Red Flag Identity Theft Prevention

Date of original implementation: June 14, 2010

Date of Last Revision: June 14, 2010

Summary

Cambridge College (the "College") has developed this identity theft program (the "Program") pursuant to the Federal Trade Commission's Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003. The Program was developed by the College Controller and approved by the Board of Trustees.

Purpose

The Program is designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the Program. The Program establishes procedures to:

1. Identify relevant red flags for covered accounts it offers or maintains and incorporate those red flags into the Program;

2. Detect red flags that have been incorporated into the Program;

3. Respond appropriately to any red flag that has been detected to prevent and mitigate identity theft; and

4. Ensure the Program is updated periodically to reflect changes in risks to students and employees or to the safety and soundness of the creditor from identity theft.

The Program shall, as appropriate, incorporate existing policies and procedures that control reasonably foreseeable risks.

Definitions

Identity Theft means fraud committed or attempted using the identifying information of another person without authority.

A Covered Account means (i) an account that a creditor offers or maintains, primarily for personal, family or household purposes, that involves or is designed to permit multiple payments or transactions or (ii) an account that the creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the creditor from identity theft.

A red flag is a pattern, practice or specific activity that indicates the possible existence of identity theft.

College Covered Accounts

The College has identified the following covered accounts: College administered covered accounts - Students:

1. Plus Loans (Cambridge College is part of the Federal Family Education Loan Program)

2. Stafford Loans (Cambridge College is part of the Federal Family Education Loan Program)

3. Perkins Loans — Campus Partners is the Servicing Agent

4. Department of Education Direct Loan Program

5. Deferred Tuition Payments

6. Student Accounts

Risk Assessment

For the student related College administered covered accounts listed above, the existing risk is that a fraudulent request is made for a refund on an overpaid account resulting from a loan and/or direct payment. Since the College is solely responsible for issuing refunds on these accounts, the risk resides at the College level.

The College will take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft whenever the organization engages a service provider to perform an activity in connection with one or more covered accounts. However, the processes transacted by these providers represent funds owed to the College, mitigating the risk of theft to the account holders. Additionally, the College will take steps to ensure the existence of adequate Red Flag policies and procedures enacted by these providers.

Control Procedures

As noted above, the primary risk associated with the covered accounts relates to refunds on student accounts and loan accounts. The following control procedures mitigate this risk:

Refunds due to overpayments will be administered only by the Bursar's Office. All inquiries are directed to this office only.

Checks are paid and mailed to the official name and address within the Jenzabar System or may be picked up in person. The student must provide his/her valid Cambridge College identification, a current US drivers license or valid passport when receiving the check in person. A student may not request a specific payee or address that is different from the system data.

Students must make any permanent name or address change at the Registrar's Office in Cambridge or at the Director's Office at the Regional Centers. A change in name requires the appropriate legal document subject to the specific instance, such as a marriage certificate. An address change requires official proof such as a utility bill, rental lease, mortgage, or other appropriate documentation. These changes must be updated in Jenzabar before requesting the refund.

Red Flags
The following red flags are potential indicators of fraud. Any time a red flag, or a situation closely resembling a red flag is apparent, it will be investigated. No changes will be made to a student's permanent record until the potential fraud is resolved.

1. Documents provided for identification appear to have been altered or forged;

2. The photograph or physical description on the identification is not consistent with the appearance of the student presenting the identification;

3. A request made from a non-College issued e-mail account;

4. A request to mail something to an address not listed on file; and

5. Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts.

Response to Red Flags

The program provides appropriate responses to detect red flags to prevent and mitigate identity theft. The appropriate responses to the relevant red flags are as follows:

1. Deny access to the covered account until other information is available to eliminate the Red Flag;

2. Contact the student or employee;

3. Change any passwords, security codes or other security devices that permit access to a covered account,

4. Notify law enforcement; or

5. Determine no response is warranted under the particular circumstances.

Oversight of the Program

Responsibility for developing, implementing and updating this Program resides with the College's Controller. The Controller is responsible for program administration, ensuring appropriate training of the College's staff on the Program, reviewing any staff reports regarding the detection of red flags on the identified covered accounts and the steps for preventing and mitigating Identity theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the Program.

Updating the Program

This Program will be periodically reviewed and updated to reflect changes in risks to students and the soundness of the College from identity theft related to the noted covered accounts. At least once per fiscal year, the Controller will consider the College's experiences with identity theft, changes in identity theft methods, changes in identity theft detection and prevention methods, changes in types of accounts the College maintains and changes in the College's business arrangements with other entities, as they relate to this program. After considering these factors in consultation with the Vice President for Finance and Administration, the Controller will determine whether changes to the Program, including the listing of red flags, are warranted. If warranted, the Program will be updated.

Staff Training

College staff responsible for implementing the Program shall be trained either by or under the direction of the Comptroller in the detection of red flags, and the responsive steps to be taken when a Red Flag is detected.

 

Individual Responsible for Revision and Implementation: Vice President for Finance and Administration and the Cambridge College Controller.