red flag rule user training identity theft prevention program

Red Flag Rule User Training

Identity Theft Prevention Program

Why am I here?My supervisor/manager etc. made me come.

The Federal Trade Commission (FTC) regulates financial transactions at NC State University.

The FTC has defined NC State as a creditor.

The FTC has determined that all creditors must comply with the Red Flags regulation and by law must train certain

respective employees that could come in contact with a “Red Flag”.

Your supervisor/manager has determined that within your daily job responsibilities you may come in contact with a Red Flag, and therefore need to be trained on what to look for and what

to do if you see a Red Flag.

What will I gain from this?

By completing this training module you will gain:

Knowledge of what is a Red Flag

Knowledge of what is a “covered account”

Knowledge of the different types of Red Flags and how they can present themselves

Knowledge of what to look for and where to look in detecting a Red Flag

Knowledge of what process to follow in case you should detect a Red Flag

Knowledge of whom to contact

A Certificate of completion

So what is a Red Flag?

In simple terms, a Red Flag is an indication or warning that a fraudulent transaction or event could be occurring as a result

of identity theft.

Why is this needed?

Identity thieves use personal identifying information to open new accounts and misuse existing accounts, creating havoc

and fraud, costing consumers and businesses billions of dollars every year.

Even though we continually put safeguards in place to prevent ID theft, criminals are becoming more sophisticated and

educated every day in obtaining this information fraudulently.

The Red Flag regulation is designed to assist in detecting when ID theft might be happening and reduce its consequences. The Federal Government requires us to comply with this regulation.

What does the FTC say we must do?

According to the FTC, by law, we must be able to do the following:

Identify areas of exposure to ID theft and what types of events within those areas could be interpreted as Red Flags – what to look for

Detect when these Red Flag indicators might be present

Reduce the exposure of financial or personal loss to the University and to the customer who might have been a victim of ID theft by

investigating the detected Red Flags for actual fraud and responding quickly and appropriately if fraud does indeed exist

Train our employees on how to accomplish all of this

Which goes back to “Why am I here?”

Question #1What does the FTC say we must do?

A. Identify what types of indicators could be Red Flags – what to look for

B. Detect when these Red Flag indicators might be occurring

C. Mitigate or reduce the exposure not only to the University, but also to the customer who might have had his/her ID stolen

D. Train our employees on how to accomplish all of this

E. All of the above

Congratulations Correct Answer

Answer: E is correct - All of the above

The FTC requires that we be able to:

Identify what accounts are considered “covered accounts” and what Red Flags could be present within these accounts

Detect the Red Flags within these identified “covered accounts”

Reduce the exposure these Red Flags might cause to both the University and the customer by investigating and

responding appropriately

Train our employees in these areas

Sorry – Answer Incorrect

Go back to Question and try again

Go back to beginning of section to review the information

What is a “covered account”?A “covered account” is a customer account that has been

identified as having the possibility of a Red Flag occurrence and must be monitored for the detection of a Red Flag.

There are 2 types of covered accounts.

The first type deals with individuals. Any account that allows an individual to pay for a service or product over time with multiple payments is considered a covered account. An

example is an extended payment schedule for tuition costs.

The second type deals with any customer account that allows small businesses or individuals to purchase products or services that are not paid in full at the time of the service or

sale. These accounts could be considered covered accounts, depending upon the overall risk factors involved. As an

example, this may apply to businesses that the University provides services to every month but only bills them at the end

of the month.

NC State Covered AccountsThe University Chancellor appointed a committee to evaluate

the Red Flag regulations and its effect on the University. The following University Units have been identified by the University Red Flag Rules Committee as having “covered accounts”:

• Student Accounts

• The AllCampus Card

• Short Term Student Loans

Red Flags have been identified in each of these Units by the Committee, which satisfies the Identify portion of the FTC regulation.

Question #2What is considered a “covered account” ?

A. An account that allows an individual to make payments over time

B. An account for small businesses that pay for services in full at the time they are rendered

C. An account that is covered by the University in case of student default

D. Only A and B

E. All of the above

CongratulationsCorrect Answer

Only A is correct:

For individuals, covered accounts include any account that allows individuals to make multiple payments to pay off an

obligation.

Only small business accounts or individuals that do not pay at the time the product or service is received (such as monthly billing) could be considered as “covered” by the Red Flag

Regulation. These may or may not be considered as covered based upon the risk associated with identity theft. These

accounts have been determined by the University Red Flag Rules Committee.

