In the event University personnel detect any identified Red Flags, such personnel shall take appropriate steps, depending on the degree of the risk posed by the red flag. The steps include, but are not limited to the following:
- Continue to monitor a covered account for evidence of identity theft.
- Contact the customer.
- Change any passwords, security codes, or other security devices that permit access to a covered account.
- Reopen a covered account with a new account number.
- Not open a covered account.
- Close an existing covered account.
- Notify the Program Administrator for determination of the appropriate step(s) to take.
- Notify law enforcement.
- Determine that no response is warranted under the particular circumstances.