City of Brentwood
Home PageContact Us!Back

City Administration

2010 Council Goals and Strategic Plan | City Council Members | Calendar of Events | Elections
eNotification | Sub-Committees| Pledge of Allegiance Sign Ups | Invocation Sign Up
Live Streaming Council Meeting | Streaming PC Help |
Streaming Mac Help |

Current Council Agenda and Past Meeting Information

 CITY COUNCIL AGENDA ITEM NO. 4



Meeting Date: October 28, 2008

Subject/Title: Adopt a Resolution Approving City Council/Administrative Policy No. 10-17, Identity Theft Prevention Program – Red Flags

Prepared by: Denise Davies, Chief Financial Operations Officer

Submitted by: Pamela Ehler, Director of Finance and Information Systems



RECOMMENDATION
Adopt a Resolution approving City Council/Administrative Policy No. 10-17, Identity Theft Prevention Program – Red Flags.

PREVIOUS ACTION
None.

BACKGROUND
The City of Brentwood, as a municipal utility, is considered a creditor subject to requirements imposed by the Federal Trade Commission’s (FTC) Red Flags Rule. The FTC Red Flags Rule implemented the Fair and Accurate Credit Transactions Act of 2003. Under this Act, creditors are required to implement written programs which provide for detection of and response to specific activities (“Red Flags”) that could be related to identity theft. The original deadline for compliance was November 1, 2008. On October 22nd, the FTC extended the deadline for compliance to May 1, 2009 to allow creditors more time to develop and implement programs.

Each program must contain reasonable procedures to:

• Identify relevant Red Flags for new and existing covered accounts and incorporate those Red Flags into the Program.
• Detect Red Flags that have been incorporated into the Program.
• Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft.
• Ensure the Program is updated periodically to reflect changes in risks to customers and/or to the safety and soundness of the creditor for identity theft.

City Council/Administrative Policy No. 10-17, Identity Theft Prevention Program – Red Flags meets the requirements set forth by the FTC.

As part of day to day standard operating procedures, utility billing staff looks out for suspicious documents and activities. Strict confidentiality requirements are in place to secure credit card and banking data submitted by customers.


The City of Brentwood has not experienced a large amount of loss due to fraudulent activity involving identity theft. Utility Billing received (4) four customer reported incidents of possible identity theft in fiscal year 2007/08. These involved lost or stolen credit cards or checks. These resulted in no losses to the City of Brentwood. Thus far for fiscal year 2008/09, the City has experienced two (2) reportable incidents involving fraudulent credit card use totaling $608.93. As outlined in the Collection Policy, collection efforts will be followed in order to recover the $608.93.

FISCAL IMPACT
There is no fiscal impact associated with the adoption of City Council/Administrative Policy No. 10-17, Identity Theft Prevention Program – Red Flags.



Attachment:
Resolution
City Council/Administrative Policy No. 10-17, Identity Theft Prevention Program – Red Flags



RESOLUTION NO.


A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF BRENTWOOD APPROVING CITY COUNCIL/ADMINISTRATIVE POLICY NO. 10-17, IDENTITY THEFT PREVENTION PROGRAM – RED FLAGS


WHEREAS, the City of Brentwood is identified as a municipal utility by the Federal Trade Commission (FTC); and

WHEREAS, as part of the requirements imposed by the FTC’s Red Flags Rule, all municipal utilities are considered creditors; and

WHEREAS, as a creditor under the FTC Red Flag Rules, the City is required to establish an Identity Theft Prevention Program by May 1, 2009; and

WHEREAS, City Council/Administrative Policy No. 10-17, Identity Theft Prevention Program – Red Flags meets the requirements set forth by the FTC.

NOW, THEREFORE, BE IT RESOLVED by the City Council of the City of Brentwood, that the City Council/Administrative Policy No. 10-17, Identity Theft Prevention Program – Red Flags is approved as detailed in the attached Exhibit “A”.

PASSED, APPROVED AND ADOPTED by the City Council of the City of Brentwood at a regular meeting on the 28th day of October 2008 by the following vote:


1. PURPOSE

To establish a policy for identity theft prevention pursuant to the Federal Trade Commission’s Red Flags Rule which implements the Fair and Accurate Credit Transactions Act of 2003.

Under the Red Flag Rules, creditors are required to establish an Identity Theft Prevention Program (the “Program”) tailored to its size, complexity, and the nature of its operation. According to the rule, a municipal utility is a creditor subject to the requirements. Each Program must contain reasonable policies and procedures to:

• Identify relevant Red Flags for new and existing covered accounts and incorporate those Red Flags into the Program.

• Detect Red Flags that have been incorporated into the Program.

• Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft.

• Ensure the Program is updated periodically to reflect changes in risks to customers and/or to the safety and soundness of the creditor for identity theft.

2. POLICY

2.1 Identification of Red Flags

In order to identify relevant Red Flags, the types of utility accounts, the methods used to open, change, and access accounts, as well as previous experience with identity theft has been taken into account. The following are the categories of Red Flags:

2.1.1 Suspicious Documents

• Identification document or card that appears to be forged, altered, or inauthentic.
• Identification document or card on which a person’s photograph or physical description is not consistent with the person presenting the document.
• Identification is not consistent with the information that is on file for the customer.
• Other documentation with information that is not consistent with existing customer information (such as if a person’s signature on a check appears forged).
• Identifying information presented that is consistent with fraudulent activity (such as an invalid phone number or fictitious billing address).

2.1.2 Suspicious Activities

• Mail sent to the account holder is repeatedly returned as undeliverable.
• Notice that an account has unauthorized activity.
• Unauthorized access to or use of customer account information.
• A customer refuses to provide proof of identity when asked.

2.1.3 Alerts from Others

Notice of fraud from a customer, identity theft victim, law enforcement or other person.

2.2 Detecting and Responding to Red Flags

Red Flags will be detected as Utility Billing staff interacts with customers and third parties. An employee will be alerted to these Red Flags during the following processes:

2.2.1 Establishing a new utility account

When establishing a new account over the phone, a customer is asked to provide their driver’s license or identification number, date of birth, and last four digits of their social security number for identification purposes.

Response: If the customer refuses, they must present their identification in person. If the customer refuses to present their identification, the account will not be established.

2.2.2 Reviewing customer identification in order to establish an account, process a payment, or enroll the customer for an automatic bank draft

Staff may be presented with documents that appear altered or inconsistent with the information provided by the customer.

Response: Do not establish the account or accept payment until the customer’s identity has been confirmed.

2.2.3 Answering customer inquiries on the phone, via email or fax, and at the counter

Someone other than the account holder or co-applicant may ask for information about a utility account or may ask to make changes to the information on an account. A customer may also refuse to verify their identity when asking about an account.

Response: Inform the customer that the account holder or the co-applicant must give permission for them to receive information about the utility account. Do not make changes to or provide any information about the account unless such permission has been granted by the account holder. Permission may be granted over the phone once validation of identification information has taken place.



2.2.4 Receiving notification that there is unauthorized activity associated with a utility account, bank account, or credit card used to make payments on the account

Customers or others may call to alert the City about fraudulent activity related to their utility account and/or the bank account or credit card used to make payments on the account.

Response: Verify the customer’s identity and notify the Utility Billing Supervisor, Director of Finance and Information Systems, or designee immediately. Take the appropriate actions to correct the account which may include:

• Issuing a service order to connect or disconnect services.
• Assist the customer with deactivation of their payment method (automatic draft).
• Updating personal information on the utility account.
• Updating the mailing address on the utility account.
• Updating account notes to document the fraudulent activity.
• Adding a password to the account.
• Notifying and working with law enforcement officials.

2.2.5 Receiving notification that a utility account has been established for a person engaged in identity theft

Response: Immediately notify the Utility Billing Supervisor, the Director of Finance and Information Systems, or designee. The claim will be investigated, and appropriate action will be taken to resolve the issue as quickly as possible.

2.3 Confidential Credit Card and Bank Account Information

Credit card and bank account information must be treated as confidential and must not be left unattended. All documents containing this information must be locked when not in use. This confidential information may only be destroyed by shredding and in accordance with the Records Retention Policy.

3. ADMINISTRATION, OVERSIGHT AND TRAINING

The Utility Billing Supervisor will oversee the daily activities related to identity theft detection and prevention and ensure that all members of Utility Billing staff are trained to detect and respond to Red Flags. Training will occur annually, when the policy is revised or more frequently as situations of identity theft arise.

The Utility Billing Supervisor will prepare an annual report to the City Manager and Director of Finance and Information Systems. This report will address material matters related to the program and evaluate such issues as:

• The effectiveness of the policies and procedures in addressing the risk of identity theft in connection with utility billing accounts.

• Service provider arrangements.

• Significant incidents involving identity theft and the response to those incidents.

• Recommendations of material changes to the Program.

4. POLICY UPDATES

This policy will be reviewed at least annually and updated as needed based on experience with identity theft, changes to the types of accounts and/or programs offered, and procedural changes.


 
City Administration
City of Brentwood City Council
150 City Park Way
Brentwood, CA 94513
(925) 516-5440
Fax (925) 516-5441
E-mail allcouncil@brentwoodca.gov