ࡱ>  g(bjbj[[ 4J99w$$$$$8888p$d8(   $`x$JJJ$$  BBBJj$ $ BJBB K @IjA^boԖ0IN؛؛؛$0+"BMibJJJJ؛ : 鶹ƵInformation TechnologyRed Flags Policy Statement Establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the Program in compliance with Part 681 of Title 16 of the Code of Federal Regulations implementing Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003. Definitions Identify theft means fraud committed or attempted using the identifying information of another person without authority. A covered account means: An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts and savings accounts; and Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or litigation risks. A red flag means a pattern, practice or specific activity that indicates the possible existence of identity theft. The Program 鶹Ƶ establishes an Identity Theft Prevention Program to detect, prevent and mitigate identity theft. The Program shall include reasonable policies and procedures to: Identify relevant red flags for covered accounts it offers or maintains and incorporate those red flags into the program; Detect red flags that have been incorporated into the Program Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and Ensure the Program is updated periodically to reflect changes in risks to customers and to the safety and soundness of the creditor from identity theft. The program shall, as appropriate, incorporate existing policies and procedures that control reasonably foreseeable risks. Administration of Program 鶹Ƶ Director of Information Technology shall be responsible for the development, implementation, oversight and continued administration of the Program. The Program shall train staff, as necessary, to effectively implement the Program; and The Program shall exercise appropriate and effective oversight of service provider arrangements. Identification of Relevant Red Flags The Program shall include relevant red flags from the following categories as appropriate: Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services; The presentation of suspicious documents; The presentation of suspicious personal identifying information; The unusual use of, or other suspicious activity related to, a covered account; and Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts. The Program shall consider the following risk factors in identifying relevant red flags for covered accounts as appropriate: The types of covered accounts offered or maintained; The methods provided to open covered accounts; The methods provided to access covered accounts; and Its previous experience with identity theft. The Program shall incorporate relevant red flags from sources such as: Incidents of identity theft previously experienced; Methods of identity theft that reflect changes in risk; and Applicable supervisory guidance. Detection of Red Flags The Program shall address the detection of red flags in connection with the opening of covered accounts and existing covered accounts, such as by: Obtaining identifying information about, and verifying the identity of, a person opening a covered account; and Authenticating customers, monitoring transactions, and verifying the validity of change of address requests in the case of existing covered accounts. Response The Program shall provide for appropriate responses to detected red flags to prevent and mitigate identity theft. The response shall be commensurate with the degree of risk posed. Appropriate responses may include: Monitor a covered account for evidence of identity theft; Contact the customer; Change