Red Flag Policy

Identity Theft Prevention Program

Purpose

To establish an Identity Theft Prevention Program desgined to detect, prevent and mitigate identity theft in commection with the opening of a covered account or existing covered account and to provide for continued administration of the Program in compliance with Part 681 of Title 16 of the Code of Federal Regulations implementing Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003.

Definitions

Identity theft means fraud committed or attempted using the identifying information of another person without authority.

A covered account means:

  • An account that a financial instiution or creditor offers and maintains, primarily for personal, family or household purposes that involves or is designed to permit multiple payments or transactions.  Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts and savings accounts; and
  • Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or litigation risks.



A red flag means a pattern, practice or specific activity that indicates the possible existence of identity theft.


The Salon Professional Academy’s Identity Theft Prevention Program

The Salon Professional Academy has established an Identity Theft Prevention Program to detect, prevent and mitigate identity theft.  This program includes policies and procedures to:

  • Identify red flags which are relevant to covered accounts we maintain and incorporate them into the program;
  • Detect red flags which have been incorporated into the program;
  • Appropriately respond to any red flags that are detected to prevent and mitigate identity theft; and
  • Ensure regular updates to the program to reflect any changes in risks to customers and the safety and soundness of the creditor from identity theft.



Administration of the Program

  • The administration team of The Salon Professional Academy will be responsible for developing, implementing, overseeing and continually administering the program.
  • The administrative team will train staff and students, as appropriate, to effectively implement the program.
  • The administrative team will provide appropriate and effective oversight of service provider arrangements.



Identification of Red Flags

  • The program will include red flags from the following categories, as appropriate:
    • Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services;
    • Presentation of suspicious documents;
    • Presentation of suspicious personal identifying information;
    • Unusual use or other suspicious activity related to a covered account;
    • Notice from customers, victims, law enforcement or other persons regarding possibility of identity theft as related to covered accounts.
  • The program will consider the following risk factors in identifying red flags for covered areas as appropriate:
    • The types of covered accounts offered or maintained;
    • The methods provided to open covered accounts;
    • The methods provided to access covered accounts;
    • Its previous experience with identity theft.
  • The program will incorporate red flags from sources such as:
    • Incidents of identity theft previously experienced;
    • Methods of identity theft that reflects changes in risks; and
    • Applicable supervisory guidance.



Detection of Red Flags

The program will address the detection of red flags in connection with the opening of covered accounts and existing covered accounts, such as by:

  • Obtaining identifying information about, and verifying the identity of, a person opening a covered account; and
  • Authenticating customers, monitoring transactions, and verifying the validity of change of address requests in the case of existing covered accounts.



Response
The program will provide for appropriate responses to detected red flags to prevent and mitigate identity theft.  The response will be commensurate with the degree of risk posed.  Appropriate responses may include:

  • Monitor a covered account for evidence of identity theft;
  • Contact the customer;
  • Change any passwords, security codes or other security devices that permit access to a covered account;
  • Reopen a covered account with a new account number;
  • Not open a new covered account;
  • Close an existing covered account;
  • Notify law enforcement; or
  • Determine no response is needed under the particular circumstances.



Updating the Program

The program will be updated periodically to reflect changes in risks to customers or to the safety and soundness of the organization from identity theft based on factors such as:

  • The experiences of the organization with identity theft;
  • Changes in methods of identity theft;
  • Changes in methods to detect, prevent and mitigate identity theft;
  • Changes in the types of accounts offered or maintained;
  • Changes in the business arrangements.



Oversight of the Program

The oversight of the program will include:

  • Assignment of specific responsibilities to implement the program;
  • Review of information prepared by staff regarding compliance; and
  • Approval of material changes to the program as necessary to address changing risks of identity theft.



Reports will be prepared as follows:

  • The staff member(s) responsible for developing, implementing and administering the Program will report directly to Sue Kolve-Feehan, Owner/Director.  These reports will be prepared at least once annually.
  • The reports will address material matters related to the Program and evaluate further issues, such as:
    • Effectiveness of the policies and procedures addressing the risk of identity theft in connection with opening covered accounts and existing covered accounts.
    • Service provider agreements.
    • Significant incidents involving identity theft and management’s response.
    • Recommendations for changes to the Program.



Oversight of Service Provider Arrangements
The Salon Professional Academy will take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures which are designed to detect, prevent and mitigate the risk of identity theft whenever the organization engages a service provider to perform an activity in connection with one or more covered accounts.

Duties Regarding Address Discrepancies

The Salon Professional Academy will develop policies and procedures designed to enable the organization to form a reasonable belief that a credit report relates to the consumer for whom it was requested if the organization receives a notice of address discrepancy from a nationwide consumer reporting agency indicating the address given by the consumer differs from the address contained in the consumer report.

The Salon Professional Academy may reasonably confirm that an address is accurate by any of the following methods:

  • Verification of the address with the consumer
  • Review of utility records
  • Verification through third-party sources
  • Other reasonable means



If an accurate address is confirmed, The Salon Professional Academy will furnish the consumer’s address to the nationwide consumer reporting agency from which it received the notice of discrepancy if:

  • A continuing relationship with the consumer is established
  • In the regular course of business, information is furnished to the consumer reporting agency.

 

Privacy Policy | Terms & Conditions

© 2011