The purpose of this identity theft prevention program (Program) is to protect customers of the municipality’s utility services from identity theft. The program is intended to establish reasonable policies and procedures to facilitate the detection, prevention and mitigation of identity theft in connection with the opening of new covered accounts and activity on existing covered accounts. (Ord. 08-10-21-01, passed 10-21-08)

This program applies to the creation, modification and access to identifying information of a customer of one or more of the utilities operated by the city and all employees. This program does not replace or repeal any previously existing policies or programs addressing some or all of the activities that are the subject of this program, but rather it is intended to supplement any such existing policies and programs. (Ord. 08-10-21-01, passed 10-21-08)

When used in this program, the following terms have the meanings set forth opposite their name, unless the context clearly requires that the term be given a different meaning:
Covered Account. The term "covered account" means an account that the municipality offers or maintains, primarily for personal, family or household purposes, that involves or is designed to permit multiple payments of transactions. (16 CFR 681.2(b)(3)(i)). A utility account is a "covered account." The term "covered account" also includes other accounts offered or maintained by the municipality for which there is a reasonably foreseeable risk to customers the municipality or its customers from identity theft. (16 CFR 681.2(b)(3)(ii)).
Identity Theft. The term "identity theft" means a fraud committed or attempted using the identifying information of another person without authority. (16 CFR Section 681.2(b)(8) and 16 CFR Section 603.2(a)).
Identifying Information. The term "identifying information" means any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including any name, social security number, date of birth, official State or government issued driver’s license or identification number, alien registration number, government passport number, employer or taxpayer identification number. Additional examples of "identifying information" are set forth in 16 CFR Section 603.2(a).
Red Flag. The term "red flag" means a pattern, practice or specific activity that indicates the possible existence of identity theft.
Certain terms used but not otherwise defined herein shall have the meanings given to them in the FTC’s Identity Theft Rules (16 CFR Part 681) or the Fair Credit Reporting Act of 1970 (15 U.S.C. Section 1681 et seq.), as amended by the Fair and Accurate Credit Transactions Act of 2003 into law on December 4, 2003. (Public Law 108-159). (Ord. 08-10-21-01, passed 10-21-08)

The initial adoption and approval of the identity theft prevention program shall be by ordinance of the city council. Thereafter, changes to the program of a day-to-day operational character and decisions relating to the interpretation and implementation of the program may be made by the finance director who shall be the program administrator. Major revisions of this policy shall be approved by the city council.
Development, implementation, administration and oversight of the program will be the responsibility of the program administrator. The program administrator will report at least annually to the city council regarding compliance with this program.
Issues to be addressed in the annual identity theft prevention report include:
(A) The effectiveness of the policies and procedures in addressing the risk of identity theft in connection with the opening of new covered accounts and activity with respect to existing covered accounts;
(B) Service provider arrangements;
(C) Significant incidents involving identity theft and management’s response;
(D) Recommendations for material changes to the program, if needed, for improvement. (Ord. 08-10-21-01, passed 10-21-08)