any passwords, security codes or other security devices that permit access to a covered account; Reopen a covered account with a new account number; Not open a new covered account; Close an existing covered account; Notify law enforcement; or Determine no response is warranted under the particular circumstances. Updating the Program The Program shall be updated periodically to reflect changes in risks to customers or to the safety and soundness of the organization from identity theft based on factors such as: The experiences of the organization with identity theft; Changes in methods of identity theft; Changes in methods to detect, prevent and mitigate identity theft; Changes in the types of accounts that the organization offers or maintains; Changes in the business arrangements of the organization, including mergers, acquisitions, alliances, joint ventures and service provider arrangements. Oversight of the Program Oversight of the Program shall include: Assignment of specific responsibility for implementation of the Program; Review of reports prepared by staff regarding compliance; and Approval of material changes to the Program as necessary to address changing risks of identity theft. Reports shall be prepared as follows: Staff responsible for development, implementation and administration of the Program shall report to 鶹Ƶ Director of Information Techology at least annually on compliance by the organization with the Program. The report shall address material matters related to the Program and evaluate issues such as: The effectiveness of the policies and procedures in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts; Service provider agreements; Significant incidents involving identity theft and managements response; and Recommendations for material changes to the Program. Oversight of Service Provider Arrangements 鶹Ƶ shall take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft whenever the organization engages a service provider to perform an activity in connection with one or more covered accounts. Duties Regarding Address Discrepancies 鶹Ƶ shall develop policies and procedures designed to enable the organization to form a reasonable belief that a credit report relates to the consumer for whom it was requested if the organization receives a notice of address discrepancy from a nationwide consumer reporting agency indicating the address given by the consumer differs from the address contained in the consumer report. 鶹Ƶ may reasonably confirm that an address is accurate by any of the following means: Verification of the address with the consumer; Review of the utilitys records; Verification of the address through third-party sources; or Other reasonable means. If an accurate address is confirmed, 鶹Ƶ shall furnish the consumers address to the nationwide consumer reporting agency from which it received the notice of address iscrepancy if: The organization establishes a continuing relationship with the consumer; and The organization, regularly and in the ordinary course of business, furnishes information to the consumer reporting agency. Original Issue Date: June 16, 2010 Last Updated: October 10, 2017 changed OIT to IT, CIO to DIT -skb     Print Date  DATE \@ "MM/dd/yy" 10/10/17 Print Date  DATE \@ "MM/dd/yy" 10/10/17 ,./09:;<=NOP      T U W _    JLdeļ˥{pht`ht`CJaJht`h5dCJaJh5dCJaJh5dh5dCJaJh5dh5d5CJaJhPhP5CJaJhPhPCJaJhPCJaJ hP5CJ hs[5CJ hs[CJhz^ hz^5CJ( h 5CJ hz^5CJ hs[5CJ hs[5CJ(,-.tc$ !$Ifa$gdz^qkd$$Ifl0$h04 la $ !$Ifa$  !$If./0:q$ !$Ifa$gdf  !