HomeMy WebLinkAbout6654RESOLUTION No. 6654
A RESOLUTION OF THE CITY COUNCIL OF THE CITY
OF ARCADIA, CALIFORNIA, ESTABLISHING AN
IDENTITY THEFT PREVENTION PROGRAM IN
ACCORDANCE WITH THE FAIR AND ACCURATE
CREDIT TRANSACTION ACT OF 2003
WHEREAS, the Fair and Accurate Credit Transaction Act of 2003
("FACIA"), section 114, as implemented by the Red Flag Rules, 16 C.F.R. §
681.2, issued by the Federal Trade Commission along with other federal
agencies, requires creditors of customer accounts to implement an Identity Theft
Prevention Program; and
WHEREAS, the City of Arcadia is a creditor because it provides
services to customers prior to receipt of payment through customer accounts,
including utility service accounts, which are maintained primarily for personal,
family or household purposes and involve multiple payments or transactions,
and for which there is a reasonably foreseeable risk of identity theft; and
WHEREAS, the City of Arcadia is therefore required to implement an
Identity Theft Prevention Program; and
WHEREAS, the purpose of the Identify Theft Prevention Program is to
detect, prevent and mitigate identity theft in connection with all customer accounts,
taking into consideration the level of risk for identity theft given the Ciry of
Arcadia's scope of services provided and the types of accounts; and
WHEREAS, the Identify Theft Prevention Program is created to identify
patterns, practices and specific activities that indicate the possible existence of
identity theft, referred to as "Red Flags," and sets forth the procedures for
detecting Red Flags and responding to Red Flags when discovered; and
WHEREAS, the City Council desires to adopt and implement an Identity
Theft Protection Program as required under Federal Law.
NOW, THEREFORE, THE CITY COUNCIL OF THE CITY OF
ARCADIA, CALIFORNIA, DOES HEREBY FIND, DETERMINE AND
RESOLVE AS FOLLOWS:
SECTION 1. Adoption of Identity Theft Prevention Pro ram. The
City of Arcadia hereby adopts the "Identity Theft Prevention Program" attached
hereto as Exhibit "A"
SECTION 2. Designation of Authority. The City Council of the
City of Arcadia authorizes the City Manager or his designee to act on the City
Council's behalf to oversee the implementation and administration of the Identity
Theft Prevention Program in accordance with Federal Law.
2
SECTION 3. Amending the Identity Theft Prevention Pro rg am.
The Identity Theft Prevention Program may be amended from time to time as
needed based on, but not limited to, the following events: experience with
identity theft; changes to the types of accounts and/or programs offered; and
implementation of new systems and/or new vendor contracts.
SECTION 4. The City Clerk shall certify to the adoption of this
Resolution.
Passed, approved and adopted this zna day of December , 2008.
~-~~~
Mayor of the City of Arcadia
ATTEST:
~_'_' ~
ity Clerk
APPROVED AS TO FORM:
Stephen P. Deitsch
City Attorney
3
STATE OF CALIFORNIA )
COUNTY OF LOS ANGELES) SS:
CITY OF ARCADIA )
I, JAMES H. BARROWS, City Clerk of the City of Arcadia, hereby certifies
that the foregoing Resolution No. 6654 was passed and adopted by the City Council
of the City of Arcadia, signed by the Mayor and attested to by the City Clerk at a
regular meeting of said Council held on the 2nd day of December, 2008 and that said
Resolution was adopted by the following vote, to wit:
AYES: Council Member Amundson, Chandler, Kovacic, Wuo and Harbicht
NOES: None
ABSENT: None
~~...~ '~
ty Clerk of the City of Arcadia
4
Exhibit A
City of Arcadia
Identity Theft Prevention Program
This program is in response to and in compliance with the
Fair and Accurate Credit Transaction (FACT) Act of 2003
and
The final rules and guidelines for the FACT Act issued by the
Federal Trade Commission and federal bank regulatory agencies
in November 2007
Adopted December 2, 2008 -Resolution No. 6654
Identity Theft Prevention Program
Purpose
This document was created in order to comply with regulations issued by the Federal
Trade Commission (FTC) as part of the implementation of the Fair and Accurate Credit
Transaction (FACT) Act of 2003. The FACT Act requires that financial institutions and
creditors implement written programs which provide for detection of and response, to
specific activities ("red flags') that could be related to identity theft. These programs
must be in place by May 1, 2009. "
The FTC regulations require that the program must:
1. Identify relevant red flags and incorporate them into the program
2. Identify ways to detect red flags
3. Include appropriate responses to red flags
4. Address new and changing risks through periodic program updates
5. Include a process for administration and oversight of the program
' On October 22, 2008, the Federal Trade Commission (FTC) extended the required enforcement of new "Red Flags
Rule" from November 1, 2008 to May 1, 2009, to give creditors and financial institutions additional time in which to
develop and implement written identity theft prevention programs.
1
Program Details
Relevant Red Flaps
Red flags are warning signs or activities that alert a creditor to potential identity theft.
