Nextran / Red Flags and Privacy Policy (00687077)
Total Page:16
File Type:pdf, Size:1020Kb
NEXTRAN CORPORATION
RED FLAGS IDENTITY THEFT PREVENTION PROGRAM AND PRIVACY POLICY
JANUARY 2010
The Board of Directors of Nextran Corporation (the “Corporation”) approved this Red Flags Identity Theft Prevention Program and Privacy Policy (“Program”) at a duly held meeting on January 29, 2010. The Program was developed in order to comply with the Federal Trade Commission’s Identity Theft Prevention Red Flags Rule (16 CFR § 681.2). This Program has been created after conducting an assessment of risk of Identity Theft associated with certain Covered Accounts, as defined below, offered by the Corporation.
I. Definitions
For purposes of the Program, the following terms are defined as:
“Covered Account” means any account Corporation offers or maintains on behalf of its clients or customers, that involves multiple payments or transactions, including one or more deferred payments, or any other account the Corporation identifies as having a reasonably foreseeable risk to customers or to the safety and soundness of the Corporation from Identity Theft.
“Identity Theft” means fraud committed using the identifying information of another person or entity;
“Red Flag” means a pattern, practice, or specific activity that indicates the possible existence of Identity Theft
II. Program Purposes
The purposes of the Program are to:
1) Identify the relevant Red Flags based on the risk factors associated with the Corporation’s covered accounts; 2) Institute policies and procedures for detecting Red Flags; 3) Identify steps the institution will take to prevent and mitigate Identity Theft; and 4) Create a system for regular updates and administrative oversight to the Program.
III. Identification of Red Flags
The Identity Theft Red Flags Mitigation and Resolution Procedures (Appendix A) identifies the Red Flags that would be most relevant to the Corporation. The Red Flags generally fall within one of the following general types of Red Flags:
1) Suspicious documents; 2) Suspicious personal identifying information; 3) Suspicious or unusual use of Covered Account; and 4) Alerts from others (e.g. customer, Identity Theft victim, or law enforcement)
IV. Detection of Red Flags
In order to facilitate detection of the Red Flags identified in Appendix A, the Corporation’s accounting, financial and customer service staff will take the following steps to obtain and verify the identity of the person or entity with a Covered Account.
A. New Customers or Accounts 1) Require identifying information (e.g., full name, date of birth, address, government issued identification, social security number, etc.); if the new customer is an entity, require identifying information for the entity (e.g., proper legal name of entity, tax identification number, primary business address, etc.) 2) If possible, verify information with appropriate authority (e.g., via copy of driver’s license, Florida Secretary of State records, etc.) 3) When appropriate, running of credit check prior to issuance of new account
B. Existing Accounts 1) Verify validity of requests for changes of billing address 2) Verify identification of customers before giving out any personal information (e.g., via security password associated with account or confirming multiple pieces of information relating to account, such as address and phone number)
V. Preventing and Mitigating Identity Theft
In order to prevent and mitigate the effects of Identity Theft, staff will follow the appropriate steps identified in the attached Identity Theft Red Flags Mitigation and Resolution Procedures (Appendix A).
VI. Program Administration
The Corporate Controller is responsible for developing, implementing, administering and updating the Program. This individual will be responsible for developing a training program for staff as responsible for or having a role in implementing the Program.
VII. Service Provider Arrangements
Corporation will require, by contract, that service providers that perform activities in connection with Covered Accounts have policies and procedures in place designed to detect, prevent and mitigate the risk of Identity Theft with regard to the Covered Accounts.
VII. Updating of Program
The Corporate Controller will periodically review the effectiveness of the Program and update the Program to reflect the addition or removal of Covered Accounts, and changes in risks to customers or Covered Account holders from Identity Theft.
VII. Privacy of Information
Below are frequently asked questions relating to the privacy of information collected by the Corporation, and official Corporation responses to such questions. What information does the Corporation collect?
We collect information from you when you complete a credit application or finance application, or purchase goods and services from Nextran.
What does the Company use your information for?
Any of the information we collect from you may be used in one of the following ways:
To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
To process transactions o Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested by the customer.
To send periodic emails o The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.
How does the Company protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you access your personal information.
Does the Company use cookies?
We do not use cookies.
Does the Company disclose information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
Third party links
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Attachment A Relevant Identity Theft Red Flags Mitigation and Resolution Procedures
IDENTITY THEFT PREVENTION/MITIGATION RESOLUTION OF RED FLAG RED FLAG PROCEDURE Documents provided for Stop the process of establishing new Additional documentation identification appear to have Covered Account and require applicant must be provided to resolve been altered or forged; or to provide additional satisfactory discrepancy and continue identifying information information to verify identity; if an process of establishing new provided by customer is not existing Covered Account, contact a Covered Account; or contact consistent with other person in position of authority with person with existing Covered personal identifying customer that can verify documents Account must verify information (e.g., SSN does and/or identification. documents and/or not match up with date of identification. birth).
The identifying information Stop the admissions/billing process and Additional documentation provided by a new customer require applicant to provide additional must be provided to resolve is the same as that submitted satisfactory information to verify discrepancy and continue by other persons opening an identity. admissions/billing process. account or existing customers.
Complaint/inquiry from an Investigate complaint, interview Terminate all activity relating individual or customer individuals as appropriate to Covered Account until based on receipt of: identity has been accurately -Bill for another individual resolved; refuse to continue or customer attempting to collect on the -Bill for a product or service account until identity has been that the was not received or resolved. requested -Any other like complaint Notify law enforcement as appropriate.
If the results of the investigation do not indicate fraud, all contact and identifying information is re- verified with customer. Complaint/inquiry from a Investigate complaint, interview Terminate all activity relating customer about information individuals as appropriate to Covered Account until added to a credit report by identity has been accurately Corporation resolved; refuse to continue attempting to collect on the account until identity has been resolved.
Notify law enforcement as appropriate.
If the results of the investigation do not indicate fraud, all contact and identifying information is re- verified with customer.
Mail sent to the customer is Skip-tracing procedures are used to find Customer is found and contact returned repeatedly as the current mailing address. information is updated. undeliverable although transactions continue to be conducted in connection with the customer’s Covered Account.
Corporation is notified by a Investigation to determine if billing was Additional documentation customer, a victim of made fraudulently. must be provided to resolve identity theft, a law discrepancy and continue any enforcement authority, or processing or transactions any other person that it has relating to allegedly fraudulent opened a fraudulent account Covered Account. for a person engaged in identity theft. Notify law enforcement as appropriate.
If the results of the investigation do not indicate fraud, all contact and identifying information is re- verified with customer.
06e494da98a6ef032e41565579c731b9.doc