The Fair and Accurate Credit Transactions Act (FACTA) contains multiple provisions to help limit identity theft ranging from consumers having the ability to place fraud alerts on their credit history to financial institutions and creditors being required to dispose consumer information securely.
Learn more in this video about FACTA’s formal definition and history, top reasons for why it was passed into law, FACTA’s provisions for preventing identity theft, a closer look at the Red Flags Rule, and most importantly whether or not FACTA applies to you.
Definition & History of the Fair and Accurate Credit Transactions Act
The Fair and Accurate Credit Transactions Act (FACTA) was passed in 2003 as an amendment to the Fair Credit Reporting Act.
FACTA allows consumers to request and obtain a free credit report once every 12 months. It also includes provisions to reduce identity theft such as the ability for individuals to place alerts on their credit histories.
Besides regulations for current consumer information, the FACTA Disposal Rule also requires businesses to take “reasonable measures” to prevent unauthorized access and misuse of consumer information during disposal.
Why FACTA Was Passed
FACTA was passed in order to improve:
- Identity theft prevention and credit history restoration
- Use of and consumer access to credit information
- Accuracy of consumer report information
- Protecting employee misconduct investigations
- Financial literacy and education
- Limiting the use and sharing of medical information in the financial system
FACTA contains several provisions that deal mainly with preventing identity theft.
Examples include regulations for fraud alerts when identity theft is suspected or limitations on the amount of information on credit and debit card receipts.
Identity Theft Prevention & Credit History Restoration
Fraud Alerts and Notifications
FACTA requires that consumer reporting agencies must place a fraud alert on a consumer’s file for at least 90 days and notify all other consumer reporting agencies if they are a victim of fraud.
An extended fraud alert can also be requested where the reporting agency is required to disclose this fraud alert in any credit score that it issues for the consumer during a seven-year period.
Truncation of Credit/Debit Card Numbers
Businesses are prohibited from printing more than five digits of a customer’s card number or expiration date on the receipts they provide to the cardholder at the point of sale or transaction.
Receipts, where the only method of recording the credit card number is it being handwritten or imprinted, are excluded however.
Penalties for noncompliance range from $100 to $1,000 per violation.
Identification of Possible ID Theft (Red Flags Rule)
The act established the Red Flags Rule with regulations for identity theft prevention as well as how card issuers must respond to address changes.
Regulations that were established as a result include:
- Financial institutions and creditors need to develop and implement an Identity Theft Prevention Program.
- Users of consumer reports need to respond to notices of address discrepancies that they receive
- Issuers of debit or credit cards need to assess the validity of a change of address if they receive notification of a change of address for a consumer’s credit/debit card account.
Protection & Restoration of Identity Theft Victim Credit History
Summary of Identity Theft Victim Rights
The Federal Trade Commission (FTC), in consultation with the Federal banking agencies and the National Credit Union Agency, is required to prepare a model summary of the rights of consumers in regard to the procedures for managing fraud or identity theft.
Starting 60 days after establishing the summary, all reporting agencies are required to provide a copy to any consumer that contacts an agency believing they’ve been a victim of fraud or identity theft.
Coordinating Identity Theft Complaint Investigations
All reporting agencies are required to develop a method for communicating with each other when it comes to reporting fraud and identity theft or requests for fraud alerts or blocks.
Agencies are required to release a report each year to the FTC about the fraud alert requests and fraud or identity theft complaints received by the reporting agency, and the FTC is required to set up a method for consumers to contact the reporting agencies and creditors with an identity theft or fraud complaint.
Blocking Information Resulting From Theft
All reporting agencies are required to block the reporting of any information in a consumer’s file that has been identified as information originating from an alleged identity theft.
The agency must block the information within four days of receiving proof, a copy of the identity theft report, the identification of the information by the consumer, and finally, a formal statement that the information is not a result of any transaction the consumer participated in.
Breaking Down the Red Flags Rule
Originally passed in 2008, the RACTA Red Flags Rule requires that all financial institutions and creditors implement a written program to detect, prevent, and mitigate identity theft during the opening or maintenance of “covered accounts.”
Types of covered accounts include retail brokerage accounts, credit card accounts, margin account, checking or savings accounts, and any other accounts with a reasonably foreseeable risk to customers or your firm from identity theft.
Elements of the Red Flags Rule
The Red Flags Rule sets out how businesses and organizations have to develop, implement and manage their Identity Theft Prevention Programs. The program needs to include four main elements that create a framework for addressing the threat of identity theft.
An Identity Theft Prevention Program is required to include four elements:
- Identify Relevant Red Flags—Identify likely business-specific identity theft red flags.
- Detect Red Flags—Define procedures to detect red flags in a day-to-day operations.
- Prevent and Mitigate Identity Theft—Prevent and mitigate harm if red flags are identified.
- Update Program—Maintain the red flag program and regularly make improvements.
The types of red flags to look out for are broken out into five categories:
- Suspicious documents
- Suspicious identifying information like a phone or address
- Suspicious activity or unusual use of a covered account
- Alerts, notifications, and warnings from a consumer reporting agency
- Notices from customers, victims, or law enforcement about possible identity theft
Penalties for FACTA Non-Compliance
In the event of any sort of compliant the FTC will conduct a FACTA compliance audit, and it anything is found to be amiss, there will be financial penalties including:
- Federal Penalties—$2,500 per individual violation
- State Penalties—$1,000 per individual violation
- Penalties After Regulatory Warning—$11,000 per violation
How to Tell If FACTA Applies to You
Do You Meet the “Creditor” Definition?
The FACTA Red Flags Rule applies to two different groups—financial institutions and creditors. A financial institution has a more specific definition—a state or national bank, a state or federal savings and loan association, a mutual savings bank, or a state or federal credit union.
The term creditor is more generally defined as any entity that regularly arranges, extends, and renews credit or regularly permits deferred payments for goods or services.
To determine whether or not you’re a creditor and if the FACTA Red Flags Rule applies to you, ask yourself the following questions:
Does the business or organization regularly…
- Grant or arrange credit?
- Defer payment for goods or services?
- Participate in decisions to see, extend, and renew credit terms?
If Yes to Any, Then Ask
Does the business or organization regularly…
- Request, receive, and use consumer reports regarding credit transactions?
- Turn in information to credit reporting agencies regarding credit transactions?
- Provide funds that must be later repaid, either using money or with collateral like pledged property?
If Yes, You’re a Creditor
You meet the definition of a creditor and FACTA applies to you.
If No, the Red Flags Rule Doesn’t Apply
You do not meet the definition of a creditor.
Is Your Records Management Compliant with FACTA?
Join Allstate Insurance, Kroger, Netflix, and countless other businesses and organizations that we’ve helped to create FACTA-Compliant records management strategies when you visit us at Record Nations.
Our professionals have been in the business for years and know the best practices for records storage and disposal techniques. Call us today at (866) 385-3706 or fill out the form for free quotes on your project.