Compliance

Coming Soon!

Initiation of a relationship with a customer for the purpose of establishing a University Account as defined in the Identity Theft Red Flags policy. Examples include individual submits a credit application request, patient completes registration paperwork, individual requests to purchase a good or service such as memberships, tuition payment plans, etc. 

Red Flag # 1 – Fraud alert is included with a consumer report:

Examples of Detection Mechanism

• Credit report where there are statements regarding identification mismatch, fraud alert or credit freeze. 

Employee Action Steps

1. Do not process transaction until further information can be obtained
2. Unit should contact consumer reporting agency to validate identifying information
3. If validation is acceptable, proceed with customer initiation activity
4. If validation is not acceptable, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #2 - Notice of a credit freeze in response to a request for a consumer report:

Examples of Detection Mechanism

• Credit report where there are statements regarding identification mismatch, fraud alert or credit freeze.

Employee Action Steps

1. Do not process transaction until further information can be obtained
2. Unit should contact consumer reporting agency to validate identifying information
3. If validation is acceptable, proceed with customer initiation activity
4. If validation is not acceptable, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #3 – Consumer reporting agency provides a notice of address discrepancy:

Examples of Detection Mechanism

• Credit report where there is an indication of an address discrepancy

Employee Action Steps

1. Do not process transaction until further information can be obtained
2. Unit should contact consumer reporting agency to validate identifying information
3. If validation is acceptable, proceed with customer initiation activity
4. If validation is not acceptable, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #4 – Unusual credit activity, such as an increased number of accounts or inquiries:

Examples of Detection Mechanism

• Credit report where there is an indication of an unusual number of inquiries

Employee Action Steps

1. Do not process transaction until further information can be obtained
2. Unit should contact consumer reporting agency to validate identifying information
3. If validation is acceptable, proceed with customer initiation activity
4. If validation is not acceptable, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #5 – Document provided for identification appears to be altered or forged:

Examples of Detection Mechanism

• Picture on identification is not representative of customer
• Picture on identification is blurry
• Signature on presented identification does not match signature on any available application
• Identification contains unusual typeface or typographical errors
• Identification appears to have white-out, taped, Xeroxed, etc.

Employee Action Steps

1. Request additional government issued ID
2. If second identification is satisfactory, proceed with the customer initiation activity
3. If second identification is not satisfactory, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #6 – Photograph on identification is inconsistent with the appearance of the customer:

Examples of Detection Mechanism

• Picture on identification is not representative of customer
• Picture on identification is blurry

Employee Action Steps

1. Request additional government issued ID
2. If second identification is satisfactory, proceed with the customer initiation activity
3. If second identification is not satisfactory, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #7 – Information on identification is inconsistent with information provided by the person opening the account:

Examples of Detection Mechanism

• Name, address or other information from identification does not match application form

Employee Action Steps

1. Ask customer to clarify discrepancy and provide additional government issued ID, if necessary
2. If explanation is reasonable, proceed with the customer initiation activity
3. If explanation is not satisfactory, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #8 – Information on identification (such as signature) is inconsistent with existing information on file:

Examples of Detection Mechanism

• Name, address or other information from identification does not match application form

Employee Action Steps

1. Ask customer to clarify discrepancy and provide additional government issued ID, if necessary
2. If explanation is reasonable, proceed with the customer initiation activity
3. If explanation is not satisfactory, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #9 – Application appears to be forged, altered or destroyed and reassembled:

Examples of Detection Mechanism

• Signature on completed application does not match signature on identification or other documentation
• Application appears to have white-out, taped, Xeroxed, etc.

Employee Action Steps

1. Request additional government issued ID
2. If second identification is satisfactory, proceed with the customer initiation activity
3. If second identification is not satisfactory, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #10A – Information on identification does not match the address in a consumer report or existing system/application:

Examples of Detection Mechanism

• Name, address or other information from identification does not match application form

Employee Action Steps

1. Ask customer to clarify discrepancy and provide additional government issued ID, if necessary
2. If explanation is reasonable, proceed with the customer initiation activity
3. If explanation is not satisfactory, do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #10B – Social security number provided has not been issued or appears on the SSA Death Master File:

Employee Action Steps

1. Verify SSN via Social Security Number Verification Service
2. If SSN appears valid, proceed with customer initiation activity
3. If SSN does not appear valid, ask customer to confirm the number
4. If same number is provided, do not proceed and report to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #11 – Range in the social security number does not correlate to the date of birth:

Employee Action Steps

1. Verify SSN via Social Security Number Verification Service
2. If SSN appears valid, proceed with customer initiation activity
3. If SSN does not appear valid, ask customer to confirm the number
4. If same number is provided, do not proceed and report to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #12 – Personal identifying information has been associated with known fraud activity:

Examples of Detection Mechanism

• Person’s name has been included in a University alert
• Person’s name appears on a list of individuals writing bad checks

