Loading...
HomeMy WebLinkAbout6654RESOLUTION No. 6654 A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF ARCADIA, CALIFORNIA, ESTABLISHING AN IDENTITY THEFT PREVENTION PROGRAM IN ACCORDANCE WITH THE FAIR AND ACCURATE CREDIT TRANSACTION ACT OF 2003 WHEREAS, the Fair and Accurate Credit Transaction Act of 2003 ("FACIA"), section 114, as implemented by the Red Flag Rules, 16 C.F.R. § 681.2, issued by the Federal Trade Commission along with other federal agencies, requires creditors of customer accounts to implement an Identity Theft Prevention Program; and WHEREAS, the City of Arcadia is a creditor because it provides services to customers prior to receipt of payment through customer accounts, including utility service accounts, which are maintained primarily for personal, family or household purposes and involve multiple payments or transactions, and for which there is a reasonably foreseeable risk of identity theft; and WHEREAS, the City of Arcadia is therefore required to implement an Identity Theft Prevention Program; and WHEREAS, the purpose of the Identify Theft Prevention Program is to detect, prevent and mitigate identity theft in connection with all customer accounts, taking into consideration the level of risk for identity theft given the Ciry of Arcadia's scope of services provided and the types of accounts; and WHEREAS, the Identify Theft Prevention Program is created to identify patterns, practices and specific activities that indicate the possible existence of identity theft, referred to as "Red Flags," and sets forth the procedures for detecting Red Flags and responding to Red Flags when discovered; and WHEREAS, the City Council desires to adopt and implement an Identity Theft Protection Program as required under Federal Law. NOW, THEREFORE, THE CITY COUNCIL OF THE CITY OF ARCADIA, CALIFORNIA, DOES HEREBY FIND, DETERMINE AND RESOLVE AS FOLLOWS: SECTION 1. Adoption of Identity Theft Prevention Pro ram. The City of Arcadia hereby adopts the "Identity Theft Prevention Program" attached hereto as Exhibit "A" SECTION 2. Designation of Authority. The City Council of the City of Arcadia authorizes the City Manager or his designee to act on the City Council's behalf to oversee the implementation and administration of the Identity Theft Prevention Program in accordance with Federal Law. 2 SECTION 3. Amending the Identity Theft Prevention Pro rg am. The Identity Theft Prevention Program may be amended from time to time as needed based on, but not limited to, the following events: experience with identity theft; changes to the types of accounts and/or programs offered; and implementation of new systems and/or new vendor contracts. SECTION 4. The City Clerk shall certify to the adoption of this Resolution. Passed, approved and adopted this zna day of December , 2008. ~-~~~ Mayor of the City of Arcadia ATTEST: ~_'_' ~ ity Clerk APPROVED AS TO FORM: Stephen P. Deitsch City Attorney 3 STATE OF CALIFORNIA ) COUNTY OF LOS ANGELES) SS: CITY OF ARCADIA ) I, JAMES H. BARROWS, City Clerk of the City of Arcadia, hereby certifies that the foregoing Resolution No. 6654 was passed and adopted by the City Council of the City of Arcadia, signed by the Mayor and attested to by the City Clerk at a regular meeting of said Council held on the 2nd day of December, 2008 and that said Resolution was adopted by the following vote, to wit: AYES: Council Member Amundson, Chandler, Kovacic, Wuo and Harbicht NOES: None ABSENT: None ~~...~ '~ ty Clerk of the City of Arcadia 4 Exhibit A City of Arcadia Identity Theft Prevention Program This program is in response to and in compliance with the Fair and Accurate Credit Transaction (FACT) Act of 2003 and The final rules and guidelines for the FACT Act issued by the Federal Trade Commission and federal bank regulatory agencies in November 2007 Adopted December 2, 2008 -Resolution No. 6654 Identity Theft Prevention Program Purpose This document was created in order to comply with regulations issued by the Federal Trade Commission (FTC) as part of the implementation of the Fair and Accurate Credit Transaction (FACT) Act of 2003. The FACT Act requires that financial institutions and creditors implement written programs which provide for detection of and response, to specific activities ("red flags') that could be related to identity theft. These programs must be in place by May 1, 2009. " The FTC regulations require that the program must: 1. Identify relevant red flags and incorporate them into the program 2. Identify ways to detect red flags 3. Include appropriate responses to red flags 4. Address new and changing risks through periodic program updates 5. Include a process for administration and oversight of the program ' On October 22, 2008, the Federal Trade Commission (FTC) extended the required enforcement of new "Red Flags Rule" from November 1, 2008 to May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. 1 Program Details Relevant Red Flaps Red flags are warning signs or activities that alert a creditor to potential identity theft. The guidelines published by the FTC include 26 examples of red flags which fall into the five categories below: Alerts, notifications, or other warnings received from consumer reporting agencies or service providers • Presentation of suspicious documents • Presentation of suspicious personal identifying information • Unusual use of, or other suspicious activity related to, a covered account • Notice from customers, victims of identity theft, or law enforcement authorities After reviewing the FTC guidelines and examples, the Utility Billing Services Division determined that the following red flags are applicable to utility accounts. These red flags, and the appropriate responses, are the focus of this program. • Suspicious Documents and Activities o Documents provided for identification appear to have been altered or forged. o The photograph on the identification is not consistent with the physical appearance of the