Question #3Is cashing a check for a student considered a

“covered account activity” ?

A. Yes

B. No

CongratulationsCorrect AnswerAnswer: No

Single transaction items, such as cashing a check for a student, are not considered as covered account activities by the regulation.

Also, purchasing a book or article from the bookstore or cafeteria on your credit card is not considered as “covered” by the Red Flag

Rules.

For individuals, accounts or transactions that allow the individual to make multiple payments over time are considered as “covered”.

NOTE: Even though these types of transactions are not covered under the Red Flag regulations, there may be other University

policies, procedures, and guidelines that must be followed when dealing with them.

Identity thieves may steal the following items:

• Address• Telephone number• Social Security number• Date of Birth• Government issued driver’s license or identification number• Alien registration number• Government passport number• Employer or taxpayer identification number• Individual identification number• Computer’s Internet Protocol address• Bank or other financial account routing code• Student identification number issued by the University

So we need to pay attention to them…..

What should you look for?

A Red Flag may indicate that identity theft has occurred and fraud could be in progress.

Red Flags come in 5 categories (flavors)……

• Notifications and Warnings from Consumer Reporting Agencies

• Suspicious Documents

• Suspicious Personal Identifying Information

• Suspicious Covered Account Activity

• Alerts from Others

Question #4Which of the following is NOT considered

Personal Identifying Information?

A. Address

B. Phone number

C. Automobile license plate number

D. Student ID

E. Government issued driver’s license number or identification number


Answer C is correct:

An automobile license plate number is not a government authorized form of identification. All others are recognized as

valid forms of identification.

Question #5Which of the following is NOT considered

Personal Identifying Information by the FTC?

A. Date of Birth

B. Social Security number

C. Employer or taxpayer identification number

D. Financial routing code

E. An individual’s height and weight


Answer E is correct:

Even though a person’s height and weight are personal information from an individual’s perspective, they are not

considered as information to qualify as a possible Red Flag.

All others are recognized as valid forms of identification or are protected information.

Question #6Which of the following is not a Red Flag category?

A. Notifications and warnings from credit agencies

B. Suspicious documents or personal identifying information

C. Suspicious account activity

D. Expired documents

E. Alerts and notifications from identity theft victims


Answer D is correct:

Expired documents do not raise Red Flags, and, in fact, expired documents can actually be utilized to verify

identification.

Individualized Area Training

Student Accounts, Loans, and Student Short Term Loans - for those who approve, disburse, or maintain student loans

Credit Agency Reports – For those who interface with or receive reports from credit bureaus or consumer reporting agencies

For which Unit are you taking this training?Please click on the appropriate section

(If you are unsure, please consult your manager or supervisor for instructions)

Dining - for those who open new AllCampus card accounts or maintain and administer existing accounts

General overall knowledge of the Red Flag Rules – For Supervisors and Managers, as well as other individuals who process payments and/or receipts, or establish and monitor customer accounts or third party service providers.

Red Flag Program – General TrainingTopics to be covered in this section include:

• Examples of the 5 categories of Red Flags:

• Notifications and Warnings from Consumer Credit Bureaus• Suspicious Documents• Suspicious Personal Identifying Information• Suspicious Covered Account Activity• Alerts from Others

• Where Can Red Flags Be Detected• How to Detect Red Flags• Reduce Exposure and Liability• General Correspondence• Third Party Contracts• Updates to the Red Flag Program

General TrainingNotifications and Warnings

from Consumer Credit BureausExamples:

• A fraud alert has been included with a consumer credit report from a credit bureau

• A notice of a credit freeze has been provided in response to a request for a consumer credit report from a credit bureau

• A consumer credit bureau provides a notice of address discrepancy

• A consumer credit bureau reports unusual credit activity, such as an increased number of accounts or inquiries

General TrainingSuspicious Documents

Examples:

• Documents provided for identification that appear to be altered or forged

• Photograph on ID does not match the appearance of the individual or does not look like the individual

• Information on ID does not match the information provided by the person opening the account

• Application appearing forged, altered, or destroyed and reassembled

General Training Suspicious Personal

Identifying InformationExamples:

• Information on an ID does not match any address in the consumer report

• The Social Security number has not been issued or appears on the Social Security Administration's Death Master File (a file of information associated with Social Security numbers of those who are deceased)

• There is a lack of correlation between the Social Security number provided and the range for the date of birth

• Personal identifying information that is provided is associated with known fraud activity


Identifying InformationExamples(cont.)

• A suspicious address is supplied, such as a mail drop or prison

• A phone number associated with pagers or answering service is given

• A duplicate Social Security number is provided that matches one submitted by another person opening an account or another customer with an existing account

• Duplicate addresses or phone numbers that match others are supplied by a large number of applicants


Identifying Information

Examples (cont.)

• The person opening the account is unable to supply identifying information when told that the application is incomplete

• The applicant’s personal information is inconsistent with information already on file

• The person opening an account or an existing customer is unable to correctly answer challenge questions

General Training Suspicious Covered Account

ActivityExamples:

• Shortly after a change of address on an account, you receive a request for additional users of the account

• You notice that most of the available credit for an account is used for cash advances, jewelry or electronics, plus the customer fails to make the first payment

• You notice a drastic change in payment patterns, use of available credit, or spending patterns on an account

• You notice that an account that has been inactive for a long time suddenly has lots of unusual activity

General Training Suspicious Covered Account

ActivityExamples (cont.)

• You notice that mail that has been sent to a customer is repeatedly returned as undeliverable despite transactions continuing to occur on the account

• You are notified that a customer is not receiving his/her account statements

• You are notified of unauthorized charges or transactions on a customer's account

General Training Alerts from Others

Examples:

• You receive some notification from a third party (such as law enforcement, an attorney, a credit bureau) that there is a fraudulent account being used at the University by a person engaged in identity theft

General Training Where can Red Flags be

detected?• The opening of a customer account, such as a student long term or short

term loan, or the activation of a new AllCampus card

• The ongoing monitoring of one of these customer accounts for suspicious activities

• General correspondence with a customer - written or verbal

• Information received from Credit Agencies or Credit Bureaus that might lead you to be suspicious that there could be an identity theft problem

General Training How to Detect Red Flags

Examples:

• Verify identities when opening customer accounts or performing customer transactions

• Monitor ongoing transactions of customer accounts, such as AllCampus card transactions

• Verify the validity of any change to address or bank routing information or other relevant information to a customer account

• Watch for credit bureau report warnings

• Be aware – identity fraud is all around us

Question #7Where can Red Flags be detected?

A. The opening of a customer account

B. The ongoing monitoring of a customer account

C. A response from a credit bureau

D. Both A and B

E. All of the above


Answer E is correct: All of the Above

Red flags can be detected when opening a new covered account, while monitoring an existing covered account, in general communications or correspondence with a customer, and with notifications from a credit

bureau.

Looking for suspicious documents and mismatching IDs should be accomplished when opening new accounts.

Existing accounts should be monitored for unusual activity and notifications from customers concerning invalid or unauthorized transactions.

Also, all correspondence from a credit bureau or agency should be monitored for possible signals for ID theft or Red Flags.

Question #8Are all Customer Accounts considered as Covered

Accounts ?

A. Yes

B. No


Answer B is correct: No

Not all customer accounts are necessarily considered as covered accounts under the Red Flag regulations.

Any individual account that offers multiple payments over time is always considered a covered account.

Other customer accounts (both small business and individual accounts) that allow the purchase of a service or product without the immediate

payment by the customer could be considered a covered account, based on the financial and personal risks to both the customer and the University. If there is limited risk involved, then the customer account does not require

designation as a covered account.

General Training Reduce Exposure and

Liability• You need to act quickly

• First, consult your University business and departmental procedures for individual departmental investigation instructions

• Gather all related information and documentation associated with the situation

• Escalate to a supervisor or manager if your investigation does not eliminate the possibility that a fraud or ID theft may be occurring

• If your investigation determines that the Red Flag is triggered by a normal and usual customer request or a general mistake, no action may be necessary – other than correcting the item in question.


Liability• The Supervisor will complete a Red Flag Incident Report if the situation

can not be resolved, or if it is determined that a possible fraud or ID theft may be occurring

• The Incident Report will be forwarded to the Program Administrator, who is responsible for the operation of the University Red Flag Program

• If it is determined that a fraud or ID theft has actually been detected, then the owner of any compromised account MUST be notified by the Program Administrator


LiabilitySubsequent actions by the Program Administrator may include:

• Notifying in writing the original customer/vendor/supplier/student of all ongoing investigations and outcomes

• Notifying proper government or law enforcement entities and utilizing such for an ongoing investigation

• Taking all actions required by law in handling a fraudulent account as defined by the FTC, the University, and any local, state, or federal laws

• Maintain all incident reports and pertinent information for reporting purposes and future references

Question #9Which of the following is NOT part of the process

for Reducing Exposure and Liability?

