Fair and Accurate Credit Transactions Act

The Fair and Accurate Credit Transactions
Act of 2003 is a United States federal law, passed by the United States Congress on November
22, 2003, and signed by President George W. Bush on December 4, 2003, as an amendment
to the Fair Credit Reporting Act. The act allows consumers to request and obtain
a free credit report once every twelve months from each of the three nationwide consumer
credit reporting companies. In cooperation with the Federal Trade Commission,
the three major credit reporting agencies set up the website, AnnualCreditReport.com,
to provide free access to annual credit reports. The act also contains provisions to help reduce
identity theft, such as the ability for individuals to place alerts on their credit histories
if identity theft is suspected, or if deploying overseas in the military, thereby making fraudulent
applications for credit more difficult. Further, it requires secure disposal of consumer
information. Provisions
The FACT Act contains seven major titles: Identity Theft Prevention and Credit History
Restoration, Improvements in Use of and Consumer Access to Credit Information, Enhancing the
Accuracy of Consumer Report Information, Limiting the Use and Sharing of Medical Information
in the Financial System, Financial Literacy and Education Improvement, Protecting Employee
Misconduct Investigations, and Relation to State Laws. Identity Theft Prevention and Credit History
Restoration This title of the act contains provisions
that deal mainly with the prevention of identity theft. In particular, it establishes new regulations
concerning ‘fraud alerts’ and ‘active duty alerts’, establishes new limitations on the
printing of customers’ credit card numbers on receipts, and prescribes that new regulations
be established by certain government agencies regarding the detection of identity theft
by financial institutions and creditors. Fraud alerts
The title requires that consumer reporting agencies, upon the request of a consumer who
believes he is or about to be a victim of fraud or any other related crime, must place
a fraud alert on that consumer’s file for at least 90 days, and notify all other consumer
reporting agencies of the fraud alert. Furthermore, such consumer may request an
extended fraud alert, in which case requires the reporting agency to disclose this fraud
alert in any credit score that it issues for the consumer during a seven-year period. An extended alert also requires the reporting
agency to exclude the consumer from any list distributed to third parties for the purpose
of extending credit or offering insurance to that consumer. The title also provides for any active duty
member to request an active duty alert, which requires the reporting agency to disclose
such alert with any credit report issued within 12 months of the request and to exclude the
active duty member from any list distributed to third parties for the purpose of extending
credit or offering insurance for two years from the request. Truncation of credit and debit card numbers
The act also prohibits businesses from printing more than 5 digits of any customer’s card
number or card expiration date on any receipt provided to the cardholder at the point of
sale or transaction. This provision is enforced with statutory
damages ranging from $100 to $1000 per violation, and when claims are aggregated in a class
action the amount of damages can be massive. The provision excludes receipts that are handwritten
or imprinted, where the only method of recording the credit card number is by such means. The act did not become effective for three
years after its enactment for any cash register manufactured before January 1, 2005 and did
not become effective for one year after its enactment for any cash register manufactured
after January 1, 2005. Identification of possible identity theft
The act established the Red Flags Rule, which required the Federal banking agencies, the
National Credit Union Administration, and the Federal Trade Commission to jointly create
regulations regarding identity theft prevention applicable to financial institutions and creditors. The Red Flags Rule also address how card issuers
must respond to changes of address. Regulations that were established as a result
include: One that requires financial institutions or
creditors to develop and implement an Identity Theft Prevention Program in connection with
both new and existing accounts. The Program must include reasonable policies
and procedures for detecting, preventing, and mitigating identity theft;
Another that requires users of consumer reports to respond to Notices of Address Discrepancies
that they receive; and A third that places special requirements on
issuers of debit or credit cards to assess the validity of a change of address if they
receive notification of a change of address for a consumer’s debit or credit card account
and, within a short period of time afterward they receive a request for an additional or
replacement card for the same account. Another key item was the requirement that
mortgage lenders provide consumers with a Credit Disclosure Notice that included their
credit scores, range of scores, credit bureaus, scoring models, and factors affecting their
scores. This form is typically available from credit
reporting agencies, and many will send this directly to the consumer on the lenders’ behalf. Confusion with the scope of the Red Flags
rule Financial institutions faced a mandatory deadline
of November 1, 2008, to comply with the Red Flags Rule, section 114 and 315 of the Fair
and Accurate Credit Transactions Act. However, due to widespread confusion over
coverage under the act, specifically whether the term “creditor” applies to particular
businesses, members of Congress have repeatedly requested that FTC postpone the deadline for
compliance with Section 315 until after December 31, 2010. According to a Business Alert issued by the
Federal Trade Commission in June 2008, the Red Flags Rule apply to a very broad list
