Code of Ordinances

of Union County, Illinois.

Ordinance Chapter: Division I - Prevention Policy

In the event one of the County’s cus­tomers becomes a vic­tim of iden­ti­ty theft, the fol­low­ing steps will be tak­en, as appro­pri­ate, to assist them:

(A) Have trained per­son­nel respond to cus­tomer calls regard­ing iden­ti­ty theft or pre­text calling.

(B) Deter­mine if it is nec­es­sary to close an account imme­di­ate­ly after a cus­tomer reports unau­tho­rized use of that account and cre­ate a new cus­tomer account when appro­pri­ate.  Where a cus­tomer has mul­ti­ple accounts, an assess­ment will be made as to whether any oth­er account has been the sub­ject of poten­tial fraud.

(C) Help edu­cate the cus­tomer about appro­pri­ate steps to take if they have been victimized.

As part of the over­all Pro­gram, the Coun­ty will include oth­er legal require­ments when need­ed, such as:

(A) Fil­ing a Sus­pi­cious Activ­i­ty Report; and

(B) Imple­ment­ing any require­ments under which accounts may be cre­at­ed, changed or altered when the Coun­ty detects a fraud or active duty alert. 

Edu­cat­ing con­sumers about pre­vent­ing iden­ti­ty theft and iden­ti­fy­ing poten­tial pre­text calls may help reduce their vul­ner­a­bil­i­ty to these fraud­u­lent prac­tices.  The Coun­ty will have brochures avail­able to con­sumers and an iden­ti­ty theft pre­ven­tion sec­tion on the County’s web­site that describes pre­ven­ta­tive mea­sures con­sumers can take to avoid becom­ing vic­tims of these types of fraud.

The Coun­ty staff respon­si­ble for imple­ment­ing the Pro­gram will be trained to rec­og­nize and detect Red Flags and prop­er­ly react to unau­tho­rized or fraud­u­lent attempts to obtain cus­tomer infor­ma­tion.  The Coun­ty directs the Pro­gram Admin­is­tra­tor to con­duct annu­al train­ing for all employ­ees regard­ing iden­ti­ty theft and to sup­ple­ment that train­ing through­out the year as more schemes are uncovered.

The Coun­ty will over­see any ser­vice provider who per­forms an activ­i­ty in con­nec­tion with one or more cov­ered accounts.  The Coun­ty will take steps to ensure that the activ­i­ty of the ser­vice provider is con­duct­ed in accor­dance with rea­son­able poli­cies and pro­ce­dures designed to detect, pre­vent, and mit­i­gate the risk of Iden­ti­ty Theft and require the ser­vice provider to report any Red Flag to the Pro­gram Admin­is­tra­tor. 

(A) The ulti­mate over­sight of the pro­gram is the Coun­ty Com­mis­sion­ers.  The Coun­ty Com­mis­sion­ers have assigned spe­cif­ic respon­si­bil­i­ty for the Program’s imple­men­ta­tion to the Pro­gram Administrator.

(B) The Pro­gram Admin­is­tra­tor will report to the Coun­ty Com­mis­sion­ers, at least annu­al­ly, on com­pli­ance by the Coun­ty with all iden­ti­ty theft issues.

(C) The report will address mate­r­i­al mat­ters relat­ed to the Pro­gram and eval­u­ate issues such as:

  1. The effec­tive­ness of the poli­cies and pro­ce­dures of the Coun­ty in address­ing the risk of iden­ti­ty theft in con­nec­tion with the open­ing of cov­ered accounts and with respect to exist­ing cov­ered accounts;
  2. Ser­vice provider arrangements;
  3. Sig­nif­i­cant inci­dents involv­ing iden­ti­ty theft and management’s response; and
  4. Rec­om­men­da­tions for mate­r­i­al changes to the Program.

The Coun­ty Com­mis­sion­ers will take any addi­tion­al steps nec­es­sary to sup­port this pro­gram. 

he Coun­ty will peri­od­i­cal­ly review and update this pol­i­cy (includ­ing the Red Flags deter­mined to be rel­e­vant) to reflect changes in risks to cus­tomers or to the safe­ty and sound­ness of the Coun­ty from iden­ti­ty theft, based on fac­tors such as:

(A) Expe­ri­ences with iden­ti­ty theft;

(B) Changes in meth­ods of iden­ti­ty theft;

(C) Changes in meth­ods to detect, pre­vent, and mit­i­gate iden­ti­ty theft;

(D) Changes in the types of accounts or ser­vices that the Coun­ty offers or main­tains; and

(E) Changes in our busi­ness arrange­ments, includ­ing ser­vices pro­vid­ed and ser­vice provider arrangements.