$Ifqkd$$Ifl0$h04 la:;<=NO   } ~ gdP$a$qkdX$$Ifl0$h04 la   T U   KL & Fgdy~gd5d^gd5d & Fgd5dgd5d^gdPgdP & FgdPeLMst]EFGYZ[ûְֻ֥zh)#h)#CJaJhy~hy~5CJaJhy~5CJaJh5dhy~CJaJhy~hy~CJaJhy~h5dCJaJhy~CJaJhi}h5dCJaJhdKCJaJh5dh5dCJaJh5dh5d5CJaJh5dCJaJht`h5dCJaJ,LMst]FG} & Fgdy~h^hgdy~ & Fgdy~^gdy~ & Fgdy~^gd5d & Fgdy~gd5dZ[gdy~ & F#gdy~gdy~gd5d & F!gdy~^gdy~ & Fgdy~3QR45KL<= & F%gd)#gd)#-`-gd)#^gd)# & F$gd)#gd)#35JLde !Ui2 3 !]!!!!!!#F#G#Z#$$B%C%s%t%%%%%%&'&''''º²²hi}hoCCJaJhoCh)#5CJaJhoCCJaJhdKCJaJhoChoCCJaJhoCh)#CJaJh)#5CJaJh)#h)#5CJaJh)#h)#CJaJh)#CJaJ;=de!`2 3  & F*gd)# & F)gd)#^gd)# & F&gd)#gd)#gd)# & F%gd)#3 !]!!!!!##F#G#$$B%C%s%t%%%%%%%&&gdoCgdoC & F-gdoCgd)# & F+gdoC&''''''''''''''''''''+($If dd[$\$gd{gd{ dd@&[$\$gd{gd{ & F.gdi}gdoC & F.gdoC'''''''''''''''' ( ( (!()(*(<(=(Q(R(Z([(e(f(g(hdKmHnHujh rJUh rJh?u7jh?u7UhoCh{CJaJhdK hrh{h{hrh{5CJ$\aJ$h{CJaJ+(,(-(.(/(0(\(](mkic$Ifkd$$IflF $x x x 0    4 la $$Ifa$ $$Ifa$](^(_(`(a(b(c(d(e(f(g(gd{okd$$Ifl40$ $ 04 laf4 2&P:pr/ =!"#$% $$If!vh#vh#v:V l05h5/ / 4$$If!vh#vh#v:V l05h5/ / / /  4$$If!vh#vh#v:V l05h5/ / /  / 4r$$If!vh#vx :V l05x 4$$If!vh#v #v:V l405 54f4^ 2 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~_HmH nH sH tH 8`8 Normal_HmH sH tH 8@8  Heading 1$@&CJ<@<  Heading 2$@&5CJDA D Default Paragraph FontVi@V  Table Normal :V 44 la (k (No List 4@4 Header  !4 @4 Footer  !RCR Body Text Indent$0^`0a$.)!. Page Number4B24 Body Text$a$8"@8 Caption$a$5CJ boRb Default 7$8$H$-B*CJOJQJ^J_HaJmH phsH tH @W`a@  Strong5B*CJ \^JaJ phJ^@QRJ   Normal (Web) dd B*^JphH@H P Balloon TextCJOJQJ^JaJ@@@ 5d List Paragraph ^PK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭V$ !)O^rC$y@/yH*񄴽)޵߻UDb`}"qۋJחX^)I`nEp)liV[]1M<OP6r=zgbIguSebORD۫qu gZo~ٺlAplxpT0+[}`jzAV2Fi@qv֬5\|ʜ̭NleXdsjcs7f W+Ն7`g ȘJj|h(KD- dXiJ؇(x$( :;˹! I_TS 1?E??ZBΪmU/?~xY'y5g&΋/ɋ>GMGeD3Vq%'#q$8K)fw9:ĵ x}rxwr:\TZaG*y8IjbRc|XŻǿI u3KGnD1NIBs RuK>V.EL+M2#'fi ~V vl{u8zH *:(W☕ ~JTe\O*tHGHY}KNP*ݾ˦TѼ9/#A7qZ$*c?qUnwN%Oi4 =3N)cbJ uV4(Tn 7_?m-ٛ{UBwznʜ"Z xJZp; {/<P;,)''KQk5qpN8KGbe Sd̛\17 pa>SR! 3K4'+rzQ TTIIvt]Kc⫲K#v5+|D~O@%\w_nN[L9KqgVhn R!y+Un;*&/HrT >>\ t=.Tġ S; Z~!P9giCڧ!# B,;X=ۻ,I2UWV9$lk=Aj;{AP79|s*Y;̠[MCۿhf]o{oY=1kyVV5E8Vk+֜\80X4D)!!?*|fv u"xA@T_q64)kڬuV7 t '%;i9s9x,ڎ-45xd8?ǘd/Y|t &LILJ`& -Gt/PK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!0C)theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] g J Artvye'g(".: =3 &+(](g( !#$1:Mbky8@0(  B S  ?F`G`H` h h 9*urn:schemas-microsoft-com:office:smarttagsplace=*urn:schemas-microsoft-com:office:smarttags PlaceName=*urn:schemas-microsoft-com:office:smarttags PlaceType F0e h 39e h 3309NNde     gg==i!!2233~~XX]]ooGZLL,,BCst * + + , , . 0 0 < [ \ \ ^ ^ _ ` a e h 09NNde     gg==i!!2233~~XX]]ooGZLL,,BCste h .7!rIRF]$E&8*C Zv $!n8s z| Igz\ڮPda! j`}" 4#K+&$*naJ%Usz.Q.s_0DĠ28W[3$l{Jn60#p:H;̯H?=^/zvB0rdnlB|j@lJB zfoCnOD|)I-:G0 ReM||/x{Oƌ"S[^\bN2` AQaX9YfTn 6gdvxj$s|m< >BmMeHm 0Yopn%uwFRtFz0*h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h 8^8`hH)h ^`hH.h  L^ `LhH.h  ^ `hH.h x^x`hH.h HL^H`LhH.h ^`hH.h ^`hH.h L^`LhH.h^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh p^p`hH.h @ ^@ `hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.h P^P`hH.h  ^ `hH.h L^`LhH.0^`0o(0^`0o(.p0p^p`0o(..@ 0@ ^@ `0o(... 0^`0o( .... HH^H`o( ..... ^`o( ...... P`P^P``o(.......  ` ^ ``o(........h 8^8`hH)h ^`hH.h  L^ `LhH.h  ^ `hH.h x^x`hH.h HL^H`LhH.h ^`hH.h ^`hH.h L^`LhH.h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hH^`CJOJQJo(^`CJOJQJo(opp^p`CJOJQJo(@ @ ^@ `CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(PP^P`CJOJQJo(h ^`hH.h  ^ `hH.h  L^ `LhH.h x^x`hH.h H^H`hH.h L^`LhH.h ^`hH.h ^`hH.h L^`LhH.0^`0o(0^`0o(.p0p^p`0o(..