Policy 6019 - Identity Theft Red Flags
Western Dakota Tech Policy Number: 6019
A. This policy was developed pursuant to the Federal Trade Commission (FTC) Red Flag Rules promulgated pursuant to the Fair and Accurate Credit Transaction Act of 2003 (the FACT Act). Western Dakota Tech (WDT) recognizes that identity theft is a continuing and growing issue that can result in harm to its customers as well as the College. WDT will make reasonable efforts to detect, prevent, and mitigate identity theft associated with a WDT account.
II. General Statement of Policy
A. WDT’s Identity Theft/Red Flag Program includes identifying, detecting, and responding to red flags to prevent and mitigate identity theft. The program is implemented and monitored by the Accounting Manager who is responsible to ensure the program is updated as needed to reflect changes in risks to covered account holders and to covered accounts.
B. Identification of Relevant Red Flags –WDT shall include relevant red flags from the following categories as appropriate:
- Alerts, notifications, or other warnings received from consumer reporting agencies.
- The presentation of suspicious documents that appear to be altered or forged.
- The presentation of suspicious personal identifying information, such as a photograph or physical description on the identification that is not consistent with the appearance of the person that is presenting the identification.
- A request made from a non-WDT issued email account.
- A request to mail something to an address not listed on file.
- The unusual use of, or other suspicious activity related to, a covered account.
- Notice from students, employees, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts.
- Requests for the College IP address, user IDs, passwords, and other personal information via phone, email, or in person without supporting identification.
C. Detection of Red Flags – WDT shall address the detection of red flags with the opening of covered accounts and existing covered accounts by:
- Obtaining identifying information about, and verifying the identity of, a person opening the covered account.
- Authenticating students and employees, monitoring transactions, and verifying the validity of change of address requests in the case of existing covered accounts.
D. Response to Red Flags – WDT shall provide for appropriate responses to detected red flags to prevent and mitigate identity theft such as:
- Monitor a covered account for evidence of identity theft.
- Deny access to the covered account until other information is available to eliminate the red flag, or close the existing covered account.
- Contact the student or the employee.
- Change any passwords, security codes, or other security devices that permit access to a covered account.
- Reopen a covered account with a new account number.
- Determine no response is warranted under the particular circumstances.
A. Covered Accounts include all student financial accounts that are administered by WDT. Covered accounts may also include any employee, business, personal, and student financial aid account for which there is a foreseeable risk to identity theft or financial fraud.
B. Identity Theft means a fraud committed or attempted using the identifying information of another person without authority.
C. Red Flag means a pattern, practice, or specific activity that indicates the possible existence of identity theft.
IV. Reporting Procedures
A. Detection of potential red flags are to be immediately reported to the Accounting Manager and VP for Institutional Effectiveness and Student Success.
B. The Accounting Manager is responsible to update procedures on a yearly basis and to provide training and monitoring to ensure the Identity Theft/Red Flag Program is operational. A yearly report will be created and shared with the Leadership team to keep Leadership informed of the program.
V. Dissemination of Policy and Training
A. This policy shall appear on the WDT website on the policy webpage.
16 CFR 681.1
Fair and Accurate Credit Transaction Act of 2003 Section 14
Board Approved 03/18/2019