[HISTORY: Adopted by the City Council of the City of Lexington 4-27-2009 by Res. No. 2009-3. Amendments noted where applicable.]
GENERAL REFERENCES
Sewers — See Ch. 159.
Water — See Ch. 251.
This program is intended to identify red flags that will alert our employees when new or existing accounts are opened using false information, protect against the establishment of false accounts, establish methods to ensure existing accounts were not opened using false information, and set forth measures to respond to such events.
The City of Lexington has conducted an internal risk assessment to evaluate how at-risk the current procedures are at allowing customers to create a fraudulent account and evaluate if current (existing) accounts are being manipulated. This risk assessment evaluated how new accounts were opened and the methods used to access the account information. Using this information, the utility was able to identify red flags that were appropriate to prevent identity theft.
A. 
New accounts opened in person.
B. 
New accounts opened via telephone/fax.
C. 
New accounts opened via e-mail.
D. 
Account information accessed in person.
E. 
Account information accessed via telephone (person).
F. 
Account information accessed via e-mail.
To establish a new water/sewer/garbage account with the City of Lexington, the applicant must provide the physical address where service is to be provided and give an alternate and contact person’s name, with phone numbers for all. The City will make record of the McLean County property identification number for the address where service is requested. The City reserves the right to request additional identification, such as a valid government-issued identification card containing a photograph of the applicant. The City reserves the right to make a copy of such documentation, and it will be maintained with the application form.
In order to detect any red flags for an existing account, City employees will verify the identification of customers and the validity of any request to change billing addresses of an existing account.
The City of Lexington adopts the following red flags to detect potential fraud. These are not intended to be all-inclusive, and other suspicious activity may be investigated as necessary.
A. 
Identification documents appear to be altered.
B. 
Photo and physical description do not match appearance of applicant.
C. 
Information provided by applicant is inconsistent with information on file.
D. 
Information provided is associated with known fraudulent activity (e.g,. address or phone number provided is same as that of a fraudulent application).
E. 
Information commonly associated with fraudulent activity is provided by applicant (e.g., address that is a mail drop or prison, nonworking phone number or associated with answering service/pager).
F. 
Name, address, telephone number or other information is the same as that of another customer at utility.
G. 
Customer fails to provide all information requested.
H. 
Identity theft is reported or discovered.
I. 
A person other than the named account holder requests information regarding an existing account, or attempts to change information on an existing account.
J. 
Unusual activity for an existing account or activity inconsistent with prior usage of an existing account.
K. 
Changes in payment patterns for an existing account.
L. 
Any other information, documentation, or account activity which gives an employee of the City suspicion about an account or account holder.
Any employee who may suspect fraud or detect a red flag will implement the following response as applicable. All detections or suspicious red flags shall be reported to the senior management official.
A. 
Ask applicant for additional documentation.
B. 
Any utility employee who becomes aware of a suspected or actual fraudulent use of a customer's or potential customer's identity must notify the City Collector/Utility Billing Manager.
C. 
The utility will notify the Chief of Police/Acting Chief at the City of Lexington of any attempted or actual identity theft.
D. 
Do not open the account.
E. 
Close the account.
F. 
Do not attempt to collect against the account but notify authorities
The City of Lexington adopts the following security procedures:
A. 
Require and keep only the kinds of information that are necessary for water/sewer/garbage purposes.
B. 
Paper documents, files, and electronic media containing customer information will be stored in secure file cabinets.
C. 
Computer programs containing customer information shall be protected by passwords, and only authorized employees shall have access to the passwords.
D. 
Confidential paper records will be shredded before being placed in the trash.
E. 
Anti-virus and anti-spyware programs will be run on computers containing customer information on a regular basis, and will be kept current.
F. 
All employees of the City of Lexington who will be responsible for opening or making changes to water/sewer/garbage accounts, administering said accounts, or accepting payments for said accounts will be instructed in the Identity Theft Prevention Program, and the red flags contained therein, and the steps to be taken if the employee becomes aware of a red flag.
G. 
New employees of the water/sewer departments will be informed of the City’s confidentiality and security standards and procedures.
The Water/Sewer Committee of the City Council of the City of Lexington shall be responsible for the administration of the Identity Theft Prevention Program for the City of Lexington. Said Committee will review this plan annually and shall recommend to the City Council what, if any, relevant red flags and changes should be made to the program in order to reflect changes in risks to customers or to the safety and soundness of the City and its water and sewer accounts from identity theft. Such report will contain a summary of any identity theft incidents and the City response to those incidents. The following factors shall be considered:
A. 
The City’s experience with identity theft.
B. 
Updates in methods of identity theft.
C. 
Changes in water/sewer department computer programs and/or computers.
D. 
Updates in customary methods used to detect, prevent, and mitigate identity theft.