Identity Theft Prevention & the Red Flags Rule

In response to the growing threats of identity theft in the United States, Congress passed the Fair and Accurate Credit Transaction Act of 2003 (FACTA). Sections 114 and 315 of the act are the basis for what is commonly referred to as the Red Flags Rule.

The Red Flags Rule requires the University of Central Florida (UCF) to maintain an identity theft prevention program in compliance with FACTA. University Policy 2-105.1 – Identity Theft Prevention sets the framework for UCF’s Red Flags program.

The program applies to all university personnel who process transactions for covered accounts and/or have the ability and/or responsibility to alter personally identifiable information connected with one or more covered accounts. Employees are required to complete the Red Flags – ID Theft Protection Course (FSC113). Supervisors may request a list of individuals who have passed the course from the Finance and Accounting (F&A) Red Flags coordinator.

Covered accounts may be classified into one of the following two types:

Type 1: An account you offer your customer that involves multiple transactions or payments in arrears. Common examples are loans and billing for previous services rendered. Type 1 covered accounts are always covered under the Red Flags Rule.

Type 2: Any other account for which personally identifiable information is maintained AND there is a reasonably foreseeable risk to customers or to the safety and soundness of the university, including financial, operational, compliance, reputation, or litigation risks. This type of account is only covered under the Red Flags Rule if the risk of identity theft is reasonably foreseeable, thus requiring an assessment of risk.

The program is designed to identify and detect relevant warning signs (i.e. red flags) as well as prevent and mitigate identity theft perpetrated against covered account holders. The program will be updated periodically to reflect changes in risk. Departmental personnel must certify compliance on an annual basis by completing the Identity Theft Prevention Program Annual Assessment Worksheet.

The Red Flags FAQ section of this website provides examples of covered accounts and other important information.