A. You must act quickly

B. You must follow all individual department procedures and regulations

C. You must gather all information and documentation

D. For every Red Flag identified, you must complete the Red Flag Incident Report and forward it to the Program Administrator

E. None of the above


Answer D is correct:

The Program Administrator should not be notified unless there has been a potential fraud determined through investigation, not

just if a Red Flag has been detected. A thorough investigation needs to be completed by the individual and his/her

management prior to involving the Program Administrator.

The other items listed should occur during the process. Gather all information, follow internal department processes, and

remember to act quickly because, if it is an actual fraud, speed is of the essence in determining this and stopping any future

fraudulent activities.

General Correspondence

All correspondence, written or verbal, both to and from a customer, vendor, or supplier, could indicate a Red Flag and possible ID fraud. The following are examples of such correspondence:

• Mail sent to a customer/vendor/supplier is repeatedly returned as undeliverable despite ongoing transactions on an active account.

• You are notified that a customer/vendor/supplier is not receiving account statements or payments.

• You are notified of unauthorized charges, transactions, or modifications on customer/vendor/supplier accounts.

• You are notified that a fraudulent account for a person engaged in identity theft has been opened at the University.

Third Party ContractsAll managers/supervisors must exercise appropriate and effective oversight of service provider or third party arrangements.

There are certain service providers who may be the only ones that are able to detect Red Flags. Examples are debt collectors that may be hired to contact customers for outstanding debts. Another example could be an agency that collects payments for the University. These types of service providers must have a defined and implemented Red Flag Program and must certify as such to the University via the contract agreement.

Examples within the University of such service providers include, but are not limited to:

• CareCredit (Vet School Credit Company) • ECSI – Educational Computer Systems, Inc. (Student Loan Management)• TMS – Tuition Management Systems (Extended Tuition Services)• NC State University Student Aid Association (Wolfpack Club)• Castle Branch (Human Resources Credit Checks)

Updates to the Red Flag Program

The Red Flag Rules Committee has assessed various Units within the University and has identified Units that contain covered accounts and defined Red Flags within these accounts.

If you believe that there are other accounts that could qualify as covered accounts and should be included in the Red Flag Program, please contact the Program Administrator or any member of the Red Flag Rules Committee. Contact information is located within the Contact and References section of this training module.

Congratulations

You have now completed the section on Red Flag training for:

General Training

If you would like to visit another section of the training module please “click” on the back arrow button ( )

Otherwise please proceed to the final section of the training for References and Contacts by “clicking” on the forward arrow ( )

Back to selection menu

AllCampus Card Accounts

Opening (Creating) an Account:

The following Red Flags could be present:

• Presentation of suspicious documents when requesting a NC State ID card

• Presentation of mismatched photo ID card

The following steps must occur in order to detect Red Flags:

• Verification of photo ID before capturing image

• Verification of photo ID before issuing / replacing card

• Distance Ed ID card must state “Not Valid without Photo ID”

• On line submission of ID photo requires stringent verification of ID pickup

AllCampus Card AccountsMonitoring an Existing Account:

The following Red Flags could be present on an ongoing basis:

• Unauthorized transactions in individual accounts

• Large purchases at locations with traditionally small value transactions

• Daily vending limit reached or exceeded

• Request to close account with full refund to be sent to address differing from account data

AllCampus Card AccountsMonitoring an Existing Account :

There are a number of process improvements (automated and manual) that have been implemented to protect the University and the customer. Each of these situations should be continually monitored for unusual activities.

• Requests for password resets are emailed to Unity account, not user defined email address

• Low balance warnings are emailed to Unity account or parent when threshold is reached

• Card transactions are limited to a single tender to prevent card “testing”

• On line access to transaction data for customers

• Remaining balance is displayed after each transaction


• Implemented a daily vending limit (Example: $10.00) to prevent emptying accounts at unattended readers

• Implement the ability for patrons to disable lost/stolen cards at any time via the web

• Meal Plan sign up / change / cancel process must be accompanied by authorization form

• No refund on cancellation or downsize modification will be processed until proper ID has been verified

• If it is not possible that the requesting student make the request in person, then a hold on any refunds should be placed for a period of time to ensure that a change of relevant information on the account has not erroneously occurred prior to the refund request


If a transaction creates one of these situations or causes a customer to contact the Dining Department, the assigned representative must perform the following: • Contact the original account holder to discuss the circumstances.

