2019 was a landmark year for data breaches, with 4.1 billion records compromised in the first six months. The majority of the records were email addresses or passwords, but the security failures revealed how widespread and serious a cybersecurity breach could be.
Examples of recent and alarming data breaches that potentially endangered sensitive credit or financial data include the Capital One and Equifax breaches. Capital One, one of the largest credit card issuers, alerted 106 million customers that their personal data was illegally accessed and “about 100,000 Social Security numbers” were obtained. Equifax, one of the three credit bureaus, also disclosed in 2017 that the personal data of 147 million customers was exposed.
The Fair and Accurate Credit Transaction Act (FACTA) was created to address vulnerabilities such as these by improving practices for handling consumer data and enhancing protections for identity theft.
Table of Contents
Fairness and Accuracy in Credit Reporting
The bulk (3.2 million) of the 4.1 billion compromised records in the first half of 2019 came from only eight data breaches. When data protections fail, they potentially affect millions of consumers.
A single breach could put sensitive information into the hands of individuals who can use it for fraudulent purposes, potentially affecting a large number of consumers. Given the examples above, the importance of the Fair and Accurate Credit Transaction Act is clear. But what is the definition of the Act?
What Is the Fair and Accurate Credit Transaction Act?
The Fair and Accurate Credit Transaction Act is designed to protect consumers from identity theft. It sets regulations on how businesses and financial institutions should handle personal financial data to deter fraudulent use of consumers’ credit. It requires firms to safeguard a consumer’s private information, properly dispose of consumer data, and limit the ways consumer information can be shared.
History of FACTA
The Fair and Accurate Credit Transactions Act was signed into federal law in December 2003 as an amendment to the Fair Credit Reporting Act (FCRA). As financial institutions and commerce moved towards digital technologies, new protections were required to address data breaches and identity theft.
FACTA builds on the Fair Credit Reporting Act’s provisions for accurate credit reporting to add guidance on how businesses can detect and prevent identity theft. It also gives consumers expanded rights so they may monitor and protect their information from fraudulent use.
How Does FACTA Protect Consumers?
FACTA requires that credit reporting bureaus and financial institutions develop procedures to detect and prevent identity theft. Companies are required to address security vulnerabilities and change their procedures which may compromise sensitive consumer data, such as credit card account information, Social Security numbers, and bank data.
Before FACTA, consumers had limited access to their credit histories. Credit reports were only provided on certain occasions, such as if a credit application was denied. The Act gives consumers the ability to monitor and protect their credit information with simpler, no-cost options to access and manage their credit history information. FACTA expands consumer protections in several ways:
Detecting and Providing Alerts for Potential Fraud
If a company is compromised, it must notify the consumers of the security breach and provide solutions on how a consumer can safeguard their credit. In recent cases such as the Equifax breach, the FTC awarded affected consumers with free credit monitoring and identity theft protection services for up to 10 years. Affected parties also received cash payments for any losses from unauthorized activities or fees paid to attorneys or accountants to correct the fraud.
FACTA also provides individuals who suspect they may be victims of identity theft the right to set free credit alerts with the credit reporting bureaus. If someone applies for a loan or financing with their information, credit alerts deter fraudulent credit record use by requiring the creditor to contact the individual first to verify their identity and confirm the credit application is authorized.
To set a credit alert, contact one of the three credit bureaus (Equifax, Experian, or Transunion) via phone or by visiting the online fraud alert center. Ask them to place a fraud alert on your account. There are three types of fraud alerts available:
- A temporary fraud alert for one year;
- An active duty fraud alert of one year for military deployed overseas;
- An extended fraud victim alert of seven years if you can provide a valid identity theft report filed with a federal, state, or local law enforcement agency;
Once you file the fraud or credit alert, the credit bureau will notify the other two credit reporting bureaus on your behalf.
Restrictions on Credit Card Information on Receipts
Under FACTA, businesses can print no more than five digits of a credit card number on receipts to protect a customer’s account information. Paper receipts can be lost. Or a business may suffer a burglary and sales transactions could be accessed. Limiting how much credit card information someone is able to obtain protects consumers from unauthorized charges by an individual who has unauthorized access to the full credit card number.
Disposal of Consumer Data
The Act requires businesses and individuals to dispose of or destroy consumer data such as credit reports, insurance claims, medical documentation, and tenant history to avoid the information falling into the wrong hands. Besides large companies, individuals and professionals such as attorneys, car dealers, and employers must comply.
According to the Federal Trade Commission (FTC), large and small companies must dispose of consumer reports, although they are given flexibility on how to do so. The FTC recommends companies burn and shred paper documents and erase or destroy electronic data so it can’t be read or reconstructed.
Credit Monitoring
Consumers can order a free credit report once every 12 months to monitor their credit and watch for any unusual activity that may affect their credit history. To make the credit monitoring process simpler, the three credit bureaus worked with the FTC to create AnnualCreditReport.com so individuals can access their credit reports in one place.
If you want to dispute an error in the credit report, the FTC provides guidelines on how to submit a written dispute. The credit reporting companies must investigate your dispute within 30 days of the filing.
Protections Against Identity Theft
Identity theft victims have the right to receive a free annual credit report to watch for incorrect or fraudulent activity and request credit alerts or blocks from the credit bureaus. The Act requires credit bureaus and federal agencies to inform consumers of these rights, as well as warn consumers of potential identity theft. Once a consumer files a dispute showing the transactions are not theirs, credit reporting agencies must block any results of identity theft in a consumer’s file.
In 2012, the FTC conducted a study to measure the Act’s effectiveness when it comes to helping consumers. Participants disputed errors on their credit reports by following the FCRA dispute process. In the cases where modifications were made to the credit report after the dispute, “13% of consumers experienced a change in score due to their dispute,” and in 5% of the cases, the modification was significant — the errors on their credit report could have affected the likelihood of receiving credit.
Over 300,000 complaints of fraud, including identity and personal data breaches, were filed with the Internet Crime Complaint Center in 2017. The reported losses amounted to more than $1.4 billion. As digital fraud continues to be a big issue for consumers and companies alike, FACTA works to protect consumers and their credit against the growing problem of data and identity theft.
Image Source: https://depositphotos.com/
