TEMPLATE
Red Flags Rule Affiliate:_____________________________
____ Initial Self - Assessment
____ Annual Self - Assessment Date: ____________________
COMMENTS
(ie: process in place, pending procedure, pending training, etc., or address
√ Completed X Pending mitigation of actual event.)
1. Types of Covered Accounts - Inventory?
ie: Monthly billing plans
ie: Collection accounts
ie: Student loans
ie: Active / Inactive account classifications
2. Methods Used to Open Covered
Accounts - Implemented?
ie: Authenticate student identity
ie: Process of setting up a payment plan
includes verifying identity
ie: Challenge questions used in suspicious
circumstances
3. Methods Used to Maintain
Existing Accounts - Implemented?
ie: Authenticate students phone/mail from
internet by confirmation of personal
information
ie: Verify validity of change of address
request.
ie: Consider using passwords, PIN numbers,
etc. for identification purposes
4. Responding to Red Flag
Events - Implemented?
ie: Contacting the student
ie: Changing passwords, security codes, or
other ways to access a covered account
ie: Closing an existing account
ie: Re-opening account with a new account
number
ie: Not opening a new account
ie: Not trying to collect on account or not
sending account to collection
ie: Determining no response is warranted
under particular circumstances
11/29/2011 C:\Docstoc\Working\pdf\370b6144-c774-4791-965f-361af1738c69.xls Page 1 of 4
TEMPLATE
Red Flags Rule Affiliate:_____________________________
____ Initial Self - Assessment
____ Annual Self - Assessment Date: ____________________
COMMENTS
(ie: process in place, pending procedure, pending training, etc., or address
√ Completed X Pending mitigation of actual event.)
5. Evaluation of the Identity Theft
Prevention Program - Reviewed?
Annual review of policies
Assess education needs
Monitor program in high risk areas
Update program as technology changes and
red flag identification identifies areas of
weakness in program
6. Activities of Contracted Service
Providers - Reviewed?
Service Provider Contracts reviewed to require
process to detect, investigate, mitigate
identity theft
Some Examples of Red Flags:
Student questions bill
Alert via credit report
Student has a Social Security number (SSN)
but no card
Potential altering of identification presented
Address discrepancy
Duplicate SSN, Address, Phone
Inactive account used again
Presentation of suspicious documents
Covered Account # or type - student
presented with a different name on
identification card.
Notification of an identity theft
Unusual use of, or other suspicious activity
related to, a covered account
11/29/2011 C:\Docstoc\Working\pdf\370b6144-c774-4791-965f-361af1738c69.xls Page 2 of 4
Red Flags Risk Self - Assessment Source:
Review of Training and Education Sample:
Legend Purpose:
Y Procedure:
N Conclusion: Refer to results below.
N/A
Element RESPONSE COMMENTS
Refer to results below.