each department operates differently, only some of the more basic red flags will be covered here. However, there is a more extensive (though not exhaustive) list of red flags included in the written Identity Theft Prevention Program available on the UST website at office/redflags

10 How about some specific examples?
Suspicious Documents: Identification documents appear to have been altered or forged ID photo/description doesn’t appear to match the person presenting it Information on the ID differs from what the person is telling you or what is currently on file An application that looks like it has been altered, forged, or torn up and reassembled

11 More examples! Suspicious Personal Identifying Information
Personal information provided (address, SSN, birth date, etc…) inconsistent with records already on file or with other verification resources SSN that is inconsistent with data provided by the SSA An address or phone number used by several others or is known to be invalid The applicant/customer fails to provide all required personal identifying information as requested, even after being reminded

12 Even more examples! Suspicious Account Activity
Change of address request shortly followed by a name change request Mail sent is repeatedly returned as undeliverable to address Account used in a way inconsistent with prior usage Notice is given by account holder that they are not receiving mail sent by UST Notice is given that there has been unauthorized account activity

13 Still more examples! Alerts, notifications and warnings from a credit reporting company: A fraud or active duty alert on a credit report A notice of credit freeze in response to a request for a credit report A notice of address discrepancy provided by a credit reporting agency A credit report indicating a pattern of activity inconsistent with the personal history of the customer (for example – a sudden increase in establishing new credit relationships)

14 And the examples continue!
Notice From Other Sources – UST may be given notice about identity theft from various sources The identity theft victim Another student/applicant/customer Law enforcement authority Miscellaneous others

15 Now I know some of the red flags. What am I supposed to do about them?
Obtain and verify the identity of applicants/customers before conducting business Review the authenticity of any identifying documentation provided Review account activity for consistency Examine your department procedures for any security gaps and update as needed Keep in mind that a red flag is only an indicator of suspicious activity, not confirmation that fraud actually exists

16 So what if something does seem fishy…what do I do next?
Use your best judgment and discretion to determine the appropriate course of action, which may include some of the following: Monitor the account in question for evidence of identity theft Contact the account owner Change passwords, security settings, and any other access Close the existing account Open a new account with a new number Keep account closed Notify Public Safety More tips available in the written Program online

17 Is that it? A few more items worth noting:
If UST engages a third party service provider to act on a covered account, then UST should obtain a written agreement to ensure that the activity is conducted in accordance with the Red Flags Rule. Responsibility and liability for each party should be explicit in the contract. The written Identity Theft Protection Program at UST was approved by the Board of Trustees on July 7, The program is administered by a committee reporting to the VP of Business Affairs & Chief Financial Officer The written program is available online at

18 Good! Done and Done! Not so fast… Surprise – pop quiz!

19 1. A true fact about Red Flags Rule is:
It doesn’t apply to UST because it is an FTC regulation It’s called Red Flags because Black Flag was already taken It only applies to employees in the Business Office Covered accounts include both new and existing accounts

20 2. A red flag is defined as:
The symbol of a small island nation An insecticide An indication of a penalty at a sporting event A pattern, practice, or specific activity that indicates the possible existence of identity theft

21 3. Where is the written Identity Theft Prevention Program found at UST?
The back left corner of the third level of the library In a 3-ring-dust-collecting binder in the Controller’s Office It varies between the Minneapolis and St. Paul campus depending on the day of the week

22 4. Which of the following is not an example of a red flag?
A student requesting a name change after getting married An address that is to a mail drop or prison Inconsistent birthdates when comparing an ID to an application A student ID that has a picture of the student from last year’s spring break trip to Cancun

23 5. Which of the following would not be an appropriate response when a red flag is detected?
Notify Public Safety Start screaming “Gotchya!” at the applicant Monitor activity on the account Verify account information with other resources

24 End of quiz Answers to follow

25 Answers D B A

Download ppt "University of St. Thomas"

Similar presentations

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
WELCOME Iowa State University Identity Theft Prevention Program

WELCOME Iowa State University Identity Theft Prevention Program
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.

1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.

Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.

The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.
STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.

STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.
Identity Fraud Prevention 1 Copyright Identity Management Institute®

Identity Fraud Prevention 1 Copyright Identity Management Institute®
Identity Theft Solutions. ©SHRM 20082 Introduction Identification theft became the number one criminal activity issue in 2004 and has remained at the.

Identity Theft Solutions. ©SHRM Introduction Identification theft became the number one criminal activity issue in 2004 and has remained at the.
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.

Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A. 2618 Centennial.

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
©2012 CliftonLarsonAllen LLP 1 111 Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

Similar presentations

Ads by Google