[HISTORY: Adopted by the City Council of the City of Lexington
4-27-2009 by Res. No. 2009-3. Amendments noted where applicable.]
This program is intended to identify red flags that will alert
our employees when new or existing accounts are opened using false
information, protect against the establishment of false accounts,
establish methods to ensure existing accounts were not opened using
false information, and set forth measures to respond to such events.
The City of Lexington has conducted an internal risk assessment
to evaluate how at-risk the current procedures are at allowing customers
to create a fraudulent account and evaluate if current (existing)
accounts are being manipulated. This risk assessment evaluated how
new accounts were opened and the methods used to access the account
information. Using this information, the utility was able to identify
red flags that were appropriate to prevent identity theft.
To establish a new water/sewer/garbage account with the City
of Lexington, the applicant must provide the physical address where
service is to be provided and give an alternate and contact person’s
name, with phone numbers for all. The City will make record of the
McLean County property identification number for the address where
service is requested. The City reserves the right to request additional
identification, such as a valid government-issued identification card
containing a photograph of the applicant. The City reserves the right
to make a copy of such documentation, and it will be maintained with
the application form.
In order to detect any red flags for an existing account, City
employees will verify the identification of customers and the validity
of any request to change billing addresses of an existing account.
The City of Lexington adopts the following red flags to detect
potential fraud. These are not intended to be all-inclusive, and other
suspicious activity may be investigated as necessary.
A.
Identification
documents appear to be altered.
B.
Photo
and physical description do not match appearance of applicant.
C.
Information
provided by applicant is inconsistent with information on file.
D.
Information
provided is associated with known fraudulent activity (e.g,. address
or phone number provided is same as that of a fraudulent application).
E.
Information
commonly associated with fraudulent activity is provided by applicant
(e.g., address that is a mail drop or prison, nonworking phone number
or associated with answering service/pager).
F.
Name,
address, telephone number or other information is the same as that
of another customer at utility.
G.
Customer
fails to provide all information requested.
H.
Identity
theft is reported or discovered.
I.
A person
other than the named account holder requests information regarding
an existing account, or attempts to change information on an existing
account.
J.
Unusual
activity for an existing account or activity inconsistent with prior
usage of an existing account.
K.
Changes
in payment patterns for an existing account.
L.
Any other
information, documentation, or account activity which gives an employee
of the City suspicion about an account or account holder.
Any employee who may suspect fraud or detect a red flag will
implement the following response as applicable. All detections or
suspicious red flags shall be reported to the senior management official.
A.
Ask applicant
for additional documentation.
B.
Any utility
employee who becomes aware of a suspected or actual fraudulent use
of a customer's or potential customer's identity must notify the City
Collector/Utility Billing Manager.
C.
The utility
will notify the Chief of Police/Acting Chief at the City of Lexington
of any attempted or actual identity theft.
D.
Do not
open the account.
E.
Close
the account.
F.
Do not
attempt to collect against the account but notify authorities
The City of Lexington adopts the following security procedures:
A.
Require
and keep only the kinds of information that are necessary for water/sewer/garbage
purposes.
B.
Paper
documents, files, and electronic media containing customer information
will be stored in secure file cabinets.
C.
Computer
programs containing customer information shall be protected by passwords,
and only authorized employees shall have access to the passwords.
D.
Confidential
paper records will be shredded before being placed in the trash.
E.
Anti-virus
and anti-spyware programs will be run on computers containing customer
information on a regular basis, and will be kept current.
F.
All employees
of the City of Lexington who will be responsible for opening or making
changes to water/sewer/garbage accounts, administering said accounts,
or accepting payments for said accounts will be instructed in the
Identity Theft Prevention Program, and the red flags contained therein,
and the steps to be taken if the employee becomes aware of a red flag.
G.
New employees
of the water/sewer departments will be informed of the City’s
confidentiality and security standards and procedures.
The Water/Sewer Committee of the City Council of the City of
Lexington shall be responsible for the administration of the Identity
Theft Prevention Program for the City of Lexington. Said Committee
will review this plan annually and shall recommend to the City Council
what, if any, relevant red flags and changes should be made to the
program in order to reflect changes in risks to customers or to the
safety and soundness of the City and its water and sewer accounts
from identity theft. Such report will contain a summary of any identity
theft incidents and the City response to those incidents. The following
factors shall be considered:
