HomeMy WebLinkAboutCC RES 09-22RESOLUTION NO. 09-22
A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF
TUSTIN ADOPTING AN IDENTITY THEFT PREVENTION
PROGRAM
WHEREAS, pursuant to federal law the Federal Trade Commission adopted
Identity Theft Rules requiring the creation of certain policies relating to the detection,
prevention and mitigation of identity theft; and
WHEREAS, the Federal Trade Commission regulations, adopted as 16 C.F.R.
§681.2, require creditors, as defined by 15 U.S.C. § 1681 a(r)(5), to adopt red flag
policies to prevent and mitigate identity theft with respect to covered accounts; and
WHEREAS, 15 U.S.C. §1681a(r)(5) cites 15 U.S.C. §1691 a, which defines a
creditor as a person that extends, renews or continues credit, and defines "credit" in
part as the right to purchase property or services and defer payment thereof; and
WHEREAS, the City of Tustin is a creditor with respect to 16 C.F.R. §681.2 by
virtue of providing retail water service to its customers; and
WHEREAS, the Federal Trade Commission regulations define "covered account"
in part as an account that a creditor provides for personal, family or household purposes
that is designed to allow multiple payments or transactions and specifies that a utility
account is a covered account; and
WHEREAS, the Federal Trade Commission regulations require each creditor to
adopt an Identity Theft Prevention Program which will use red flags to detect, prevent
and mitigate identity theft related to information used in covered accounts; and
WHEREAS, the City provides retail water services for which payment is made
after the product is consumed; and
WHEREAS, the City Council desires to take action to comply with the applicable
FTC regulations by adopting an Identity Theft Prevention Program;
NOW, THEREFORE, IT IS RESOLVED, that the City Council of the City of Tustin
hereby adopts, and directs staff to implement, the Identity Theft Prevention Program
attached hereto as Exhibit "A".
BE IT FURTHER RESOLVED, that the City Finance Director, or his or her
designee, shall implement and administer the Identity Theft Prevention Program.
BE IT FURTHER RESOLVED, that the City Finance Director shall annually
review the Identity Theft Prevention Program to determine if any revisions are needed,
Resolution No. 09-22
Page 1 of 6
and is hereby authorized and directed to make any changes in the Identity Theft
Prevention Program that are found to be necessary.
PASSED, APPROVED, AND ADOPTED at a regular meeting of the City Council
of the City of Tustin held this 21St day of April, 2009.
PA TOKER
City Clerk
STATE OF CALIFORNIA )
COUNTY OF ORANGE ) SS
CITY OF TUSTIN )
I, Pamela Stoker, City Clerk and ex-officio Clerk of the City Council of the City of Tustin,
California, do hereby certify that the whole number of the members of the City Council of
the City of Tustin is five; that the above and foregoing Resolution No. 09-22 was duly
passed and adopted at a regular meeting of the Tustin City Council, held on the 21St day of
April, 2009, by the following vote:
COUNCILMEMBER AYES: Davert, Amante. Gavello. Nielsen. Palmer (5)
COUNCILMEMBER NOES: None (0)
COUNCILMEMBER ABSTAINED: None (0)
COUNCILMEMBER ABSENT: None (0)
PAME STOK
CITY CLERK
Resolution No. 09-22
Page 2 of 6
Attachment A
CITY OF TUSTIN
IDENTITY THEFT PREVENTION PROGRAM
Purpose
This program was created in order to comply with regulations issued by the Federal
Trade Commission (FTC) as part of the implementation of the Fair and Accurate Credit
Transaction (FACT) Act of 2003. The FACT Act requires that financial institutions and
creditors implement written programs which provide for detection of and response to
specific activities ("red flags") that could be related to identity theft.
The FTC regulations require that the program:
1. Identify relevant red flags and incorporate them into the program
2. Identify ways to detect red flags
3. Include appropriate responses to red flags
4. Address new and changing risks through periodic program updates
5. Include a process for administration and oversight of the program
Program Details
Relevant Red Flags
Red flags are warning signs or activities that alert a creditor to potential identity theft.
