Policy Library
651 Red Flags
Authority: Approved by the Board of Trustees
Last updated on: December 09, 2022
651.1 Federal Requirements
This policy establishes Indiana State University’s Identity Theft Prevention Program, which helps protect students, employees and others who have certain accounts with the university. The program is designed to detect, prevent, and mitigate theft as required by the Federal Trade Commission’s Red Flag Rule and the Fair and Accurate Credit Transaction Act.
651.2 Definitions
Covered Account. A consumer account designed to permit multiple payments or transactions, and any other account which there is a reasonable, foreseeable risk of identity theft, including, but not limited to:
- Student accounts established for the payment of tuition, fees, room, board, and other charges related to university activities; and;
- Personal accounts through which students/employees receive wages, reimbursements, or refunds; and;
- Accounts tied to university identification cards.
Customer. A person who has a covered account with the university. A customer may be a student, employee, or other individual.
Identity Theft. A fraud committed or attempted using the identifying information of another person without his or her authority.
Red Flag. A pattern, practice or specific activity that could indicate identity theft.
651.3 Identity Theft Prevention Program
The university is committed to protecting its students, faculty, staff, and others who entrust their personal information with the university. Common Red Flags include:
- Receipt of Notice of Dispute from a credit agency;
- Identification document or card that appears to be forged, altered or inauthentic;
- Identification document or card on which a person’s photograph or physical description is not consistent with the person presenting the document;
- Inconsistencies in information among different documents presented by the customer (example: inconsistent birth dates);
- Identifying information presented by the customer that is inconsistent with other sources of information;
- Social Security number presented that is the same as one given by another student or employee; and
- Notice to the university from an external source, student, or employee that an account has unauthorized activity.
The Identity Theft Prevention Program consists of this policy, which identifies common Red Flags, and other policies and procedures to detect and respond to Red Flags that occur. The Senior Vice President for Finance and Administration is responsible for the Policy and establishment of an Identity Theft Prevention Committee to be charged with overseeing the program.
The Committee is responsible for ensuring that reasonable policies and procedures exist to identify, detect, and respond to Red Flags relating to covered accounts. The Committee is charged with reviewing existing university policies and procedures related to identity theft and incident reporting, and developing new policies and procedures as needed to ensure that the university maintains a high level of due diligence with respect to preventing, detecting, and mitigating identity theft. The Committee will be responsible for establishing and maintaining routine training for staff in relevant positions, including training in how to identify a Red Flag, how to report a Red Flag, and how to mitigate against identity theft in Covered Accounts. The Committee will also provide a report to the Senior Vice President for Finance and Administration in the fall, following the close of each fiscal year, regarding the University’s compliance with the Red Flags Rule.
Related Information
Policy Administrator:
Office of Finance and AdministrationPolicy Contact:
Office of the Controller200 North 7th Street
(812) 237-3535