After con­sid­er­ing these fac­tors, the Pro­gram Admin­is­tra­tor will deter­mine whether changes to the Pro­gram, includ­ing the list­ing of Red Flags, are war­rant­ed.  If war­rant­ed, the Pro­gram Admin­is­tra­tor will update the Pro­gram or present the Coun­ty Com­mis­sion­ers with his or her rec­om­mend­ed changes, and the Coun­ty Com­mis­sion­ers will make a deter­mi­na­tion of whether to accept, mod­i­fy or reject those changes to the Program.

If a notice of change of address for an exist­ing account is received and then with­in thir­ty (30) days a request for a change to the account is made, the Coun­ty will assess the valid­i­ty of the change of address or request­ed change to the account.

In order to pre­vent and mit­i­gate Iden­ti­ty Theft, the Coun­ty will pro­vide appro­pri­ate respons­es to the fol­low­ing Red Flags:

(A) Alerts, Noti­fi­ca­tions or Warn­ings from a Con­sumer Report­ing Agency.

  1. A fraud or active duty alert is includ­ed with a cred­it report.
  2. A cred­it report­ing agency pro­vides a notice of cred­it freeze in response to a request for a cred­it report.
  3. A cred­it report­ing agency pro­vides a notice of address discrepancy.
  4. Receiv­ing a report of fraud with a cred­it report.
  5. Receiv­ing indi­ca­tion from a cred­it report of activ­i­ty that is incon­sis­tent with a customer’s usu­al pat­tern or activity.

(B) Sus­pi­cious Documents.

  1. Doc­u­ments pro­vid­ed for iden­ti­fi­ca­tion appear to have been altered, forged or unauthentic.
  2. The pho­to­graph or phys­i­cal descrip­tion on the iden­ti­fi­ca­tion is not con­sis­tent with the appear­ance of the appli­cant or per­son pre­sent­ing the identification.
  3. Receiv­ing oth­er doc­u­men­ta­tion with infor­ma­tion that is not con­sis­tent with exist­ing cus­tomer infor­ma­tion (such as if a person’s sig­na­ture on a check appears forged).
  4. Receiv­ing an appli­ca­tion for ser­vice that appears to have been altered or forged.

(C) Sus­pi­cious Per­son­al Iden­ti­fy­ing Information.

  1. The per­son open­ing the cov­ered account or the cus­tomer fails to pro­vide all required per­son­al iden­ti­fy­ing infor­ma­tion on an appli­ca­tion or in response to noti­fi­ca­tion that the appli­ca­tion is incomplete.
  2. Per­son­al iden­ti­fy­ing infor­ma­tion pro­vid­ed is not con­sis­tent with per­son­al iden­ti­fy­ing infor­ma­tion that is on file with the County.
  3. A person’s iden­ti­fy­ing infor­ma­tion is the same as shown on oth­er appli­ca­tions found to be fraudulent.
  4. A person’s iden­ti­fy­ing infor­ma­tion is con­sis­tent with fraud­u­lent activ­i­ty (such as an invalid phone num­ber or fic­ti­tious billing address).
  5. A person’s social secu­ri­ty num­ber is the same as anoth­er customer’s social secu­ri­ty number.
  6. A person’s address or phone num­ber is the same as that of anoth­er person.
  7.  A person’s iden­ti­fy­ing infor­ma­tion is not con­sis­tent with oth­er infor­ma­tion the cus­tomer provides.

(D) Unusu­al Use of, or Sus­pi­cious Activ­i­ty Relat­ed to, the Cov­ered Account.

  1. A change of address for a cov­ered account fol­lowed by the Coun­ty receiv­ing a request for the addi­tion of autho­rized users on the account or adding oth­er parties.
  2. A cov­ered account that has been inac­tive and then becomes active.
  3. Pay­ments stop on an oth­er­wise con­sis­tent­ly up-to-date account.
  4. Mail sent to the cus­tomer is returned repeat­ed­ly as unde­liv­er­able although trans­ac­tions con­tin­ue to be con­duct­ed in con­nec­tion with the customer’s cov­ered account.
  5. The Coun­ty is noti­fied of unau­tho­rized charges or trans­ac­tions in con­nec­tion with a customer’s cov­ered account.
  6. A new account is used in a man­ner con­sis­tent with fraud (such as the cus­tomer fail­ing to make the first pay­ment, or mak­ing the ini­tial pay­ment and no oth­er payments).
  7. An account being used in a way that is not con­sis­tent with pri­or use (such as late or no pay­ments when the account has been time­ly in the past).
  8. The Coun­ty receives notice that a cus­tomer is not receiv­ing his/her paper statements.

