Purpose:
Pursuant to UM Policy 11010, this document implements an Identity Theft Prevention Program (ITPP) as required by the Fair and Accurate Credit Transactions Act (FACT Act) of 2003. The University of Missouri has an obligation to take steps to detect, prevent and mitigate theft of personally identifiable financial information of the university’s customers to the extent reasonably possible.
Definitions: The following definitions apply to this program:
Account: a continuing relationship established by a person with the university to obtain a product or service for personal, family, household or business purposes. This includes an extension of credit, such as the purchase of services involving a deferred payment.
Covered Account: an account that the university offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or any other account that the university offers or maintains for which there is a reasonably foreseeable risk to customers from identity theft. A covered account includes certain types of arrangements in which an individual establishes a "continuing relationship" with the university, including billing for previous services rendered.
Customer: a person that has a covered account with the University of Missouri.
Identifying Information: information, such as a name or number, that may be used, alone or in conjunction with other information, to identify a specific person. Identifying information can include a person’s name, address, telephone number, social security number, birth date, driver’s license number, student identification number, or passport number.
Identity Theft: fraud or theft committed or attempted using the personal identifying information of another person without that person’s authority.
Red flag: a pattern, practice or specific activity that indicates the possible existence of identity theft.
Service Provider: any person or entity that provides a service to the university.
Workplace Information Security Manual (WISM): a checklist which department administrators must complete, designed to identify and correct weaknesses in the area of information security within a given department or workplace.
Procedure:
- Recognizing Identity Theft
- Each university department, college, or business unit which offers or maintains covered accounts must identify relevant Red Flags for that department, college, or business unit. The following should be considered in identifying relevant Red Flags:
- The types of covered accounts offered or maintained;
- The methods provided to open covered accounts;
- The methods provided to access covered accounts; and
- Previous experiences with identity theft.
- The following are examples of Red Flags that should be cons
- Each university department, college, or business unit which offers or maintains covered accounts must identify relevant Red Flags for that department, college, or business unit. The following should be considered in identifying relevant Red Flags: