SCH Identity Theft Policy
PROCEDURE: The Institution has established specific verification procedures to guide employees in confirming a customers' identity before establishing a new account or releasing customer information. The Institution's procedures involve a combination of positive, logical and negative verification procedures.
The following is a brief review of the Institution's efforts with respect to customer identification methods:
POSITIVE VERIFICATION
Positive verification procedures involve the comparison of information provided to information maintained by third parties (for new accounts) or Institution systems (existing customers). As an example, an identity thief may provide the true name of an individual and a correct phone number, but an erroneous address. The Institution could detect this discrepancy by checking the address information contained in the institution's customer information file. Another example includes contacting an applicant's employer. An identity thief may provide the name of the legitimate employer, but may not provide the correct telephone number. The institution should not rely on the number provided but instead should use the phone book or the internet white/yellow pages directory to independently verify the telephone number.LOGICAL VERIFICATION
Logical identification procedures access the consistency of information provided on an application, and may reveal inconsistencies provided by an applicant. For example, the institution can verify if the telephone area code provided on the application corresponds to the address provided or whether a customer lives or works near the branch. Inconsistent information does not automatically indicate fraud. As an example, a customer may use a cell phone that is assigned to a different area code than the customer's home address. As such, the Institution should inquire regarding the inconsistency to determine if the information provided appears reasonable.NEGATIVE VERIFICATION
Negative verification procedures ensure that information provided on an application has not previously been associated with fraudulent activity. Reviewing credit reports for fraud indicators is a form of negative verification.In the event of suspicion of identity theft of a institution customer, the following action(s) may be taken:
1. Monitoring an account for evidence of identity theft;2. Contacting the customer;
3. Changing any passwords, security codes or other security devices that permit access to an account;
4. Reopening an account with a new account number;
5. Not opening a new account;
6. Closing an existing account;
7. Notifying law enforcement; or
8. Determining that no response is warranted under the particular circumstances.
Before the Institution provides any information to the alleged victim, the institution must require "proof of positive identification" from the alleged victim. There is an exception if the Institution, at its discretion, has a "high degree of confidence that it knows" the identity of the alleged victim, as would be very likely in a community the size of Sabetha.
PROOF OF IDENTITY INCLUDES:
A government issued I.D. card; or
A government issued I.D. card; orPersonally identifying information of the same type that the Institution typically request from new applicants or for new transactions.
In the event proof of positive identity of the victim (actual patient) is made, Institution personnel should:
Provide the Medical identity Theft Protection sheet to the customer.
Notify administration who may contact the authorities.
The employee/patient will also be referred to the Institution's Privacy & Security Compliance Program Policy for additional guidance.