Site Menu
- Policy & Standards
- University
- Institutional Data
- Disclosure or Exposure of Personal Information
- Responsible Use of University Computing and Network Resources
- Archives and Records Retention
- Merchant Services & Use of Credit Cards
- Deployment and Use of Wireless Data Networks
- Statement on Public Records
- Draft Identity Theft Red Flags
- State & Federal
- Institutional Data
- Training
- Tools & Templates
- Standards & Frameworks
- FAQ
- Alternative Identifiers
- Data Classification and Access Control
- Gramm-Leach-Bliley Training
- Identity Theft Red Flag Training
- Information Security Implementation Plan
- Institutional Data Policy
- Institutional Data Policy Training
- Red Flags
- Restricted Data
- Social Security Numbers
- University Security Standards
- Campus Resources
- Contact Us
- Site Map
What's New?
- Identity Theft Red Flags Training begins.
- Learn about an IT Security Framework.
Hot Topics
- Institutional Data Policy Training
- Restricted Data Elements
- Implementation Plan
- University Security Standards (UCSS)
- Relevant Federal Laws & Regulations
2008-2009 IT Security Implementation Plan update!
The dates for the quarterly implementation plan submissions have been updated to reflect the 2008-2009 schedule.
Incident Response
26 FACTA Red Flags
There are 26 red flags or alerts outlined in the regulation and shown below for your reference. If you have additional questions, try the Red Flags FAQ page.
- A fraud alert included with a consumer report
- Notice of a credit freeze in response to a request for a consumer report
- A consumer reporting agency providing a notice of address discrepancy
- Unusual credit activity, such as an increased number of accounts or inquiries
- Documents provided for identification appearing altered or forged
- Photograph on ID inconsistent with appearance of customer
- Information on ID inconsistent with information provided by person opening account
- Information on ID, such as signature, inconsistent with information on file
- Application appearing forged or altered or destroyed and reassembled
- Information on ID not matching any address in the consumer report, Social Security number has not been issued or appears on the Social Security Administrator’s Death Master File, a file of information associated with Social Security numbers of those who are deceased.
- Lack of correlation between Social Security number range and date of birth
- Personal identifying information associated with known fraud activity
- Suspicious addressed supplied, such as a mail drop or prison, or phone numbers associated with pagers or answering service
- Social Security number provided matches that submitted by another person opening an account or other customers
- An address or phone number matching that supplied by a large number of applicants
- The person opening the account unable to supply identifying information in response to notification that the application is incomplete
- Personal information inconsistent with information already on file
- Person opening account or customer unable to correctly answer challenge questions
- Shortly after change of address, creditor receives request for additional users of account
- Most of available credit used for cash advances, jewelry or electronics, plus customer fails to make first payment
- Drastic changes in payment patterns, use of available credit or spending patterns
- An account that has been inactive for a lengthy time suddenly exhibits unusual activity
- Mail sent to customer repeatedly returned as undeliverable despite ongoing transactions on active account
- Customer indicates that they are not receiving paper account statements
- Customer notifies that there are unauthorized charges or transactions on customer’s account
- Institution notified that it has opened a fraudulent account for a person engaged in identity theft
