The University will appropriately respond to identified and detected red flags in order to prevent and mitigate identity theft. The response shall be commensurate with the degree of risk posed.
Once potentially fraudulent activity is detected, an employee must act quickly as a rapid, appropriate response can protect customers and the University from damages and loss.
Approved standards and responsive action must be maintained by each assigned resource based upon business and technical needs. The University recommends the following responses to red flags:
- Alert and involve a business unit manager
- Notify designated University official
- Monitor a covered account for evidence of identity theft
- Change any passwords, security codes, or other security devices that permit access to a covered account
- Close an existing covered account
- Reopen a covered account with a new account number if needed
- Contact customer
- Request additional documentation to validate identity
- Handle per regulatory requirements under law if applicable
- Notify law enforcement or regulatory entity
- Determine no response is warranted under the particular circumstances