(A) Identification of Relevant Red Flags. The municipality has considered the guidelines and the illustrative examples of possible red flags from the FTC’s Identity Theft Rules and has reviewed the municipality’s past history with instances of identity theft, if any. The municipality hereby determines that the following are the relevant red flags for purposes of this program given the relative size of the municipality and the limited nature and scope of the services that the municipality provides to its citizens:
(1) Alerts, notifications, or other warnings received from consumer reporting agencies or service providers.
(a) A consumer reporting agency alerts the city of a credit freeze, address disparity, or that an account has been noted to have abusive or fraudulent activity.
(2) The presentation of suspicious documents.
(a) Documents provided for ID do not appear to be genuine and unaltered.
(b) The photo or physical description is not consistent with the appearance of the applicant.
(c) Information given to open the account is not consistent with the ID of the applicant.
(3) The presentation of suspicious personal identifying information, such as a suspicious address change.
(a) Personal ID is of the same type associated with fraudulent activity: fictitious address, mail box drop, or prison or phone number is invalid; it is associated with a pager or answering service.
(b) Personal ID provided is associated with known fraudulent activity.
(c) Personal ID is inconsistent with utility records.
(d) The customer fails to provide all needed personal ID upon request.
(4) The unusual use of, or other suspicious activity related to, a covered account.
(a) The utility is notified of unauthorized charges or transactions in connection with a customer’s account.
(b) Customer notifies utility that they are not receiving their bill.
(c) Mail sent to customer is repeatedly returned.
(d) Payments are made in a manner associated with fraud. For example, a deposit or initial payment is made and no payments are made thereafter.
(5) Notice of Possible Identity Theft.
a. Utility is notified by law enforcement officials or others, that it has opened a fraudulent account for a person engaged in identity theft.
(B) Detection of Red Flags. The employees of the municipality that interact directly with customers on a day-to-day basis shall have the initial responsibility for monitoring the information and documentation provided by the customer and any third-party service provider in connection with the opening of new accounts and the modification of or access to existing accounts and the detection of any red flags that might arise. Management shall see to it that all employees who might be called upon to assist a customer with the opening of a new account or with modifying or otherwise accessing an existing account are properly trained such that they have a working familiarity with the relevant red flags identified in this program so as to be able to recognize any red flags that might surface in connection with the transaction.
An employee who is not sufficiently trained to recognize the red flags identified in this program shall not open a new account for any customer, modify any existing account or otherwise provide any customer with access to information in an existing account without the direct supervision and specific approval of a management employee. Management employees shall be properly trained such that they can recognize the relevant red flags identified in this program and exercise sound judgment in connection with the response to any unresolved red flags that may present themselves in connection with the opening of a new account or with modifying or accessing of an existing account. Management employees shall be responsible for making the final decision on any such unresolved red flags.
The program administrator shall establish from time to time a written policy setting forth the manner in which a prospective new customer my apply for service, the information and documentation to be provided by the prospective customer in connection with an application for a new utility service account, the steps to be taken by the employee assisting the customer with the application in verifying the customer’s identity and the manner in which the information and documentation provided by the customer and any third-party service provider shall be maintained. Such policy shall be generally consistent with the spirit of the customer identification program rules (31 CFR 103.121) implementing Section 326(a) of the USA PATRIOT Act but need not be as detailed. The program administrator shall establish from time to time a written policy setting forth the manner in which customers with existing accounts shall establish their identity before being allowed to make modifications to or otherwise gain access existing accounts.
(C) Response to Detected Red Flags. If the responsible employees of the municipality as set forth in the previous section are unable, after making a good faith effort, to form a reasonable belief that they know the true identity of a customer attempting to open a new account or modify or otherwise access an existing account based on the information and documentation provided by the customer and any third-party service provider, the municipality shall not open the new account or modify or otherwise provide access to the existing account as the case may be. Opening new accounts or the modification or access to existing accounts will be on a nondiscriminatory basis based on the city’s policies.
The program administrator shall establish from time to time a written policy setting forth the steps to be taken in the event of an unresolved red flag situation. Consideration should be given to aggravating factors that may heighten the risk of identity theft, such as a data security incident that results in unauthorized access to a customer’s account, or a notice that a customer has provided account information to a fraudulent individual or website. Appropriate responses to prevent or mitigate identity theft when a red flag is detected include:
(1) Monitoring a covered account for evidence of identity theft;
(2) Contacting the customer;
(3) Changing any passwords, security codes, or other security devices that permit access to a covered account;
(4) Reopening a covered account with a new account number;
(5) Not opening a new covered account;
(6) Closing an existing covered account;
(7) Not attempting to collect on a covered account or not selling a covered account to a debt collector;
(8) Notifying law enforcement;
(9) Determining that no response is warranted under the particular circumstances. (Ord. 08-10-21-01, passed 10-21-08)

(A) Initial Risk Assessment--Covered Accounts. Utility accounts for personal, family and household purposes are specifically included within the definition of "covered account" in the FTC’s Identity Theft Rules. Therefore, the municipality determines that with respect to its residential utility accounts it offers and/or maintains covered accounts. The municipality also performed an initial risk assessment to determine whether the utility offers or maintains any other accounts for which there are reasonably foreseeable risks to customers or the utility from identity theft. In making this determination the municipality considered (1) the methods it uses to open its accounts, (2) the methods it uses to access its accounts, and (3) its previous experience with identity theft, and it concluded that it does not offer or maintain any such other covered accounts.
(B) Program Updates--Risk Assessment. The program, including relevant red flags, is to be updated as often as necessary but at least annually to reflect changes in risks to customers from identity theft. Factors to consider in the program update include:
(1) An assessment of the risk factors identified above;
(2) Any identified red flag weaknesses in associated account systems or procedures;
(3) Changes in methods of identity theft;
(4) Changes in methods to detect, prevent, and mitigate identity theft;
(5) Changes in business arrangements, including mergers, acquisitions, alliances, joint ventures, and service provider arrangements.
(C) Training and Oversight. All staff and third-party service providers performing any activity in connection with one or more covered accounts are to be provided appropriate training and receive effective oversight to ensure that the activity is conducted in accordance with policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. (Ord. 08-10-21-01, passed 10-21-08)