of businesses including “financial institutions” and “creditors” with “covered accounts”. A “creditor” is defined to include “lenders
such as banks, finance companies, automobile dealers, mortgage brokers, utility companies
and telecommunications companies”. However, this is not an all-inclusive list. The regulations apply to all businesses that
have “covered accounts”. A “covered account” includes any account for
which there is a foreseeable risk of identity theft. For example, credit cards, monthly billed
accounts like utility bills or cell phone bills, social security numbers, drivers license
numbers, medical insurance accounts, and many others. This significantly expands the definition
to include all companies, regardless of size, that maintain, or otherwise possess, consumer
information for a business purpose. Because of the broad definitions in these
regulations, few businesses will be able to escape these requirements. Protection and restoration of identity theft
victim credit history Summary of rights of identity theft victims
Provisions in this title require that the Federal Trade Commission, in consultation
with the Federal banking agencies and the National Credit Union Agency, “prepare a model
summary of the rights of consumers … with respect to the procedures for remedying the
effects of fraud or identity theft…”. Beginning sixty days after the summary of
these rights were established, all reporting agencies are required to provide a copy of
this summary to any consumer that contacts an agency and states that he believes he has
been a victim of fraud or identity theft. Blocking of information resulting from identity
theft The Act also allows requires any reporting
agency to block the reporting of any information in a consumer’s file that the consumer identifies
as information that originated from an alleged identity theft. Such agency must block the information within
four days of receiving proof, a copy of an identity theft report, the identification
of the information by the consumer, and a statement from the consumer that the information
is not a result of any transaction he participated in. Agencies are not required to block any information
in the case that the block was found to be made in error or based on erroneous information
as provided by the consumer, or that the consumer “obtained possession of goods, services, or
money as a result of the blocked transaction or transactions. Coordination of identity theft complaint investigations
This section requires that all consumer reporting agencies develop a means of communicating
to each other consumer complaints regarding fraud or identity theft, or requests for fraud
alerts or blocks. Furthermore, the section requires that each
consumer reporting agency release a report each year to the Federal Trade Commission
of fraud alert requests and complaints involving fraud or identity theft received by the reporting
agency. Finally, the section requires the Federal
Trade Commission to set up a means by which consumers can contact the reporting agencies
and creditors with a complaint involving identity theft or fraud. Criticism
After its enactment, some consumer advocacy groups criticised the FACT Act claiming that
it preempts some stricter and already-existing state regulations, and provides exceptions
that are ‘far too generous’ to new regulations regarding disclosure of personal information
by banks as found in the act. Furthermore, an article in the Washington
Post criticised the difficulty in retrieiving the credit reports in some of the states that
were first eligible under the act. Pre-emption of state laws
Vermont, Colorado, Georgia, Maine, Maryland, Massachusetts, New Jersey, and California
had all established laws by 1994 requiring credit bureaus to provide a free credit report
on demand. However, according to U.S. Pirg, “[w]ith the
FACT Act, the financial industry won its primary goal: permanent pre emption of stronger state
credit and privacy laws.”. Specifically, state laws are preempted in
certain areas, such as the content of a consumer report, the responsibilities of “furnishers”,
responses of consumer reporting agencies to disputes over inaccurate information, and
duties of those who take an adverse action based on a report. Difficulty in obtaining credit reports
An article dated March 13, 2005 and published in the Washington Post stated that while “[r]esidents
of six East Coast states—Maryland, Georgia, Maine, Massachusetts, New Jersey and Vermont—are
already eligible for free reports from all three agencies as a result of state laws”,
the phone numbers provided to request these reports connected to automated systems that
the article described as “maddening in their complexity and unforgiving if your circumstances
vary from the system’s programming.”. Furthermore, the article criticised automated
systems for forcing consumers to “navigate a thicket of recorded information — including
sales pitches for their products, such as a credit ‘score’ or a ‘monitoring’ service
to help guard against identity theft”. The Red Flag rule as a cause of identity theft
As the Red Flag rule widely defines creditors, many businesses are now required to collect
personal information that they do not need and have no use for. This policy is precisely contrary to the FTC’s
advice to consumers that they should disclose their social security number to companies
only when absolutely necessary. This aspect of the Red Flag rule has the unintended
consequences of increasing the number of businesses that hold consumers’ Social Security numbers,
thereby putting consumers at greater risk for identity theft through data theft. See also References External links
White House press release Full text of the “Fair and Accurate Credit
Transactions Act of 2003” Federal Register, Vol 72. No. 217, Friday, November 9, 2007, Rules and
Regulations. pp 63718–63775.

Leave a Reply

Your email address will not be published. Required fields are marked *