(E) Notice From Cus­tomers, Vic­tims of Iden­ti­ty Theft, Law Enforce­ment Author­i­ties, or Oth­er Per­sons Regard­ing Pos­si­ble Iden­ti­ty Theft in Con­nec­tion with Cov­ered Accounts Held by the County.

  1. The Coun­ty is noti­fied by a cus­tomer, a vic­tim of iden­ti­ty theft, a law enforce­ment author­i­ty, or any oth­er per­son that it has opened a fraud­u­lent account for a per­son engaged in iden­ti­ty theft.
  2. Should any of the above instances of sus­pi­cious activ­i­ty that could be iden­ti­ty theft occur, the Coun­ty will take imme­di­ate actions to either pre­vent or mit­i­gate the situation.

In order to detect any of the Red Flags iden­ti­fied above with the open­ing of a new account, Coun­ty per­son­nel will take the fol­low­ing steps to obtain and ver­i­fy the iden­ti­ty of the per­son open­ing the account:

Steps can include:

  • Requir­ing cer­tain iden­ti­fy­ing infor­ma­tion such as name, date of birth, res­i­den­tial or busi­ness address, prin­ci­pal place of busi­ness for an enti­ty, social secu­ri­ty num­ber, driver’s license or oth­er identification.
  • Ver­i­fy­ing the customer’s iden­ti­ty, such as by copy­ing and review­ing a driver’s license or oth­er iden­ti­fi­ca­tion card.
  • Review­ing doc­u­men­ta­tion show­ing the exis­tence of a busi­ness entity.
  • Inde­pen­dent­ly con­tact­ing the customer.

In order to detect any of the Red Flags iden­ti­fied above for an exist­ing account, Coun­ty per­son­nel will take the fol­low­ing steps to mon­i­tor trans­ac­tions with an account:

Steps can include:

  • Ver­i­fy­ing the iden­ti­fi­ca­tion of cus­tomers if they request infor­ma­tion (in per­son, via tele­phone, via fac­sim­i­le, via e‑mail).
  • Ver­i­fy­ing the valid­i­ty of requests to change billing addresses.
  • Ver­i­fy­ing changes in bank­ing infor­ma­tion giv­en for billing and pay­ment purposes.

Respons­es to these Red Flags are com­men­su­rate with the degree of risk posed based on the County’s risk assessment.

  • Appro­pri­ate respons­es may include the following:
  • Com­plete ver­i­fi­ca­tion of iden­ti­fi­ca­tion for fraud, active duty, cred­it freeze or address dis­crep­an­cy alert for any of these types of alerts found on a con­sumer cred­it report when apply­ing for services;
  • Mon­i­tor­ing a cov­ered account for evi­dence of iden­ti­ty theft or sus­pi­cious activ­i­ty by plac­ing on the County’s watch list;
  • Con­tact­ing the customer;
  • Chang­ing any pass­words, secu­ri­ty codes, or oth­er secu­ri­ty devices that per­mit access to a cov­ered account;
  • Reopen­ing a cov­ered account with a new account number;
  • Not open­ing a new cov­ered account;Closing an exist­ing cov­ered account;
  • Not attempt­ing to col­lect on a cov­ered account or not send­ing a cov­ered account to a debt collector;
  • Noti­fy­ing law enforce­ment; or
  • Deter­min­ing that no response is war­rant­ed under the par­tic­u­lar circumstances.

The Coun­ty is com­mit­ted to detect­ing sit­u­a­tions in which iden­ti­ty theft might have or may have occurred.

A “Red Flag” is a pat­tern, prac­tice or spe­cif­ic activ­i­ty that indi­cates the pos­si­ble exis­tence of Iden­ti­ty Theft.  In order to iden­ti­fy rel­e­vant Red Flags, the Coun­ty con­sid­ered risk fac­tors such as the types of accounts that it offers and main­tains, the meth­ods it pro­vides to open its accounts, the meth­ods it pro­vides to access its accounts and its pre­vi­ous expe­ri­ences with Iden­ti­ty Theft.