Awareness of the following related legal requirements should be maintained:
(A) 31 U.S.C. 5318 (g) -- Reporting of Suspicious Activities.
(B) 15 U.S.C. 1681 c-1 (h) -- Identity Theft Prevention; Fraud Alerts and Active Duty Alerts -- Limitations on Use of Information for Credit Extensions.
(C) 15 U.S.C. 1681 s-2 -- Responsibilities of Furnishers of Information to Consumer Reporting Agencies.
(D) 15 U.S.C. 1681 m -- Requirements on Use of Consumer Reports. (Ord. 08-10-21-01, passed 10-21-08)

I. New Utility Accounts may be opened in the following manners:
In Person Walk-In
Via Telephone

II. Information and Documentation Required for Walk-in Account Activations

1. Driver’s License or alternate government issued picture ID (required)

2. Service address (required)

3. Signature on application (required)

4. Service telephone number (cell / business / or new service phone number) (required)

III. Information and Documentation Required for Telephone Account Activations

1. Fax or mailed copy of Driver’s License or alternate government issued picture ID (required)

2. New service address (required)

3. Most recent previous address (required)

4. Signature on application (required)

5. Service telephone number (cell / business / or new service phone number) (required)

6. The billing address must be the service address unless the customer comes into City Hall to verify identity in person.

IV. Steps to be Taken by the Customer Service Representative

a. Check driver’s license/alternate government issued identification

b. Review checklist of Red Flags/determine if any present

c. Make a copy of driver’s license / alternate government issued ID

V. Steps for CSR to Follow If Validation of ID fails

a. Tactfully advise applicant for service of the issue, if appropriate

b. Do not open account

c. Escalation to supervisor if situation with customer unresolved

d. Management employee/Program Administrator may allow a new account to be established based on extenuating circumstances, in their sole discretion.

I hereby make application to the City of Wilmington for water and sewer service to be supplied to the premises located at:

Service Address: _______________________________ Dated Occupied: ______________________

Business Name: ________________________________ Phone: ______________________________


The undersigned hereby accepts liability for all charges for water and/or sewer service and other charges in connection thereof for the above mentioned premises until a final water meter reading has been taken by the City.


Signature of Business Representative: ________________________________

To be completed by Property Owner:

Owner’s Name: _______________________________ Phone: _______________________________

Address: _____________________________________

City/State/Zip: ________________________________

As owner of the above mentioned property, I shall be liable for service supplied to any user of the combined waterworks and sewerage system of the City on my premises.


Signature: ___________________________________ Date: ________________________________

I hereby make application to the City of Wilmington for water and sewer service to be supplied to the approved rental premises located at:

Service Address: _______________________________ Dated Occupied: _______________________

Name of Resident: _____________________________ Home Phone: __________________________
(Please Print) Cell or Work Phone: ____________________


The undersigned hereby accepts liability for all charges for water and/or sewer service and other charges in connection thereof for the above mentioned premises until a final water meter reading has been taken by the City.


Signature: ________________________________

To be completed by Owner:

Owner’s Name: _______________________________ Phone: _______________________________

Address: _____________________________________

City/State/Zip: ________________________________

As owner of the above mentioned property, I acknowledge and accept liability for service supplied to any user of the combined waterworks and sewerage system of the City on my premises.


Signature: ___________________________________ Date: ________________________________

I hereby make application to the City of Wilmington for water and sewer service to be supplied to the approved rental premises located at:

Service Address: _______________________________ Dated Occupied: _______________________

Name of Resident: _____________________________ Home Phone: __________________________
(Please Print) Cell or Work Phone: ____________________


The undersigned hereby accepts liability for all charges for water and/or sewer service and other charges in connection thereof for the above mentioned premises until a final water meter reading has been taken by the City.


Signature: ________________________________

To be completed by Owner:

Owner’s Name: _______________________________ Phone: _______________________________

Address: _____________________________________

City/State/Zip: ________________________________

As owner of the above mentioned property, I acknowledge and accept liability for service supplied to any user of the combined waterworks and sewerage system of the City on my premises.


Signature: ___________________________________ Date: ________________________________