Employee Action Steps

1. Do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #13 – Suspicious address is supplied (e.g., mail drop, prison, pager/answering service):

Employee Action Steps

1. Do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #14 – SSN matches that submitted by another person opening an account:

Employee Action Steps

1. Verify SSN via Social Security Number Verification Service
2. If SSN appears valid, proceed with customer initiation activity
3. If SSN does not appear valid, ask customer to confirm the number
4. If same number is provided, do not proceed and report to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #15 – Address or phone number matches that supplied by a large number of applicants:

Employee Action Steps

1. Do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #16 – Person opening the account is unable to supply identifying information after notification of incomplete application:

Employee Action Steps

1. Do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #17 – Personal information is inconsistent with information already on file:

Examples of Detection Mechanism

• Name, address or other information from identification does not match application form or other documents

Employee Action Steps

1. Ask customer to clarify discrepancy and provide additional government issued ID, if necessary
2. If explanation is reasonable, proceed with the customer initiation activity
3. If explanation is not satisfactory, do not proceed and report to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #18 – Person opening an account or customer is unable to correctly answer challenge questions:

Employee Action Steps

1. Do not proceed with the customer initiation activity and report the incident to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #19 – Shortly after change of address, request for additional users of the account is received:

Employee Action Steps

1. Ask customer to clarify discrepancy and provide additional government issued ID, if necessary
2. If explanation is reasonable, proceed with the customer initiation activity
3. If explanation is not satisfactory, do not proceed and report to supervisor

Supervisor Action Steps

1. Notify customer that the transaction cannot be processed
2. Collect and retain any documents for potential evidence
3. Report incident to the University Police as appropriate

Red Flag #20 – Most available credit used for cash advances, jewelry, electronics and/or customer fails to make first payment:

Employee Action Steps

1. Not applicable

Supervisor Action Steps

1. Not applicable

Red Flag #21 – Drastic changes in payment patterns, use of available credit or spending patterns:

Employee Action Steps

1. Not applicable

Supervisor Action Steps

1. Not applicable

Red Flag #22 – Inactive account suddenly exhibits unusual activity:

Employee Action Steps

1. Not applicable

Supervisor Action Steps

1. Not applicable

Red Flag #23 – Mail sent to customer repeatedly returned as undeliverable despite ongoing transactions:

Employee Action Steps

1. Not applicable

Supervisor Action Steps

1. Not applicable

Red Flag #24 – Customer indicates they are not receiving paper account statements:

Employee Action Steps

1. Not applicable

Supervisor Action Steps

1. Not applicable

Red Flag #25 – Customer notifies of unauthorized charges or transactions:

Employee Action Steps

1. Not applicable

Supervisor Action Steps

1. Not applicable

Red Flag #26 – Institution notified that it has opened a fraudulent account for a person engaged in identity theft:

Employee Action Steps

1. Not applicable

Supervisor Action Steps

1. Not applicable

Red Flag #1 – Fraud alert is included with a consumer report:

Examples of Detection Mechanism 

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #2 – Notice of a credit freeze in response to a request for a consumer report:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #3 – Consumer reporting agency provides a notice of address discrepancy:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #4 – Unusual credit activity, such as an increased number of accounts or inquiries:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #5 – Document provided for identification appears to be altered or forged:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #6 – Photograph on identification is inconsistent with the appearance of the customer:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #7 – Information on identification is inconsistent with information provided by the person opening the account:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #8 – Information on identification (such as signature) is inconsistent with existing information on file:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #9 – Application appears to be forged, altered or destroyed and reassembled:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #10A – Information on identification does not match the address in a consumer report or existing system or application:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #10B – Social security number provided by customer has not been issued or appears on the SSA Death Master File:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #11 – Range in the social security number does not correlate to the date of birth:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #12 – Personal identifying information has been associated with known fraud activity:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #13 – Suspicious address is supplied, such as a mail drop or prison or phone numbers associated with pagers or answering service:

Examples of Detection Mechanism

• Payment sent by mail statement indicates suspicious change of address or phone number

Employee Action Steps

1. Call the customer to verify change
2. If the change is valid, proceed with change
3. If the change appears to be suspicious, report the incident to supervisor

Supervisor Action Steps

1. Collect and retain any documents for potential evidence
2. Report the incident to University Police as appropriate
3. Report any financial fraud per the Financial Fraud Reporting Policy

Red Flag #14 – Social security number provided matches that submitted by another person opening an account or other customers:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #15 – An address or phone number matching that supplied by a large number of applicants:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #16 – Person opening the account is unable to supply identifying information in response to notification that an application is incomplete:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #17 – Personal information is inconsistent with information already on file:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #18 – Person opening an account or customer is unable to correctly answer challenge questions:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #19 – Shortly after change of address is received, receive request for additional users of the account:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #20 – Most of the available credit is used for cash advances, jewelry or electronics and/or customer fails to make first payment:

