The Fair and Accurate Credit Transactions Act of 2003 refers to new sections that were added to the Fair Credit Reporting Act (FCRA, 15 U.S.C. 1681 et seq.) Also known as FACTA, or the FACT Act, this particular piece of legislation was designed to help consumers recover from identity theft. FACTA was intended to help consumers limit what information was shared by the businesses that they worked with, to help consumers ensure their credit records were accurate, and give consumers access to the information business is used in making a credit determination. FACTA is also meant to help consumers protect their privacy, especially with the addition of the Red Flags Rule.
Many of us know FACTA as the Free Credit Report Law. This is the law that allows us to obtain a copy of our credit report every year from each of the credit reporting agencies. Although these can be ordered online, the World Privacy Forum published a report in 2005 exposing hundreds of impostor web sites which claimed they would give you a free credit report, but were actually designed to market products to consumers for credit monitoring. Perhaps the best known today is freecreditreport.com, which advertises heavily on television. Additionally, the FTC published a consumer alert warning of sites that said they were offering a free credit report but we’re actually designed to steal personal information.
FACTA also provides a way to dispute information with the credit reporting agency if it is inaccurate. The process can be time consuming, though, since disputes can take 60 days or more to be resolved. And even enough the consumer removes inaccurate information from their credit report, collection agencies will often put the information back on.
FACTA also empowers consumers to put a fraud alert on their credit report which is meant to keep new accounts from being opened. However this is no guarantee. A fraud alert lasts only three months, and your credit report will not reflect the fact that you had a fraud alert once it is dropped. This means consumers need to renew their fraud alert every three months. This was the service Lifelock was selling, but eventually got in trouble for. A fraud alert for an active duty military person can last 12 months, and there is even an extended fraud alert that lasts for seven years.
But the biggest problem with a fraud alert is that a company does not have to pay any attention to it. In fact some companies will extend credit without even pulling a credit report, so they never see the fraud alert in the first place.
To protect consumers, FACTA requires “truncation” of credit cards, debit cards, and Social Security numbers. This means the entire number should not be visible. When you get a receipt from a store, for example, you should only see the last four or five digits of your card number on the receipt, and you should not see your expiration date at all. Keep in mind, however, that the copy the business owner keeps one can still have your entire credit card number on it to help them process the payment. So this particular piece is not terribly helpful.
Additionally, FACTA requires companies that collect your information to shred your information or burn it when they are done using it. Many shredding companies use this piece of information to build business for themselves. But even if your paperwork is shredded, there is no guarantee it is not on a computer somewhere in the corporate office. Most they’re breaches that have made the headlines lately reach back 30 or even 40 years when discussing who was compromised, and this is usually students, alumni, employees, or patients.
Finally, FACTA gives a victim of identity theft the right to obtain information from any company or business that has information about the identity thief. This means if an auto loan company takes an application from someone who says they are you, they have to give you a copy of the application. If they sold a car to the person, they have to provide to all of the sales documentation… receipts, waivers agreements etc. Many companies still think this is a violation of their policies, but Federal law supersedes their policies.