Iden­ti­ty Theft will be com­bat­ed by detect­ing Red Flags in con­nec­tion with the open­ing of cov­ered accounts and exist­ing cov­ered accounts, such as by:

(A) Obtain­ing iden­ti­fy­ing infor­ma­tion about, and ver­i­fy­ing the iden­ti­ty of, a per­son open­ing a cov­ered account.

(B) Authen­ti­cat­ing cus­tomers’ trans­ac­tions, includ­ing pho­to ID if nec­es­sary, plus pos­si­ble addi­tion­al ver­i­fi­ca­tion meth­ods such as a user ID and password.

(C) Mon­i­tor­ing trans­ac­tions with empha­sis on a change of address close­ly fol­lowed by a new ser­vice request or a mate­r­i­al change in a customer’s cred­it use.

(D) Ver­i­fy­ing the valid­i­ty of change of address requests, in the case of exist­ing cov­ered accounts in order to mon­i­tor the diver­sion of state­ments as a pre­lude to pos­si­ble account manipulation.

While the over­all risk of iden­ti­ty theft involv­ing the Coun­ty appears low, the Coun­ty will focus on detec­tion and pre­ven­tion from iden­ti­ty theft on the fol­low­ing cov­ered accounts: accounts to indi­vid­ual cus­tomers; all of the County’s accounts that are indi­vid­ual util­i­ty ser­vice accounts held by cus­tomers of the util­i­ty whether res­i­den­tial, com­mer­cial or indus­tri­al; any account the Coun­ty offers or main­tains pri­mar­i­ly for per­son­al, fam­i­ly or house­hold pur­pos­es that involves mul­ti­ple pay­ments or trans­ac­tions; and any oth­er account for which there is a rea­son­ably fore­see­able risk to cus­tomers or to the safe­ty and sound­ness of the Coun­ty from Iden­ti­ty Theft, as well as auto­mat­ic deposits to the accounts of the Coun­ty employ­ees.  There will be a peri­od­ic review to deter­mine if the cov­ered accounts are still accu­rate due to any changes such as changes of address or oth­er changes which may occur relat­ing to an account.

Each type of cov­ered account will be exam­ined and reviewed for rel­e­vant Red Flags in part by considering:

(A) The meth­ods pro­vid­ed to open cov­ered accounts;

(B) The meth­ods pro­vid­ed to access cov­ered accounts; and

(C) Pre­vi­ous expe­ri­ences with iden­ti­ty theft.

As part of the process, the Coun­ty will con­sid­er the rel­e­vant Red Flags pro­vid­ed by the reg­u­la­to­ry guid­ance, as well as inci­dents of iden­ti­ty theft that the Coun­ty and/or the Coun­ty cus­tomers have expe­ri­enced and applic­a­ble super­vi­so­ry guidance.

The Coun­ty is com­mit­ted to com­ply with the Fed­er­al Fair and Accu­rate Cred­it Trans­ac­tions Act of 2003, as well as pro­vide cus­tomers, par­tic­u­lar­ly cus­tomers with util­i­ty accounts, the max­i­mum iden­ti­ty theft pro­tec­tion pos­si­ble.  Sit­u­a­tions that lead to iden­ti­ty theft would hurt and incon­ve­nience the County’s cus­tomers, while at the same time dam­age the County’s rep­u­ta­tion and place the Coun­ty at risk for loss­es.  The Coun­ty devel­oped this Iden­ti­ty Theft Pre­ven­tion Pol­i­cy with the over­sight and approval of the Coun­ty Com­mis­sion­ers after con­sid­er­ing the size and com­plex­i­ty of the County’s oper­a­tions and account sys­tems and the nature and scope of the County’s activities.

(A) Exam­ples of Iden­ti­ty Theft.

  1. An iden­ti­ty thief uses anoth­er person’s social secu­ri­ty num­ber to open a util­i­ty account.
  2. An iden­ti­ty thief uses a victim’s infor­ma­tion to obtain unau­tho­rized ser­vices from the County.
  3. An iden­ti­ty thief opens a util­i­ty account using a victim’s name and good credit.
  4. An iden­ti­ty thief files for bank­rupt­cy using a victim’s name.
  5. An iden­ti­ty thief gives a victim’s name as his/her own when arrest­ed by police.