防止身份盗窃计划

10月31日, 2007, the Federal Trade Commission and the federal financial institution regulatory agencies passed the final legislation to incorporate new sections 114 and 315 into the Fair and Accurate Credit Transactions Act of 2003 (FACTA). 这些新的部分被称为红旗规则. 根据红旗规则, 所有持有消费者账户的金融机构和债权人, 或其他有合理可预见的身份盗用风险的账户, is required to establish a documented 防止身份盗窃计划 that provides for the identification, 检测, 以及对模式的反应, 实践, 或者特定的活动——被称为“危险信号”——可能表明身份盗窃. 红旗活动的例子包括不寻常的帐户活动, 地址不符点, 由信用报告机构提供的针对选民消费者报告的欺诈警报, 或者试图使用可疑的账户应用程序.

因为大学提供学生贷款并收取一些服务的费用, 它被视为债权人,适用FACTA红旗规则. All University departments and employees responsible for providing student loans and/or collecting payment for services must participate in the 防止身份盗窃计划.

识别受保帐户

All University departments must first determine whether there are covered accounts within the business processes of their respective areas. Generally covered accounts distribute reimbursable University funds; extend, 更新, or continue credit; and allow the account owner to make multiple payments or transactions.

  • Student loans of University funds that are not funded by federal resources and are repaid by a payment schedule.
  • 分期付款和短期贷款.
  • Accounts that are created for ongoing services and allow students to reimburse when billed or over a period of time.
  • 任何类型的托收账户.

  • 由联邦政府资助的学生贷款,只由学校支付.
  • 按服务收费的应用程序,如食品服务, 通过停车, 通勤服务, 一次性保健服务, 诸如此类.
  • 收取图书馆罚款或停车传票等费用.
  • 金鹰卡账户.

以便识别相关的危险信号, University departments that offer or manage covered accounts must review and evaluate the methods utilized to open covered accounts, 允许访问覆盖的帐户, 以及之前所有已知的身份盗窃事件

  • 信用机构出具的信用报告附带的欺诈报告.
  • 信贷机构对客户或申请人的信贷冻结的通知或报告.
  • 信用机构对申请人发出的现役警报通知或报告.
  • Indication from a credit report of activity that is inconsistent with a campus constituent's usual pattern or activity.

  • 伪造、涂改或不真实的身份证明文件或证件.
  • Identification document or card on which a person's photograph or physical description is not consistent with the person presenting the document.
  • Other document with information that is not consistent with existing campus constituent's information, 比如一个人在支票上的签名看起来是伪造的.
  • 有涂改、伪造的服务申请书的.

  • Identifying information presented that is inconsistent with other information the campus constituent provided, 比如出生日期不一致.
  • Identifying information presented that is inconsistent with other sources of information, 比如地址和驾照上的地址不匹配.
  • Identifying information presented that is the same as information shown on other applications that were found to be fraudulent.
  • 识别与欺诈活动相一致的信息, 例如无效的电话号码或虚构的帐单地址.
  • Social security number presented that is the same as one given by another campus constituent.
  • An address or phone number presented that is the same as that of another person who is not a family member, 配偶, 和室友.
  • Failing to provide complete 个人 identifying information on an application when reminded to do so. 然而,提醒一下,根据法律,社会安全号码是不需要的.
  • Identifying information that is not consistent with the information on the official record for the campus constituent.

  • Change of address for an account followed by a request to change the account holder's name.
  • 付款停止在其他一致的最新帐户上.
  • 与以前的使用方式不一致的帐户,如非常频繁的活动.
  • 发送给帐户持有人的邮件多次被退回为无法投递.
  • Notification to the University that a campus constituent is not receiving mail sent by the University.
  • 违反任何大学或院系的电脑系统安全.
  • 未经授权访问或使用校园选民的帐户信息.

  • 校园选民向大学发出的通知书, 身份盗窃受害者, 或者执法机关认为已经发生身份盗窃.
  • Information from any person that they have opened or are maintaining a fraudulent account for a person engaged in identity theft or know of someone who has done so

以防止未来以任何方式发生身份盗窃的可能性, all University employees should take the following steps to protect campus constituent identifying information:

  • Keep offices and unlocked file cabinets clear of documents containing campus constituent identifying information. 确保文件柜, 橱柜, and closets containing confidential or 个人 information remain locked when unattended.
  • Never leave document containing confidential or 个人 information on printers or facsimile machines. 传真机密或个人资料前, contact the recipient to be sure they are standing by their fax to immediately retrieve the document.
  • Undertake complete and secure destruction of paper documents and computer files containing campus constituent information by using a confetti or pulp paper shredder.
  • Ensure all computers are password protected and that computers are locked [control/alt/delete, 然后输入[每当电脑无人看管时.
  • 随时保持最新的电脑防病毒保护.
  • Promptly report the loss or theft of any device that stores or transmits University data (e.g., computer, laptop, server, CD, DVD, electronic storage media, or smart phone) to University Police. Users must also promptly submit a Lost/Stolen Computer/Electronic Storage Device Report to 资讯科技保安及合规性.
  • 不要丢弃, 转移, 重新分配, 或者捐赠电脑, 笔记本电脑, 电子存储设备, 或媒体, or return any smart phones to a service provider without first cleansing the equipment of any confidential, 个人, 或者专有信息.
  • Departments and business units are responsible for ensuring that confidential information is encrypted on all electronic media.
  • 不要在公共网络上发送未加密的受保护的大学数据.
  • Do not remove constituent-identifying information from the campus without prior administrator authorization. 如果批准的话, 确保电子文件已加密, 笔记本电脑有密码保护, 文件和设备在任何时候都受到保护和监督.
  • If social security numbers (SSN) are required for financial reasons or verification of a campus constituent’s identity, 只请求最后4位数字. 只要有可能,使用校园识别号码(CIN)而不是SSN.
  • Require and keep only campus constituent information that is necessary for University business purposes. 大学资料必须保留, 担保, and destroyed in compliance with all legal and regulatory requirements while implementing appropriate best 实践.
  • Ensure that all Web site requests for confidential information use encrypted transport methods by forcing users to a 担保 site (i.e.(http),如果不可用,则提供明确的通知,说明网站不安全.