@ 0@ ^@ `0o(... 0^`0o( .... HH^H`o( ..... ^`o( ...... P`P^P``o(.......  ` ^ ``o(........h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhpp^p`OJQJ^Jo(hHoh@ @ ^@ `OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhPP^P`OJQJ^Jo(hHoh  ^ `OJQJo(hHh 8^8`hH)h ^`hH.h  L^ `LhH.h  ^ `hH.h x^x`hH.h HL^H`LhH.h ^`hH.h ^`hH.h L^`LhH.h ^`hH)h p^p`hH.h @ L^@ `LhH.h ^`hH.h ^`hH.h L^`LhH.h ^`hH.h P^P`hH.h  L^ `LhH.!^`!o(!^`!o(.[![^[`!o(.. ! ^ `!o(...  ! ^ `!o( .... ^`o( ..... ^`o( ...... `^``o(....... `^``o(........h ^`o(hH.h^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hH^`o(. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.0^`0o(0^`0o(.p0p^p`0o(..@ 0@ ^@ `0o(... 0^`0o( .... HH^H`o( ..... ^`o( ...... P`P^P``o(.......  ` ^ ``o(........h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h ^`hH)h p^p`hH.h @ L^@ `LhH.h ^`hH.h ^`hH.h L^`LhH.h ^`hH.h P^P`hH.h  L^ `LhH.h^`OJQJo(hHhpp^p`OJQJ^Jo(hHoh@ @ ^@ `OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhPP^P`OJQJ^Jo(hHoh  ^ `OJQJo(hHh ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.^`OJQJo(hH^`OJQJ^Jo(hHop^p`OJQJo(hH@ ^@ `OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHoP^P`OJQJo(hHh ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.0^`0o(0^`0o(.p0p^p`0o(..@ 0@ ^@ `0o(... 0^`0o( .... HH^H`o( ..... ^`o( ...... P`P^P``o(.......  ` ^ ``o(........h 8^8`hH)h ^`hH.h  L^ `LhH.h  ^ `hH.h x^x`hH.h HL^H`LhH.h ^`hH.h ^`hH.h L^`LhH.0^`0o(0^`0o(.p0p^p`0o(..@ 0@ ^@ `0o(... 0^`0o( .... HH^H`o( ..... ^`o( ...... P`P^P``o(.......  ` ^ ``o(........h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.^`o(. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh ^`hH)h p^p`hH.h @ L^@ `LhH.h ^`hH.h ^`hH.h L^`LhH.h ^`hH.h P^P`hH.h  L^ `LhH.h^`CJo(hH.^`CJOJQJo(opp^p`CJOJQJo(@ @ ^@ `CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(PP^P`CJOJQJo(^`o(. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.^`.^`.pp^p`.@ @ ^@ `.^`.^`.^`.^`.PP^P`.0^`0o(0^`0o(.p0p^p`0o(..@ 0@ ^@ `0o(... 0^`0o( .... HH^H`o( ..... ^`o( ...... P`P^P``o(.......  ` ^ ``o(........h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.0^`0o(0^`0o(.0^`0o(..0^`0o(... 0^`0o( .... 88^8`o( ..... 88^8`o( ...... `^``o(....... `^``o(........h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.^`.^`.pp^p`.@ @ ^@ `.^`.^`.^`.^`.PP^P`. ^`hH. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH. ^`hH. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h 8^8`hH.h ^`hH.h  L^ `LhH.h  ^ `hH.h x^x`hH.h HL^H`LhH.h ^`hH.h ^`hH.h L^`LhH..vxjJB J%9YfzvB\s_0/x{OHm2` za!-:G!{Jn6j`}"AQaFzoH;H?=p2s|mS[^\w4#F]sz.lBDW[3. 6g7!p:%uIReM+&$ g& >BmoC..                                                                                                                                                                                                                                                                                                 0/PP 5di}X\.")#E#2z-+62?u7N ;oC rJpSNXpbX X]z^P_t`?tdyy~}]f,* $r{wgf Os[qfBH#YGUE:YdKP0@g @UnknownG*Ax Times New Roman5Symbol3. *Cx Arial5. .[`)Tahoma?= *Cx Courier New;WingdingsA$BCambria Math#Ah(ѦRZGfH+9+924 3QHX ?r2!xx  Marywood UniversityBurns, Sr. Kathleen.                           ! " # $ % & ' ( ) * + , - Oh+'0  4 @ L Xdlt| 鶹Ƶ Normal.dotmBurns, Sr. Kathleen14Microsoft Office Word@ @x] @Yׂ@JA+՜.+,0 hp  鶹Ƶ9  Title  !"#$%'()*+,-/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|~Root Entry F@IjAData &1Table.WordDocument4JSummaryInformation(}DocumentSummaryInformation8CompObjr  F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q