Fayetteville Policies and Procedures  313.5 

Identity Theft Prevention Program (Red Flag Detection and Response)

Background and Scope

In November 2007, the Federal Trade Commission, the federal bank regulatory agencies, and the National Credit Union Administration, published a joint notice of final rulemaking in the Federal Register (72 FR 63718) finalizing the Identity Theft Red Flags regulation and guidelines. The Red Flags Rule (“the Rule”), promulgated pursuant to the Fair and Accurate Credit Transactions Act of 2003, requires financial institutions and creditors to develop and implement a written “identity theft prevention program.”

The University of Arkansas is covered by the Rule, and the University of Arkansas Board of Trustees approved an Identity Theft Prevention Program (“Program”) on April 17, 2009 for the University of Arkansas System.

The Program requires each University of Arkansas campus to identify relevant Red Flags for new and existing covered accounts and incorporate those Red Flags into a campus program; detect Red Flags that have been incorporated into the program; respond appropriately to any Red Flags that are detected in order to seek to prevent and mitigate Identity Theft; and ensure the campus program is updated periodically to reflect changes in risks to students or to the safety and soundness of the student from Identity Theft.

This policy acknowledges the establishment of a campus Identity Theft Prevention Plan as directed by the Board of Trustees.

For purposes of this policy, the following terms are defined:

Identity Theft
A fraud committed or attempted using the identifying information of another person without authority.

Red Flag
A pattern, practice, or specific activity that indicates the possible existence of Identity Theft.

Covered Account
Any consumer account, establishing an ongoing relationship primarily for personal purposes, designed to obtain a product or service that permits multiple payments or transactions, or for which there is otherwise a foreseeable risk of Identity Theft.


Any unit with activities that are considered covered accounts under the Red Flag Rule must implement the campus Identity Theft Prevention Plan and complete the training program. The Campus Plan Administrator will distribute a copy of the campus plan to all unit directors, along with a questionnaire to assist with identifying covered accounts or other activities subject to the Red Flag rule. Persons with concerns regarding potential identity theft in connection with University operations should contact the office of the Associate Vice Chancellor for Financial Affairs.

Reformatted for Web April 3, 2014
August 23, 2010