• Obtain all relevant information on the customer, the account, and the transactions

• Correct any invalid or missing information on the account

• Follow all interdepartmental policies in handling customer complaints for invalid transactions

If a satisfactory resolution can not be implemented, OR if there is an indication that a fraud might be ongoing, OR if no determination can be made, then an escalation must be made to a supervisor.


The supervisor must follow departmental procedures in dealing with a disputed transaction. If the supervisor determines that a fraud could be ongoing from invalid transactions or account modifications having to do with the possibility of an ID theft, then the following must occur:

• The supervisor (or his/her designee) must either make the account inactive or inform the original customer to modify his/her logon and password whichever is applicable

• The supervisor must notify the original customer/vendor/supplier/student of all ongoing activities

• The supervisor (or his/her designee) must verify if any charges or payments have been made on or to the account that could be unwarranted or illegal

• The supervisor (or his/her designee) must complete and forward a Red Flag Incident Report to the Program Administrator

Question #7AllCampus Card

When opening a new account or issuing a replacement ID card an employee must do which of the following?

A. Verify the individual’s identification with a Government issued photo ID before capturing an image

B. Accept a written authorization from the individual for another person to obtain the card for them (from an on-line submission)

C. Notify a supervisor if the individual can not produce a valid photo ID

D. Ensure that the individual sign a log book prior to obtaining the card

E. All of the above


Answer A is correct: Verify with a valid photo ID

Never issue a card to someone other than the actual individual owner of the account, even if the individual has supposedly signed to allow

someone else to pick it up. The signature can not be verified.

Do not contact a supervisor just because the individual can not produce a valid photo ID at that time. Politely ask them to obtain one

and come back. But if you feel that the ID has been altered or compromised in any way, then contacting a supervisor is appropriate.

Even though the Red Flag regulation does not require a log book, individual departmental guidelines may require a signature prior to

obtaining the card.

And again, never issue a card to anyone but the account owner…..

Question #8AllCampus Card

Monitoring of an existing account should include which of the following?

A. Monitoring for exceeding of daily transaction limits at unattended readers

B. Monitoring for customer contact for multiple invalid transactions

C. Monitoring for requests to close an account and mail any refund due to a new address

D. Monitoring for large and unusual purchases

E. All of the above


Answer E is correct:

All of the Above

Always monitor for any unusual activity with a card’s usage and, if noticed, contact a supervisor.

Never provide a refund without full proper identification. This must be done with a government ID as well as the card itself.

Always be aware of altered IDs.

Congratulations


All Campus Card Accounts




Student Accounts and Long Term Student Loans

The following Red Flag could be detected when monitoring Student Accounts:

• A request for withdrawal (drop all classes) when a refund is required shortly after a change of relevant information

Short Term Student Loans

The following Red Flags could be detected when monitoring and processing Student Short Term Loans:

• Presentation of suspicious documents when requesting a short term loan

• Presentation of mismatched photo ID card

• Request for an electronic disbursement immediately after a change of electronic routing information in the student’s on line data base account.

Short Term Student Loans

When distributing a short term loan the following must occur:

• If the loan is from another department, a signed authorization form must be presented by the student. The department should have verified the identity of the student prior to approving.

• Only the student authorized to receive the loan will be allowed to physically obtain the money. Third party authorization forms for individuals to receive another’s loan proceeds will not be permitted.

• A government issued picture ID must be presented prior to any distribution of money and must be verified by the person administering the disbursement. If there seems to be an identification problem, then a supervisor must be informed.

• Electronic disbursements will only be sent to the current banking information on file for the student. Care must be taken in determining if that information has recently been changed.

Question #7Student Accounts

When disbursing a student short term loan an employee must do which of the following?