The guidelines published by the FTC include 26 examples of red flags which fall into the
five categories below:
Alerts, notifications, or other warnings received from consumer reporting
agencies or service providers
• Presentation of suspicious documents
• Presentation of suspicious personal identifying information
• Unusual use of, or other suspicious activity related to, a covered account
• Notice from customers, victims of identity theft, or law enforcement authorities
After reviewing the FTC guidelines and examples, the Utility Billing Services Division
determined that the following red flags are applicable to utility accounts. These red
flags, and the appropriate responses, are the focus of this program.
• Suspicious Documents and Activities
o Documents provided for identification appear to have been altered or
forged.
o The photograph on the identification is not consistent with the physical
appearance of the customer.
o Other information on the identification is not consistent with information
provided by the customer.
o The SSN provided by the customer belongs to another customer in the
City's Utility Billing Systems.
o The customer does not provide required identification documents when
attempting to establish a utility account or make a payment.
o A customer refuses to provide proof of identity when discussing an
established utility account.
o A person other than the account holder or co-applicant requests
information or asks to make changes to an established utility account.
• A customer notifies the Utility Billing Services Division of any of the following
activities:
o Utility statements are not being received
o Unauthorized changes to a utility account
2
o Unauthorized charges on a utility account
o Fraudulent activity on the customer's bank account or credit card that is
used to pay utility charges
• The Utility Billing Services Division is notified by a customer, a victim of identity
theft, or a member of law enforcement that a utilities account has been opened
for a person engaged in identity theft.
Detecting and Respondino to Red Flaas
Red flags will be detected as Utility Services staff interact with customers. An
employee will be alerted to these red flags during the following processes:
• Enrollino the customer in the automatic bank draft prooram or process a
payment: The Accounting Technician may be presented with documents that
appear altered or inconsistent with the information provided by the customer.
Response: Do not establish the utility account or accept payment until the
customer's identity has been confirmed.
• Answerino customer inquiries on the phone and at the counter: Someone other
than the account holder or co-applicant may ask for information about a utility
account or may ask to make changes to the information on an account. A
customer may also refuse to verify their identity when asking about an account.
Response: Inform the customer that the account holder or the co-applicant
must give permission for them to receive information about the utility account.
Do not make changes to or provide any information about the account, with one
exception: The Accounting Technician may provide the outstanding amount due.
• Receivino notification that there is unauthorized activity associated with a utility
account: Customers may call to alert the City about fraudulent activity related to
their utility account and/or the bank account or credit card used to make
payments on the account.
Response: Verify the customer's identity, and notify the Accounting Supervisor
immediately. Take the appropriate actions to correct the errors on the account,
which may include:
o Issuing a service order to connect or disconnect services
o Assisting the customer with deactivation of their payment method (credit
card or automatic bank draft)
3
o Updating personal information on the utility account
o Updating the mailing address on the utility account
o Updating account notes to document the fraudulent activity
o Adding a password to the account
o Notifying and working with law enforcement officials
• Receiving notification that a utilities account has been established for a person
engaged in identity theft.
Response: These issues should be escalated to the Accounting Supervisor
immediately. The claim will be investigated, and appropriate action will be taken
to resolve the issue as quickly as possible.
Additional procedures that help to protect against identity theft include:
• The City's Utility Billing System access is based on the role of the user. Only
certain job classifications have access to the entire system.
• The Financial Services Division will investigate ways to reduce the number of
paper receipts generated during credit card payment processing.
• The Financial Services Division will ensure that service providers that receive
and process utility billing information have programs in place to detect and
prevent identity theft.
4
Administration and Oversight of the Program
Designation of Authority
The City Council of City of Arcadia designates the authority to develop, oversee,
implement and administer the Program to the City Manager or his designee,
Administrative Services Director. As part of the Administrative Services Director's
oversight responsibilities for the Program, the Administrative Services Director is
required to review and approve all material changes to the Program as necessary to
address changing identity theft risks. The Administrative Services Director is also
responsible for reviewing reports prepared by The City's staff regarding the compliance
with FACTA and the Red Flag Rules requiring the implementation of an Identity Theft
Prevention Program.
~ecific roles are as follows:
The Accounting Supervisor will submit an annual report to the Financial Services
Manager/Treasurer and' the Administrative Services Director. The Accounting
Supervisor will also oversee the daily activities related to identity theft detection and
prevention, and ensure that all members of the Utility Division staff are trained to detect
and respond to red flags.
The Financial Services ManagerlTreasurer will provide ongoing oversight to ensure that
the program is effective.
The Administrative Services Director will review the annual report and approve
recommended changes to the program, both annually and on an as-needed basis.
Annual Reporting:
The annual report will address the effectiveness of the program, documents significant
incidents involving identity theft and related responses, provides updates related to
external service providers, and includes recommendations for material changes to the
program.
The report will be reviewed annually and with continuing updates to the Identity Theft
Prevention Program based on the following events:
• Experience with identity theft
• Changes to the types of accounts and/or programs offered
• Implementation of new systems and/or new vendor contracts
5