"Red Flag" Consumer Protection Policy (BF-16, Rev 1)City Of
ADMINISTRATIVE
POLICIES AND PROCEDURES
MANUAL
SUBJECT:
"Red Flag" Consumer Protection Policy
Delray
NUMBER
REVISIONS
EFFECTIVE
PAGE 1 OF 2
BF -16
1
DATE:
Beach
October 1, 2015
SUPERSEDES
APPROVED BY:
BF -16, Rev. 0
(November 1, 2008)
Donald Cooper, City Manager
BF -16.0 Purpose:
This program is intended to identify red flags that will alert our employees when new or existing
accounts are opened using false information, protect against the establishment of false
accounts, provide methods to ensure existing accounts are not opened using false information
and measures to respond to such events.
BF -16.1 Risk Assessment
The City of Delray Beach Utility Customer Service Division has conducted an internal risk
assessment to evaluate how at risk the current procedures are at allowing customers to create
a fraudulent account and evaluate if current accounts are being manipulated. This risk
assessment evaluated how new accounts were opened and the methods used to access the
account information. Using this information the Utility Customer Service Division was able to
identify red flags that were appropriate to prevent identity theft on the following:
1. New accounts opened in person
2. New accounts opened via Fax
3. Account information accessed in person
4. Account information accessed via telephone
5. Account information accessed via fax
6. Identity theft occurred in the past from someone falsely using a current account or falsely
opening a utility account
BF -16.2 Detection (Red Flaps):
The City of Delray Beach Utility Customer Service Division has adopted the following red flags
to detect potential fraud. These are not intended to be all- inclusive and other suspicious activity
may be investigated as necessary.
1. Identification documents that appear to be altered
2. Photo and physical description do not match appearance of applicant
3. Other information is inconsistent with information provided by applicant or information on
file
4. Information provided is associated with known fraudulent activity (e.g. address or phone
number provided is same as that of a fraudulent application)
5. Customer fails to provide all information requested
6. Identity theft is reported or discovered
SUBJECT: "Red Flag" Consumer Protection Policy
NUMBER: BF -16, Rev. 1
PAGE: 2
BF -16.3 Response:
Any employee that may suspect fraud or detect a red flag will implement the following response
as applicable. All detections or suspicious red flags shall be reported immediately to the
Utilities Financial Manager.
1. Ask applicant for additional documentation
2. Notification of proper Division or Department Head: Any Utilities Customer Service
employee or any other City employee who becomes aware of a suspected or actual
fraudulent use of a customer's or potential customer's identity must notify the Utilities
Financial Manager or Chief Financial Officer.
3. Notify law enforcement: The Utilities Financial Manager or the Chief Financial Officer will
notify the City of Delray Beach Police Department and the City Attorney of any attempted
or actual identity theft.
4. Do not open the account.
5. Close the account.
6. Do not attempt to collect against the account but notify proper authorities.
BF -16.4 Personal Information Security Procedures:
The City of Delray Beach hereby adopts the following security procedures:
1. Paper documents, files, and electronic media containing secure information will be stored
in locked file cabinets after hours or stored in vault or in secure electronic file.
2. Only specially identified employees with a legitimate need will have access to the key to
the cabinet. Keys are kept in the safe except when locking or unlocking the file cabinet.
3. Files containing personally identifiable information are kept in locked file cabinets except
during work hours when an authorized employee is always present.
4. Employees will not leave uncovered sensitive papers out on their desks when they are
away from the area or at the end of the day.
5. Employees lock their computers when leaving their work areas unless the work area is
supervised.
6. Access to offsite storage facilities is limited with access keys in possession of City Clerk.
7. No visitor will be given any entry codes /cards or allowed unescorted access to the office.
8. Passwords will not be shared or posted near workstations.
9. When sensitive data is received or transmitted, secure connections will be used.
10. Computer passwords will be required.
11. Anti -virus and anti - spyware programs will be run on servers daily.
12. The computer network will have a firewall where your network connects to the Internet.
13. Check references or conduct background checks before hiring employees who will have
access to sensitive data.
14. Procedures exist for making sure that workers who leave our employ or transfer to
another part of the City no longer have access to sensitive information.