A. Verify the individual’s identification with a Government issued photo before disbursing any money

B. Accept a written authorization from the individual for another person to obtain the money for them

C. Notify a supervisor if the individual can not produce a valid photo ID

D. Verify that the individual’s class schedule to ensure they are a full time student

E. All of the above


Answer A is correct: Verify with a valid photo ID

Never disburse a loan to someone other than the actual individual owner of the account, even if the individual has supposedly signed to allow someone else to pick it up. The signature can not be verified.

Verifying the class schedule is not part of the process. Part time students can also receive short term student loans.

Do not contact a supervisor just because the individual can not produce a valid photo ID at that time. Politely ask them to obtain one

and come back. But if you feel that the ID has been altered or compromised in any way, then contacting a supervisor is appropriate.

And again, never disburse money to anyone but the loan account owner…..

Congratulations


Student Accounts




Credit Agency ReportsIn addition to Red Flags for covered accounts, any Unit that receives a notice from a consumer reporting agency or credit bureau that states the address furnished by the University is different than that in the agency’s files, must implement the following:

• An investigation must occur to insure the report is for the person intended. This could include:

• Verifying the address with the consumer about whom the report was requested• Reviewing existing records that may be already on file for this person• Verifying the address through a third party source• Using other reasonable means

• If the report is indeed for whom it was intended, the consumer must be contacted and informed of the address discrepancy

• The Agency must be informed of the correct and verified address of the consumer

This includes employee, student, and customer accounts.

Also, any 3rd party vendor or supplier that the University utilizes in obtaining or interpreting consumer reports must also certify via contract agreement that they have a Red Flag Policy and Program implemented

Question #7Credit Agency Interfaces

Could Units with no identified covered accounts be affected by the FTC Red Flag Regulation?

A. Yes

B. No


Answer A is correct: Yes

Any Unit that interfaces with a consumer reporting agency or credit bureau must implement a policy to respond to address discrepancy

reports received by the agency or bureau.

While this is not an actual part of the Red Flag Regulation, it is a part of the overall FTC Identity Theft Rules that includes the Red Flag

section. It is an important item in assisting in the detection of ID theft and for NC State University would include reports utilized in the hiring

of new employees.

Congratulations


Credit Agency Reports


Otherwise please proceed to the final section of the training for References and Contacts and to receive credit for the training by “clicking” on the forward arrow ( )


References and ContactsNC State University Identity Theft Prevention Program Committee:

Charles Cansler- Program Administrator, University ControllerLeo Howell – Asst. Director, Security and Compliance - Office of Information

TechnologyHeidi Kozlowski- Assoc. University Controller – Non-Student ReceivablesMaria Brown - Director - University Cashier’s OfficeRandy Lait – Sr. Director, Hospitality and Marketing Services, Campus

EnterprisesBrad Trahan – University Records Officer - Office of General CounselShawn Smith – Assistant Vice Provost, Scholarship and Financial AidDavid O’Ferrell – Director, PayrollKashal Dasgupta - Associate Vice Chancellor, Advancement ServicesSharon Loosman – Director, Materials Management

Contact Information:For further information, questions, or updates to the Red Flag Program contact Charles Cansler.

References and Forms:NC State Identity Theft Prevention Program – NCSU PRR 07.70.1FTC 16 CFR Part 313 - Gramm-Leach-Bliley Act - Privacy FTC 16 CFR Part 314

- Gramm-Leach-Bliley Act – Safeguarding Customer Information FTC 16 CFR Part 681 - Identity Theft Rules NC State Identity Theft Prevention Program Procedural GuideRed Flag Incident Report Form

If you would like a PDF copy of this training, visit the Controller’s Office website to retrieve a copy.

http://policies.ncsu.edu/regulation/reg-07-70-01

http://www.ftc.gov/policy/federal-register-notices/privacy-consumer-financial-information-16-cfr-part-313

http://www.ftc.gov/os/2000/05/65fr33645.pdf

http://www.ftc.gov/policy/federal-register-notices/standards-safeguarding-customer-information-16-cfr-part-314-0

http://www.ftc.gov/os/2002/05/67fr36585.pdf

http://www.ftc.gov/policy/federal-register-notices/identity-theft-red-flags-and-address-discrepancies-under-fair-and

http://controller.ofa.ncsu.edu/red-flag/



Congratulations!You have completed the

Red Flag Training.

Thank you for taking this training module. Let’s all help prevent ID theft.

Red Flag Certificate of Completion

http://controller.ofa.ncsu.edu/red-flag/red-flag-online-training/red-flag-certificate/