customer. o Other information on the identification is not consistent with information provided by the customer. o The SSN provided by the customer belongs to another customer in the City's Utility Billing Systems. o The customer does not provide required identification documents when attempting to establish a utility account or make a payment. o A customer refuses to provide proof of identity when discussing an established utility account. o A person other than the account holder or co-applicant requests information or asks to make changes to an established utility account. • A customer notifies the Utility Billing Services Division of any of the following activities: o Utility statements are not being received o Unauthorized changes to a utility account 2 o Unauthorized charges on a utility account o Fraudulent activity on the customer's bank account or credit card that is used to pay utility charges • The Utility Billing Services Division is notified by a customer, a victim of identity theft, or a member of law enforcement that a utilities account has been opened for a person engaged in identity theft. Detecting and Respondino to Red Flaas Red flags will be detected as Utility Services staff interact with customers. An employee will be alerted to these red flags during the following processes: • Enrollino the customer in the automatic bank draft prooram or process a payment: The Accounting Technician may be presented with documents that appear altered or inconsistent with the information provided by the customer. Response: Do not establish the utility account or accept payment until the customer's identity has been confirmed. • Answerino customer inquiries on the phone and at the counter: Someone other than the account holder or co-applicant may ask for information about a utility account or may ask to make changes to the information on an account. A customer may also refuse to verify their identity when asking about an account. Response: Inform the customer that the account holder or the co-applicant must give permission for them to receive information about the utility account. Do not make changes to or provide any information about the account, with one exception: The Accounting Technician may provide the outstanding amount due. • Receivino notification that there is unauthorized activity associated with a utility account: Customers may call to alert the City about fraudulent activity related to their utility account and/or the bank account or credit card used to make payments on the account. Response: Verify the customer's identity, and notify the Accounting Supervisor immediately. Take the appropriate actions to correct the errors on the account, which may include: o Issuing a service order to connect or disconnect services o Assisting the customer with deactivation of their payment method (credit card or automatic bank draft) 3 o Updating personal information on the utility account o Updating the mailing address on the utility account o Updating account notes to document the fraudulent activity o Adding a password to the account o Notifying and working with law enforcement officials • Receiving notification that a utilities account has been established for a person engaged in identity theft. Response: These issues should be escalated to the Accounting Supervisor immediately. The claim will be investigated, and appropriate action will be taken to resolve the issue as quickly as possible. Additional procedures that help to protect against identity theft include: • The City's Utility Billing System access is based on the role of the user. Only certain job classifications have access to the entire system. • The Financial Services Division will investigate ways to reduce the number of paper receipts generated during credit card payment processing. • The Financial Services Division will ensure that service providers that receive and process utility billing information have programs in place to detect and prevent identity theft. 4 Administration and Oversight of the Program Designation of Authority The City Council of City of Arcadia designates the authority to develop, oversee, implement and administer the Program to the City Manager or his designee, Administrative Services Director. As part of the Administrative Services Director's oversight responsibilities for the Program, the Administrative Services Director is required to review and approve all material changes to the Program as necessary to address changing identity theft risks. The Administrative Services Director is also responsible for reviewing reports prepared by The City's staff regarding the compliance with FACTA and the Red Flag Rules requiring the implementation of an Identity Theft Prevention Program. ~ecific roles are as follows: The Accounting Supervisor will submit an annual report to the Financial Services Manager/Treasurer and' the Administrative Services Director. The Accounting Supervisor will also oversee the daily activities related to identity theft detection and prevention, and ensure that all members of the Utility Division staff are trained to detect and respond to red flags. The Financial Services ManagerlTreasurer will provide ongoing oversight to ensure that the program is effective. The Administrative Services Director will review the annual report and approve recommended changes to the program, both annually and on an as-needed basis. Annual Reporting: The annual report will address the effectiveness of the program, documents significant incidents involving identity theft and related responses, provides updates related to external service providers, and includes recommendations for material changes to the program. The report will be reviewed annually and with continuing updates to the Identity Theft Prevention Program based on the following events: • Experience with identity theft • Changes to the types of accounts and/or programs offered • Implementation of new systems and/or new vendor contracts 5