10.10 Account Protection Programs

Purpose

To establish an Identity Theft Prevention Program designed to detect, prevent, and mitigate identity theft in connection with opening a covered account or an existing covered account at the University of Northern Iowa.

This Program is established pursuant to the Federal Trade Commission's Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003.

Definitions

Account: A continuing relationship established as a result of becoming a student, accepting employment, or obtaining goods or service which includes an extension of credit involving a deferred payment.

Chapter 10: Legal Affairs

Covered Account: Accounts allowed by the University of Northern Iowa which are primarily for students, faculty, and staff and allow multiple payments or transactions; and any other accounts the University of Northern Iowa maintains for which there is a foreseeable risk to customers or to the safety and soundness of the University of Northern Iowa from identity theft, including financial, operational, compliance, reputation, or litigation risks.

Red Flag: A pattern, practice or specific activity that indicates the possible existence of identity theft.

Identity Theft: A fraud committed or attempted using the identifying information of another person without authority.

Identifying Information: Any name or number used (alone or in conjunction with any other information) to identify a specific person.

Policy

  1. University of Northern Iowa Identification of Covered Account
    1. Student – Accounts opened as part of being a registered student.
    2. Faculty and Staff – Accounts opened as a result of accepting employment.
    3. Non-Student – Accounts opened as a result of obtaining goods or services.   
  2. Establishment of an identity Theft Prevention Program
    1. The University of Northern Iowa establishes its program through the implementation of this policy. The Program is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account.   
  3. Elements of the Program
    1. The University of Northern Iowa will identify relevant Red Flags for covered accounts that the University offers or maintains and will incorporate those Red Flags into the Program.
    2. The University of Northern Iowa will put process and procedures in place to detect Red Flags that have been incorporated into the Program.
    3. The University of Northern Iowa will respond appropriately to any Red Flags that are detected in order to prevent and mitigate identity theft
    4. The University of Northern Iowa will ensure the Program (including the Red Flags determined to be relevant) is updated periodically, to reflect changes in risks to customers and to the safety and soundness of the University systems and services from identity theft.  
  4. Administration of the Program
    1. The initial program shall be approved by the Board of Regents, State of Iowa.
    2. Program oversight shall be the responsibility of the Director, Office of Business Operations and responsibility for the implementation of the program shall be assigned to the Bursar, Cashier Coordinator, and other designee(s) as necessary and appropriate. University staff will be trained as necessary to effectively implement the Program.
    3. At least annually, the Bursar, Cashier Coordinator, and any other designee(s) shall report to the Director, Office of Business Operations on the University of Northern Iowa’s compliance with the detection, prevention, and mitigation of identity theft.  
  5. Service Provider Arrangements
    1. When the University of Northern Iowa engages a service provider in connection with one or more covered accounts, the University will require the service provider by contract to have policies and procedures in place to detect relevant Red Flags that may arise in the performance of the service provider’s activities, and to report the Red Flags to the University of Northern Iowa, as well as to take appropriate steps to prevent or mitigate identity theft.  
  6. Identification of Red Flags
    1. When identifying relevant Red Flags, the University of Northern Iowa will consider, as appropriate, the types of covered accounts it offers or maintains, the methods it provides to open its covered accounts, the methods it provides to access its covered accounts, and its previous experiences with identity theft.  
  7. Identified Potential Red Flags and Corresponding Responses/Procedures
    1. The attachment to this section is to be updated periodically, to reflect changes in risks to students and customers and to the safety and soundness of the University systems and services from identity theft.
Red FlagResponse Policy  
UNI notified of unauthorized charges or transactions on customer's account1) Notify University Police2) Suspend charging ability3) Advise UNI departments to cease submitting charges for that account
Documents provided for identification appearimg altered or forged1) Refuse Service 2) Notify University Police 3) Retain altered or forged documents
Photograph on ID inconsistent with the appearance of customer  1) Request additional form of Photo ID to resolve inconsistency - if not resolved with additional form of Photo ID, or additional form not provided, refuse service 2) Notify University Police 3) Retain UNI ID card
Customer unable to correctly answer challenge questions.1) Refuse service  
Information discovered inconsistent with information already on file1) Contact customer to provide additional documentation to resolve discrepancy2) If any suspicion of fraud remains, notify University Police 
Personal identifying information associated with known fraud activity 1) Follow University Police procedures and policies  
Social Security Number provided matches that of another person 1) Request additional information to resolve SSN discrepancy 2) Resolution required or refuse service 3) If service refused, report to University Police
Social Security Number provided has not been issued or appears on the Social Security Administration's Death master File 1) Request additional information to resolve SSN discrepancy 2) Resolution required or refuse service3) If service refused, report to University Police
Lack of Correlation between Social Security Number range and date of birth 1) Request additional information to resolve SSN discrepancy 2) Resolution required or refuse service3) If service refused, report to University Police
Personal information provided inconsistent with information already on file (e.g. address) 1) Request additional information to resolve2) Resolution required or refuse service 
Excessive spending on discretionary items or drastic change in purchasing patterns 1) Contact customer to verify purchases are legitimate and ID card is not stolen 2) If any suspicion of fraud remains, suspend charging ability 3) If any suspicion of fraud remains, notify University Police
Mail sent to customer repeatedly returned as undeliverable despite ongoing transactions on active account1) Contact customer to determine correct address2) If unable to determine correct address, suspend charging ability until resolved 

 

Office of Business Operations, approved May 27, 2009
President's Cabinet, approved June 9, 2009
Board of Regents, State of Iowa, approved June 11, 2009
Updated by Office of Business Operations, February 21, 2018