Student Financial Services understands the importance of preventing and detecting identity theft, and subsequent support the victim may need in helping to report, repair, and respond to such a crime. To assist in the prevention of identity theft, Student Financial Services will:
- Make sure the door to the Cashier’s Office is locked at all times. Only authorized employees are permitted in the Cashier’s Office.
- Make every effort to secure customer information during times when their desk/office is unattended.
- Make sure all external office doors are locked before the last person leaves the premises.
- Shred all sensitive information and screen prints of student’s account information as a form of destruction.
As a result, Student Financial Services has identified the following activities that have the greatest potential of creating risk to unsuspecting victims as it relates to identity theft. Student Financial Services clearly identifiable red flags are:
While the Registrar’s Office is solely responsible for maintaining the accuracy and security of student addresses, Student Financial Services from time to time receives updated address information, especially from third party collection agencies. Student Financial Services policy when receives request to update a student’s address is (1) if received from a student, refer all correspondence to the Registrar’s Office and (2) if receive information from a 3rd party such as a collection agency, file information with Account Receivable Supervisor but do not refer information to the Registrar’s Office. Under no circumstances will a student’s account be updated unless a Change of Address Form is completed and submitted to the Registrar’s Office.
Address changes received by the Registrar’s Office are received through several channels:
- The first channel for address changes is through a walk-in, face-to-face interaction with an employee of the Registrar’s Office. A change of address is initiated by the staff member providing the student with a Change of Address Form. The student then completes the form indicating their new address. However, before this Form is completed, positive photo identification is made of the person standing in front of the staff member. The Change of Address Form is then used to update the student’s record. Risk of identity theft is minimal since the photo identification must match the student requesting the address change.
- A second channel that can be used in the Registrar’s Office to implement an address change is through e-mail or fax. At times, upon sending out correspondence, i.e. refund checks, some envelopes are returned with a new address indicated on the front of the envelope. The student may be contacted to complete a Change of Address Form. The Registrar’s Office will accept a request through e-mail or fax as long as a photo identification is included that matched the student requesting the address change. This address is then updated the student’s record and the correspondence is resent. The risk of identity theft is minimal in this case due to the fact that the correspondence is usually initiated by the University.
- The Registrar’s Office does not accept address changes by telephone.
Financial Aid Disbursement
There is potential risk to the University if a student enrolled using someone else’s identity, registers for classes, be awarded financial aid (this would mean the “student” completed the FAFSA) took the overpayment of financial aid (a refund check) and then dropped all of their classes.
Reporting Identity Theft
In the event identity theft occurs and/or reported to the Student Financial Service’s Office, the following procedures will be followed:
- The staff member/student worker will notify their supervisor immediately.
- The staff member/student worker and the victim will brief a brief description of what took place, citing transactions, dates, amounts and other documentation that is available.
- The supervisor will notify the Program Administrator.
- Student Financial Services will support the student by assisting them in contacting creditors, credit bureaus and other department with the University community.
Student Financial Services full time staff and part time student workers have been informed of the Red Flag Rule, our areas of vulnerability, what to watch out for, and what to do in case identity theft occurs and is reported.
Student Financial Services Policy and Procedures for the Rule
It will be the policy of Student Financial Services to:
- Verify identification for any student, faculty, or staff requesting services. The identification should be scrutinized to verify that it has not been altered or forged.
- Verify that the picture on the identification provided matches the appearance of the customer presenting the identification.
- Verify that the information on the identification is consistent with other information on file at the University, particularly on the customer’s account.
- Verify that requests for information updates have not been altered or forged, or that the paperwork gives the appearance of having been destroyed and reassembled.
- Not share any more information with a customer than is documented in the student system if there is a full FERPA restriction on the account. If additional information is requested, the student should be forwarded to the Registrar’s office for assistance.
- Report to supervisor without assisting the customer if the UID provided is the same as that submitted by another customer.
- Report to supervisor if an account is used in a manner not consistent with regular patterns of activity, i.e. if a student receives more than one Short Term loan at a time, or over the period of one term.
- Attempt to contact the student if mail is returned twice as undeliverable although transactions continue to be conducted with their account.
- Notify Account Receivable Supervisor when address information received from 3rd party collection agency is different from mailing address in student system.
- Investigate and verify the correctness of unauthorized charges or transactions assessed by Student Financial Services in connection with a customer’s account. If there are questions regarding the correctness of departmental charges, refer them on to the appropriate department for resolution.
- Notify the Program Administrator immediately if the University is notified by a student, a victim of identity theft, a law enforcement authority, or any other person that it has opened, discovered, or manipulated a fraudulent account for a person engaged in identity theft.
- Not provide any information to an individual claiming to be the victim of identity theft without first contacting Program Administrator. If a student needs assistance of this type, the request must be in writing with detailed information requested as well as proof of positive identification and proof of claim of identity theft (police report or FTC affidavit of identity theft).
- Ensure that customers who call are not given information on an account if they cannot provide the UID and customer name. Be cautious about callers who attempt to get financial information without providing any substantive knowledge about the account.
- Student Financial Services staff should not respond to any questions from customers related to any medical type services, specifically the Wellness Center or Psychiatric Services. All calls of this type should be immediately referred to the phone number of the department in question.
Oversight, Training, Third Party Compliance and Update
Due to the sensitive nature of this topic, the Manager of each area within Student Financial Services will maintain responsibility for the implementation and ongoing support of this regulation. Training for Red Flag will be conducted annually along with other compliance training affecting Student Financial Services. This training will be conducted at Staff Meeting and is mandatory for all staff. If students or staff are not able to attend in Staff Meeting, the Managers will update their staff when they are available.
Currently there are no Third Party contracts in Student Financial Services that need updating with compliance verbiage, nor are there vendors that need to report compliance.
This policy will be updated at least annually based on new processes and procedures.
Social Security Number Policy Office of the Bursar
Based on Social Security Number (SSN) legislation the Bursar's Office at Florida Gulf Coast University may still collect and use SSN's on a limited basis. Per F.S. 119.071(6)(b) SSN's can be supplied if it is necessary for the receiving agency to perform its duties or responsibilities. The FGCU Bursar's Office may use SSN's for the following activities:
- Florida Prepaid Billing
- Third Party Billing
- Third Party Collections
- Student Tax Documents (1098-T, 1042-S)