Red Flags

For the purposes of the Identity Theft Prevention Program, covered accounts refer to any account the University offers or maintains primarily for personal, family, or household purposes, that involves multiple payments or transactions. A covered account also includes any other accounts offered or maintained for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the University from identity theft. University departments that maintain covered accounts may include, but are not limited to, the Bursar, Student Aid, and ID+ offices. Red Flags are practices, patterns of behavior, or specific activity that includes the possible existence of identity theft. The following are relevant Red Flags which employees should be aware of and diligent in monitoring.

RED FLAG ID # DESCRIPTION OF RED FLAG UNIT EMPLOYEE ACTION STEPS UNIT SUPERVISOR ACTION STEPS
1 Consecutive IP logins from “Geographically improbable” locations.
  1. Office with covered account reviews report.
  2. Report incidents to supervisor.
  1. Notify Office of Information Security.
  2. Complete and submit an Incident Report Form at  redflags.psu.edu.
2 Same bank account used for multiple students.
  1. Office with covered account reviews report.
  2. Report the incident to supervisor.
  1. Notify Office of Information Security.
  2. Complete and submit an Incident Report Form at  redflags.psu.edu.
3 Same credit card used to make multiple payments on different student accounts.  
  1. Office with covered account reviews report.
  2. Report the incident to supervisor.
  1. Notify Office of Information Security.
  2. Complete and submit an Incident Report Form at  redflags.psu.edu.
4 Payments made to a covered account with no outstanding balance.
  1. Office with covered account reviews report.
  2. Report the incident to supervisor.
  1. Notify Office of Information Security.
  2. Complete and submit an Incident Report Form at  redflags.psu.edu.
5 Document provided for identification appears to be altered or forged.
  1. Request additional government issued ID.
  2. If second identification is satisfactory, proceed with the customer-initiated activity.
  3. If second identification is not satisfactory, do not proceed with the customer-initiated activity and report the incident to supervisor.
  1. Notify customer that the transaction cannot be processed.
  2. Collect and retain any documents for potential evidence.
  3. Complete and submit an Incident Report Form at  redflags.psu.edu.
6 Photograph on identification is inconsistent with the appearance of the customer.
  1. Request additional government issued ID.
  2. If second identification is satisfactory, proceed with the customer-initiated activity.
  3. If second identification is not satisfactory, do not proceed with the customer-initiated activity and report the incident to supervisor.
  1. Notify customer that the transaction cannot be processed.
  2. Collect and retain any documents for potential evidence.
  3. Complete and submit an Incident Report Form at  redflags.psu.edu.
7 Information on identification is inconsistent with information provided by the person.
  1. Ask customer to clarify discrepancy and provide additional government issued ID, if necessary.
  2. If explanation is satisfactory, proceed with the customer-initiated activity.
  3. If explanation is not satisfactory, do not proceed with the customer-initiated activity and report the incident to supervisor.
  1. Notify customer that the transaction cannot be processed.
  2. Collect and retain any documents for potential evidence.
  3. Complete and submit an Incident Report Form at  redflags.psu.edu.
8 An address, phone number, or email address matching that supplied by a large number of applicants/students.
  1. Office with covered account reviews report.
  2. Report the incident to supervisor.
  1. Notify Office of Information Security.
  2. Complete and submit an Incident Report Form at  redflags.psu.edu.
9 Person is unable to supply identifying information
  1. Do not proceed with the customer-initiated activity.
  2. Report the incident to supervisor.
  1. Notify customer that the transaction cannot be processed.
  2. Collect and retain any documents for potential evidence.
  3. Complete and submit an Incident Report Form at  redflags.psu.edu.
10 Suspicious address
  1. Do not proceed with the customer-initiated activity.
  2. Report the incident to supervisor.
  1. Notify customer that the transaction cannot be processed.
  2. Collect and retain any documents for potential evidence.
  3. Complete and submit an Incident Report Form at  redflags.psu.edu.