(a)
Fulfilling Requirements of the Red Flags Rule.
Under the red flags rule, every financial institution and creditor is required to establish an identity theft prevention program tailored to its size, complexity, and the nature of its operation. Each program must contain reasonable policies and procedures to:
(1)
Identify relevant red flags for new and existing covered accounts and incorporate those red flags into the program;
(2)
Detect red flags that have been incorporated into the program;
(3)
Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
(4)
Ensure the program is updated periodically, to reflect changes in risks to customers or to the safety and soundness of the creditor from identity theft.
(b)
Red flags rule definitions used in this program.
(1)
The red flags rule defines identity theft as “fraud committed using the identifying information of another person” and a red flag as “a pattern, practice, or specific activity that indicates the possible existence of identity theft.”
(2)
According to the rule, a city is a creditor subject to the rule requirements. The rule defines creditors “to include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies. Where nonprofit and government entities defer payment for goods or services, they, too, are to be considered creditors.”
(3)
City accounts held by customers of the city used mostly for personal, family, or household purposes, and that involve multiple payments or transactions are covered by the rule. Under the rule, a covered account is:
(A)
Any account the city offers or maintains primarily for personal, family or household purposes, that involves multiple payments or transactions; and
(B)
Any other account the city offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the city from identity theft.
(4)
Identifying information is defined under the rule as “any name or number that may be used, alone or in conjunction with any other information, to identify a specific person,” including: name, address, telephone number, Social Security number, date of birth, government issued driver’s license or identification number, employer or taxpayer identification number, unique electronic identification number, computer’s internet protocol address, or routing code.”
(Ordinance 1224 adopted 8/4/09)