PrintUniversity of California, Los Angeles Identity Theft Prevention "Red Flags Rule" Implementation Plan Template
Note: Once an Implementation Plan is completed, it is to be considered a confidential document and not for public disclosure. Employees who prepare the plan or have access to it must take appropriate steps to ensure that the data therein is securely maintained.
This Implementation Plan is submitted in compliance with Part 681 of the Code of Federal Regulations implementing Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003, pursuant to the Federal Trade Commission's Red Flags Rule (“Rule”), and in accordance with the University of California Identity Theft Prevention “Red Flags Rule” Implementation Plan, and the University of California, Los Angeles Identity Theft Prevention “Red Flags Rule” Implementation Plan (UCLA Implementation Plan).
This Plan establishes departmental requirements and guidelines pursuant to the UCLA Implementation Plan including:
- Clearly identifying and documenting Covered Accounts.
- Establishing sources to identify Red Flags.
- Identifying the controls to detect, prevent and mitigate Identity Theft.
- Providing employee training.
- Ensuring compliance by third party service providers.
Department Name: _____________________________________________________
- Covered Accounts: The matrix attached to the UCLA Implementation Plan identifies the accounts covered by the Red Flag Rules. The Matrix will be updated periodically.
- Identified Red Flags:
- Notifications and Warnings:
- Suspicious Documents:
- Unusual Use of Accounts:
- Suspicious Identifying Information:
- Notifications and Warnings:
- Detection of Red Flags: The following actions will be taken to verify identity, authenticate customers, monitor transactions, and/or verify the validity of address changes:
- Mitigation of Identity Theft:
- On-Going Oversight and Plan Review:
- Third Party Contract Compliance:
- Employee Training:
Submitted by: _______________________ Title: ______________________________
Date: ______________________________
Red Flags Rule Covered Accounts Inventory Matrix Template
Department Name: __________________________________________________
Date: ______________________________________
|
Department/Sub-Department |
Description of Covered Account |
|
(e.g., Corporate Financial Services/Student Financial Services) |
(e.g., BruinCard) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
University of California, Los Angeles
Identity Theft Prevention “Red Flags Rule” Implementation Plan Template
Red Flag Regulation Compliance
Campus - Effective <date>
|
Identified Account |
Responsible Dept/Individual |
Relevant Red Flags |
Detection Mechanism |
Response Required |
Resolution |
Oversight |
Program Update |
Sr Mgmt Sign-Off |
Staff Training |
3rd Party Comply |
|
|
|
|||||||||||
|
Covered Account A |
|
Verify ID for alteration or forgery |
View identification |
Notify mgmt, no assistance |
Retain card, report |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
Verify the ID picture matches the customer |
View identification |
Notify mgmt, no assistance |
Retain card, report |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
Verify information on ID is consistent with information on file |
View identification |
Notify mgmt, no assistance |
Retain card, report |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
Sample Detailed steps for a covered account |
Verify requests for information updates are not altered, forged, or destroyed and reassembled |
Scrutinize paperwork submitted |
Notify mgmt, no assistance |
Retain paperwork, require new |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
||
|
|
|
No information shared if FERPA restriction |
FERPA flag in BAR |
No assistance |
No assistance |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
UID matches another customer. |
System pulls up two identities |
Notify mgmt, no assistance |
Investigate and resolve with management |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
Account is not consistent with regular patterns of activity |
Large deposits, rapid depletion of funds |
Notify mgmt, no assistance |
Investigate and resolve with management |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
Call or email if mail is returned twice |
Return mail documentation 448 screen |
Notify mgmt |
Investigate and resolve with management |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
Three different address changes in the past ninety (90) days. |
Return mail documentation 448 screen |
Notify mgmt |
Investigate and resolve with management |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
No information on an account if no UID and customer name |
Customer reports via phone, email, in person |
Notify mgmt, no assistance |
Notify mgmt, no assistance |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
No response regarding medical type services |
Customer reports via phone, email, in person |
No assistance |
No assistance |
Fraudulent activity - report to Director |
Review and update annually |
AVC |
Annually |
N/A |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Covered Account B |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|