Purpose
Pursuant to the Federal Trade Commission’s Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003, the Seattle College District VI Board of Trustees approved an Identity Theft Prevention Program policy, the purpose of which is to detect, prevent, and mitigate fraud attempts via identity theft in connection with the opening of a covered account or any existing covered account by:

  1. Identifying risks ("Red Flags") that signify potentially fraudulent activity within new or existing covered accounts;
  2. Detecting risks when they occur in covered accounts;
  3. Responding to risks to determine if fraudulent activity has occurred and acting appropriately if fraud has been attempted or committed; and
  4. Updating this Program periodically, including reviewing covered accounts and identifying any changes in risks to their safety and security.

The Program shall, as appropriate, incorporate existing policies and procedures that control reasonably foreseeable risks.

Definitions

  1. Identity theft is defined as fraud committed or attempted using the identifying information of another person without authority.
  2. A covered account is defined as an account that a creditor offers or maintains, primarily for personal, family, or household purposes, that involves, or is designed to permit, multiple payments or transactions.
  3. A red flag is a pattern, practice or specific activity that indicates the possible existence of identity theft.

Covered Accounts
The District has identified a small number of covered accounts which may include:

  1. Refunds of credit balances to students
  2. Tuition deferment program provided by a service provider
  3. Emergency loans
  4. Other as identified by the District.

Identification of Relevant Red Flags
The Program considers the following risk factors in identifying relevant red flags for covered accounts:

  1. The type of covered accounts;
  2. The personally identifying information provided to open covered accounts;
  3. The methods provided to access covered accounts:
    1. Disbursements obtained in person require picture identification
    2. Disbursements obtained by mail can only be mailed to an address on file;
  4. The College’s previous history of identity theft.

The Program identifies the following red flags:

  1. Documents provided for identification appear to have been altered or forged.
  2. The photograph or physical description on the identification is not consistent with the appearance of the student presenting the identification.
  3. A request to mail something to an address not listed on file.
  4. Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts.

Response
The Program shall provide for appropriate responses to detected red flags to prevent and mitigate identity theft. The appropriate responses to the relevant red flags are as follows:

  1. Deny access to the covered account until other information is available to eliminate the red flag;
  2. Contact the student;
  3. Change any passwords, security codes or other security devices that permit access to a covered account;
  4. Notify law enforcement; or
  5. Determine no response is warranted under the particular circumstances.

Oversight of the Program
Responsibility for developing, implementing and updating this program lies with the Vice Chancellor for Finance and Technology, who will be responsible for ensuring appropriate staff training, reviewing any staff reports regarding the detection of red flags, identifying the steps for preventing and mitigating identity theft, and determining which steps of prevention and mitigation should be taken in particular circumstances.

Updating the Program
The Program will be periodically reviewed and updated to reflect changes in risks to students from identity theft. At least once a year in October, the Vice Chancellor for Finance and Technology or designee(s) will consider the College’s experiences with identity theft, changes in identity theft methods, changes in identity theft detection and prevention methods, changes in types of accounts the College maintains, and changes in the College’s business arrangements with other entities. After considering these factors, the Vice Chancellor for Finance and Technology or designee(s) will determine whether changes to the Program, including the listing of red flags, are warranted. If warranted, the Program will be updated.

Oversight of Service Provider Arrangements
In the event the College engages a service provider to perform an activity in connection with one or more covered accounts, the College will take the following steps to ensure the service provider performs its activity in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft:

  1. Require, by contract, that service providers have such policies and procedures in place; and
  2. Require, by contract, that service providers review the College’s Program and report any red flags to the District’s Vice Chancellor for Finance and Technology.

Companion Document : Pol681
Adoption Date : 2009/11/12
Revision Date : 2014/02/14