Policy Library

651 Red Flags

Authority: Approved by the Board of Trustees
Last updated on: December 09, 2022

651.1 Federal Requirements

This policy establishes Indiana State University’s Identity Theft Prevention Program, which helps protect students, employees and others who have certain accounts with the university.  The program is designed to detect, prevent, and mitigate theft as required by the Federal Trade Commission’s Red Flag Rule and the Fair and Accurate Credit Transaction Act.

651.2 Definitions

Covered Account. A consumer account designed to permit multiple payments or transactions, and any other account which there is a reasonable, foreseeable risk of identity theft, including, but not limited to:

  • Student accounts established for the payment of tuition, fees, room, board, and other charges related to university activities; and;
  • Personal accounts through which students/employees receive wages, reimbursements, or refunds; and;
  • Accounts tied to university identification cards.

Customer. A person who has a covered account with the university.  A customer may be a student, employee, or other individual.

Identity Theft.  A fraud committed or attempted using the identifying information of another person without his or her authority.

Red Flag. A pattern, practice or specific activity that could indicate identity theft.

651.3 Identity Theft Prevention Program

The university is committed to protecting its students, faculty, staff, and others who entrust their personal information with the university.  Common Red Flags include:

  1. Receipt of Notice of Dispute from a credit agency;
  2. Identification document or card that appears to be forged, altered or inauthentic;
  3. Identification document or card on which a person’s photograph or physical description is not consistent with the person presenting the document;
  4. Inconsistencies in information among different documents presented by the customer (example: inconsistent birth dates);
  5. Identifying information presented by the customer that is inconsistent with other sources of information;
  6. Social Security number presented that is the same as one given by another student or employee; and
  7. Notice to the university from an external source, student, or employee that an account has unauthorized activity.

The Identity Theft Prevention Program consists of this policy, which identifies common Red Flags, and other policies and procedures to detect and respond to Red Flags that occur.  The Senior Vice President for Finance and Administration is responsible for the Policy and establishment of an Identity Theft Prevention Committee to be charged with overseeing the program. 

The Committee is responsible for ensuring that reasonable policies and procedures exist to identify, detect, and respond to Red Flags relating to covered accounts.  The Committee is charged with reviewing existing university policies and procedures related to identity theft and incident reporting, and developing new policies and procedures as needed to ensure that the university maintains a high level of due diligence with respect to preventing, detecting, and mitigating identity theft.  The Committee will be responsible for establishing and maintaining routine training for staff in relevant positions, including training in how to identify a Red Flag, how to report a Red Flag, and how to mitigate against identity theft in Covered Accounts.  The Committee will also provide a report to the Senior Vice President for Finance and Administration in the fall, following the close of each fiscal year, regarding the University’s compliance with the Red Flags Rule.

Related Information

Policy Administrator:
Office of Finance and Administration
Policy Contact:
Office of the Controller
200 North 7th Street
(812) 237-3535
Policy History:
Policy 651 was created October 24, 2008 and most recently amended on October 24, 2011. Modifications to Policy 651 were approved by the Board of Trustees on December 9, 2022.