The guidelines published by the FTC include 26 examples of red flags which fall into the
following five categories:
Alerts, notifications, or other warnings received from consumer reporting agencies or
service providers
2. Presentation of suspicious documents
3. Presentation of suspicious personal identifying information
4. Unusual use of, or other suspicious activity related to, a covered account
5. Notice from customers, victims of identity theft, or law enforcement authorities
Resolution No. 09-22
Page 3 of 6
After reviewing the FTC guidelines and examples, the City's Finance Department
determined that the following red flags are applicable to utility accounts. These red
flags, and the appropriate responses, are the focus of this program.
• Suspicious Documents and Activities
o Documents provided for identification appear to have been altered or
forged.
o The photograph or physical description on the identification is not
consistent with the appearance of the applicant or customer presenting
the identification.
o Other information on the identification is not consistent with information
provided by the customer.
o A customer refuses to provide proof of identity when discussing an
established utility account.
o A person other than the account holder or co-applicant requests
information or asks to make changes to an established utility account.
• A customer notifies the City of any of the following activities:
o Account statements are not being received
o Unauthorized changes have been made to an account
o Unauthorized charges on an account
o Fraudulent activity on the customer's bank account or credit card that is
used to pay account charges
• The City is notified by a customer, a victim of identity theft, or a member of law
enforcement that an account has been opened for a person engaged in identity
theft.
Detecting and Responding to Red Flags
Red flags will be detected as City employees interact with customers. An employee will
be alerted to these red flags during the following processes:
• Reviewing customer identification in order to establish an account or process a
payment: Documents are presented that appear altered or inconsistent with the
information provided by the customer.
Resolution No. 09-22
Page 4 of 6
Response: Do not establish the account or accept payment until the customer's
identity has been confirmed.
• Answering customer inquiries on the phone via email and at the counter
Someone other than the account holder or co-applicant may ask for information
about an account or may ask to make changes to the information on an account.
A customer may also refuse to verify their identity when asking about an account.
Response: Inform the customer that the account holder or the co-applicant must
give permission for them to receive information about the account. Do not make
changes to or provide any information about the account, with one exception: if
the service on the account has been interrupted for non-payment, payment may
be accepted in the amount needed for connection of service.
• Receiving notification that there is unauthorized activity associated with an
account: Customers may call to alert the City about fraudulent activity related to
their account and/or the bank account or credit card used to make payments on
the account.
Response: Verify the customer's identity and notify the Finance Director or his or
her designee immediately. Take appropriate actions to correct the errors on the
account, which may include:
o Issuing a service order to connect or disconnect services
o Updating personal information on the account
o Updating the mailing address on the account
o Updating account notes to document the fraudulent activity
o Adding a password to the account
o Notifying and working with law enforcement officials
• Receiving notification that an account has been established fora person
engaged in identity theft.
Response: Notify the Finance Director or his or her designee immediately. The
claim will be investigated, and appropriate action will be taken to resolve the
issue as quickly as possible.
Administration and Oversight of the Program
The Finance Director or his or her designee shall review this program at least annually
and provide recommendations to the City Manager to update the program as needed
based on the following events:
Resolution No. 09-22
Page 5 of 6
• Experience with identity theft
• Changes to the types of accounts and/or programs offered
• Implementation of new systems and/or vendor contracts
Specific roles are as follows:
The Finance Director will oversee the daily activities related to identity theft detection
and prevention, and ensure that all members of the utility billing staff are trained to
detect and respond to red flags.
The Finance Director will provide ongoing oversight to ensure that the program is
effective.
The City Manager will review and approve recommended changes to the program, both
annually and on an as-needed basis.
The City Council must approve the initial program.
Resolution No. 09-22
Page 6 of 6