Examples of Detection Mechanism

• First payment is missed on account

Employee Action Steps

1. If first payment is missed, review the application to verify that the account is not fraudulent
2. If the application detects fraudulent activity, report the incident to supervisor

Supervisor Action Steps

1. Collect and retain any documents for potential evidence
2. Report the incident to University Police as appropriate
3. Report any financial fraud per the Financial Fraud Reporting Policy

Red Flag #21 – Drastic changes in payment patterns, use of available credit or spending patterns:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #22 – An account that has been inactive for a lengthy time suddenly exhibits unusual activity:

Examples of Detection Mechanism

• Not applicable

Employee Action Steps

• Not applicable

Supervisor Action Steps

• Not applicable

Red Flag #23 – Mail sent to customer repeatedly returned as undeliverable despite ongoing transactions on active account:

Employee Action Steps

1. Call the customer to verify address
2. If the change is valid, proceed with change
3. If the change appears to be suspicious, report the incident to supervisor

Supervisor Action Steps

1. Collect and retain any documents for potential evidence
2. Report the incident to University Police as appropriate
3. Report any financial fraud per the Financial Fraud Reporting Policy

Red Flag #24 – Customer indicates that they are not receiving paper account statements:

Examples of Detection Mechanism

• Customer did not receive their statement

Employee Action Steps

1. Verify address with customer
2. If the customer states that the address on file is incorrect, verify the customer’s personal identification and obtain correct address. If information cannot be verified, report the incident to supervisor
3. If the customer states that the address on file is correct, refer the customer to the US Postal Service for further investigation

Supervisor Action Steps

1. Collect and retain any documents for potential evidence
2. If the customer cannot produce verifying information, report the incident to University Police as appropriate
3. Report any financial fraud per the Financial Fraud Reporting Policy

Red Flag #25 – Customer notifies that there are unauthorized charges or transactions on customer’s account:

Examples of Detection Mechanism

• Upon receiving their statement, the customer notices unauthorized charges or transactions

Employee Action Steps

1. Review statement transactions with customer to verify that the transactions were fraudulent
2. If the employee believes the transaction to be fraudulent, report the incident to supervisor

Supervisor Action Steps

1. Collect and retain any documents for potential evidence
2. Report the incident to University Police as appropriate
3. Report any financial fraud per the Financial Fraud Reporting Policy

Red Flag #26 – Institution notified that it has opened a fraudulent account for a person engaged in identity theft:

Employee Action Steps

1. Review statement transactions with customer to verify that the transactions were fraudulent
2. If the transaction appears to be fraudulent, report the incident to supervisor

Supervisor Action Steps

1. Collect and retain any documents for potential evidence
2. Report the incident to University Police as appropriate
3. Report any financial fraud per the Financial Fraud Reporting Policy

Red Flag #27 – Other:

Employee Action Steps

1. If the transaction appears to be fraudulent, report the incident to supervisor

Supervisor Action Steps

1. Collect and retain any documents for potential evidence
2. Report the incident to University Police as appropriate
3. Report any financial fraud per the Financial Fraud Reporting Policy

Note: All of the following steps should be reviewed on an annual basis. 

1. Review internal processes where goods, services or credit are provided to customers and implement the guidelines as necessary.
   1. Develop a compliance plan for your college or department to meet the requirements of the university red flags policy. Determine which of the 26 red flags apply to your business practices and which of the university red flag guidelines you should incorporate into your plan.
   2. Your compliance plan should begin with an assessment of your current business practices. Identify areas in your business processes where there is risk for identity theft to occur.
   3. Consider the types of accounts and the number of ways those accounts are created or assessed. Have you been defrauded before by someone using stolen information? How was it done? Are they process or technology based?
   4. The compliance plan should include details such as roles and responsibilities of each staff member.
2. Update internal control structure or standard operating procedures as appropriate to reflect university guidelines.
   1. Determine the risk associated with each of your business processes.
   2. Determine whether you have proper controls in place or whether you should add some. Do gaps exist in your business procedures to identify individuals establishing university accounts? Do your procedures require a customer to present a photo identification to establish an account?
   3. Your compliance plan may incorporate documenting and reinforcing many of your existing controls.
3. Annually review internal processes, control structures and standard operating procedures for continued compliance with guidelines.
   1. The updates should document the action steps as defined in the Identity Theft Red Flags guidelines and how these guidelines will be applied within your unit.
   2. Don’t forget to update any internal training manuals or other materials.
4. Identify employees who must complete training and ensure that training is completed in BuckeyeLearn.
   1. Ensure that your staff receives the necessary training. This includes training on the unit’s internal processes as well as taking the online red flags training. Make sure that you and your staff are familiar with university policies related to protecting identifying information.
   2. New employees will need to complete this training within two weeks of their hire date.

Questions regarding the policy and training should be directed to the University Bursar (internalbursar@osu.edu).