A. Fulfilling Requirements of the Red Flags Rule. Under the red flags rule, every financial institution and creditor is required to establish an identity theft prevention program tailored to its size, complexity and the nature of its operation. The program must contain reasonable policies and procedures to:
1. Identify relevant red flags as defined in the rule and this program for new and existing covered accounts, and incorporate those red flags into the program;
2. Detect red flags that have been incorporated into the program;
3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
4. Update the program periodically to reflect changes in risks to customers or to the safety and soundness of the city from identity theft.
B. Red Flags Rule Definitions Used in this Program. For the purposes of this program, the following definitions apply:
Account. “Account” means a continuing relationship established by a person with a creditor to obtain a product or service for personal, family, household or business purposes.
Covered Account. A “covered account” means:
a. Any account the city offers or maintains primarily for personal, family or household purposes, that involves multiple payments or transactions; and
b. Any other account the city offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the city from identity theft.
Creditor. “Creditor” has the same meaning as defined in Section 701 of the Equal Credit Opportunity Act, 15 U.S.C. 1691a, and includes a person or entity that arranges for the extension, renewal or continuation of credit, including the city.
Customer. A “customer” means a person or business entity that has a covered account with the city.
Financial Institution. “Financial institution” means a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a customer.
Identifying Information. “Identifying information” means any name or number that may be used, alone or in conjunction with any other information, to identity a specific person, including name, address, telephone number, Social Security number, date of birth, government passport number, employer or taxpayer identification number or unique electronic identification number.
Identity Theft. “Identity theft” means fraud committed using the identifying information of another person.
Red Flag. A “red flag” means a pattern, practice, or specific activity that indicates the possible existence of identity theft.
Service Provider. “Service provider” means a person or business entity that provides a service directly to the city relating to or in connection with a covered account.