City of Lawrence
Identity Theft Prevention Program
for the
Community Development Block Grant and Home Investment Partnerships Programs
Implemented as of November 1, 2008
As Adopted by Resolution 6809
I. INTRODUCTION
The City of Lawrence, Kansas (the "City") developed this Identity Theft Prevention Program ("Program") pursuant to the Federal Trade Commission's (“FTC”) Red Flag Rule, which implements Section 114 of the Fair and Accurate Credit Transaction Act of 2003. 16 C. F. R. § 681.2 & 15 USCA § 1681c(h). This Program is designed to detect, prevent and mitigate Identity Theft in connection with the opening and maintenance of certain city accounts. For purposes of this Program, "Identity Theft" is considered to be "fraud committed using the identifying information of another person." The accounts addressed by the Program, (the "Accounts"), are defined as:
This Program was developed with oversight and approval of the Assistant Director of Planning and Development Services. After consideration of the size and complexity of the City’s operations and account systems, and the nature and scope of the City’s activities, the Governing Body, determined that this Program was appropriate for the City of Lawrence, Kansas, and therefore approved this Program on October 28, 2008.
II. IDENTIFICATION OF RED FLAGS.
A “Red Flag” is a pattern, practice, or specific activity that indicates the possible existence of Identity Theft. In order to identify relevant Red Flags, the City considered the types of assistance through grants that it offers and maintains and the methods it provides to verify qualification into the program. The City identifies the following Red Flags, in each of the listed categories:
A. Suspicious Documents.
1. Receiving documents that are provided for identification that appear to be forged or altered;
2. Receiving documentation on which a person’s photograph or physical description is not consistent with the person presenting the documentation;
3. Receiving other documentation with information that is not consistent with existing customer information (such as if a person’s signature on a check appears forged); and
4. Receiving an application for assistance that appears to have been altered or forged.
B. Suspicious Personal Identifying Information.
1. A person’s identifying information is inconsistent with other sources of information.
2. A person’s identifying information is inconsistent with other information the customer provides (such as inconsistent SSNs or birth dates);
3. A person’s identifying information is the same as shown on other applications found to be fraudulent;
4. A person fails to provide complete personal identifying information on an application when reminded to do so; and
5. A person’s identifying information is not consistent with the information that is on file for the customer.
III. DETECTION OF RED FLAGS.
In order to detect any of the Red Flags identified above with the request to participate in Community Development Division Programs, City personnel will take the following steps to obtain and verify the identity of the person requesting participation in the Programs:
1. Requiring certain identifying information such as name, date of birth, residential address, SSN, driver's license or other identification;
2. Verifying the customer's identity, such as by copying and reviewing a driver's license or other identification card.
3. Ownership Verification.
4. Ownership and Encumbrance.
5. Income and Asset verifications received.
6. Mortgage Status Verification.
7. Verification of Homeowner’s Insurance.
8. Independently contacting the customer.
In order to detect any of the Red Flags identified above for an existing project, City personnel will take the following steps to monitor transactions with the project:
1. Verifying the identification of customers if they request information (in person, via telephone, via facsimile, via email);
2. Do not share identity and banking information with anyone including the customer; require them to give the information and verify with the information on the account; and
3. Verifying changes in banking information given for third party verifications.
IV. PREVENTING AND MITIGATING IDENTITY THEFT.
In the event City personnel detect any identified Red Flags, such personnel shall take one or more of the following steps, depending on the degree of risk posed by the Red Flag:
1. Contacting the customer;
2. Notifying the Program Administrator (as defined below) for determination of the appropriate step(s) to take.
3. Notifying law enforcement;
4. Determining that no response is warranted under the particular circumstances;
In order to further prevent the likelihood of identity theft occurring with respect to City, the City will take the following steps with respect to its internal operating procedures:
1. Providing a secure website or clear notice that a website is not secure;
2. Ensuring complete and secure destruction of paper documents and computer files containing customer information;
3. Ensuring that office computers are password protected and that computer screens lock after a set period of time; and
4. Requiring only the last 4 digits of SSNs (if any);
5. Keep offices clear of papers containing customer information;
6. Review reports and documentation and delete any unneeded identity information;
7. Ensure computer virus protection is up to date; and
8. Require and keep only the kinds of customer information that is required by HUD for participation in the programs.
9. Secure information that is being stored for state or federal retention guidelines.
V. UPDATING THE PROGRAM AND THE RED FLAGS
This Program will be periodically reviewed and updated to reflect changes in risks to applicants and the soundness of the City from Identity Theft. At least annually the Assistant Director of Planning and Development Services will consider the City's experiences with Identity Theft situations, changes in Identity Theft methods, changes in Identity Theft detection and prevention methods, changes in types of programs the City maintains and changes in the City's business arrangements with other entities. After considering these factors, the Assistant Director of Planning and Development Services will determine whether changes to the Program, including the listing of Red Flags, are warranted. If warranted, the Assistant Director of Planning and Development Services will present the Governing Body with his or her recommended changes and the Governing Body will make a determination of whether to accept, modify or reject those changes to the Program.
VI. PROGRAM ADMINISTRATION.
A. Oversight
The City's Program will be overseen by a Program Administrator. The Program Administrator shall be the Assistant Director of Planning and Development Services.
The Program Administrator will be responsible for the Program's administration, for ensuring appropriate training of City staff on the Program, for reviewing any staff reports regarding the detection of Red Flags and the steps for preventing and mitigating Identity Theft, determining which steps of prevention and mitigation should be taken in particular circumstances, reviewing and, if necessary, approving changes to the Program.
B. Staff Training and Reports
City staff responsible for implementing the Program shall be trained either by or under the direction of the Program Administrator in the detection of Red Flags, and the responsive steps to be taken when a Red Flag is detected.
For the effectiveness of Identity Theft prevention Programs, a degree of confidentiality regarding the specific practices relating to Identity Theft detection, prevention and mitigation must be maintained. Therefore, under this Program, knowledge of such specific practices is to be limited to the Identity Theft Committee and those employees who need to know them for purposes of preventing Identity Theft. Because this Program is to be adopted by a public body and thus publicly available, it would be counterproductive to list these specific practices here. Therefore, only the program’s general red flag detection, implementation and prevention practices are listed in this document.