Some 稳定的十大彩票网站 employees perform roles that put them in contact with sensitive information such as personal identifying information or accounts. If you are one of these employees, it's important that you follow best practices to protect sensitive information and safeguard 稳定的十大彩票网站 customers from identity theft. Read on for instructions on how to detect/respond to red flags, verify a customer's identity, and report findings. This information follows the Federal Trade Commission's 红旗规则指引 and 稳定的十大彩票网站’s 身份盗窃政策.

培训

If you are an employee who works with covered accounts or personal information, you must complete red flag training. Failure to complete training could result in losing access to university systems, as well as administrative sanctions (including termination or expulsion) and personal civil and/or criminal liability. 培训 will be made available in the coming months.

红旗

If you work with personal identifying information or accounts, you should monitor for the following red flags which may indicate an attempt to steal someone’s identity.

• Notifications and warnings from credit reporting agencies, including a report of fraud, a credit freeze, an active duty alert, or an indication of activity that is inconsistent with the person’s usual pattern or activity.
• Suspicious documents, including identification documents, cards or applications that appear to be forged, altered, inauthentic, or showing a photograph, description, or signature that’s inconsistent with the person presenting the document.
• Suspicious personal identifying information, such as inconsistencies between birth dates or addresses, using the same information found in fraudulent documents, using social security numbers or contact information found other accounts, using fictitious information, or failing to supply information.
• Suspicious account activity, such as a change of address for an account followed by a request to change the account holder’s name, payments stopped on a consistently up-to-date account, sudden changes in account use or activation, undeliverable notifications on active accounts, a notice that an account has unauthorized activity, or a breach in the university’s computer system security.
• Notices from others, such as a message to the university that an account has been opened or used fraudulently.

应对危险信号

If you encounter a red flag, respond immediately in accordance with the degree of risk posed to the account. If the risk is low, you might consider continuing to monitor the account for evidence of identity theft. If the risk is moderate, you may choose to contact the customer, notify the program administrator, and/or change passwords or other security devices that permit access to accounts. If the risk is elevated, you may elect to not open a new account, close an existing account and reopen an account with a new number, or notify appropriate law enforcement and other university officials, including 管理咨询和合规服务.

To report a red flag, please complete the 身份盗窃事件报告.

身份验证

To protect against identity theft, you should verify the identity of anyone opening or using a covered account. There are different verification processes for new and existing accounts.

新账户

You should take a two-step process to verify the identity of customers establishing new covered accounts. First, secure identifying information such as name, date of birth, 稳定的十大彩票网站 ID number, residential or business address, or other information used in university systems. Then, verify that information with photo identification, including a valid driver’s license, OneCard or other identification card.

现有的账户

For existing covered accounts, you should monitor transactions and verify customers’ identities for information requests and account changes. Make sure to verify the identity of a customer before providing account information, whether it’s in person, by phone or via email or fax. You should also verify the validity of any requests to change billing addresses or banking information before completing those requests.

For a list of frequently asked questions please check the Federal Trade Commission’s 网站.

防止身份盗窃的最佳做法

纸质文档

任何包含敏感数据文件的区域在不使用时都应锁定。 Storage rooms containing documents with sensitive data must be locked at the end of each workday. Desks, workstations, work areas, printers and fax machines, and common shared work areas must be cleared of all documents containing sensitive data when not in use. Whiteboards, dry-erase boards, writing tablets, etc. in common shared work areas containing personal identifying information must be erased, removed, or shredded when not in use. Documents containing personal identifying information must be destroyed in a secure manner such as document shredding.

身份验证

在允许他或她开立账户之前，你必须核实个人的身份。 Similarly, before an individual may access or be provided with information concerning an existing account, he or she must demonstrate authorization to access the account. When opening a new account, check a current government-issued identification card, like a driver’s license or passport. Ask challenging questions based on information from other sources. For higher-risk situations, consider using multi-factor authentication techniques such as passwords, pins, smart cards, tokens or biometric identification. The university will never ask account holders to share their password or pin with anyone else.

Personal identifying information in an electronic format may only be transmitted using approved methods, such as through a university-approved encryption program.

服务提供商合规性

Service providers that handle university accounts covered by the red flags rule must comply with the regulations. The university’s contract with service providers requires them to have compliant policies and procedures in place. This obligates the service provider to meet university red flags rule standards. Service provider performance relative to identity theft prevention procedures should be monitored by the department by conducting an annual assessment of the service provider’s policies and procedures to ensure they are in compliance with the red flag rule. Departments must also require reports from the service provider about incidents detected and their responses. This information should be shared with Fiscal Affairs each January via the 年度身份盗窃调查.