On Nov. 5, 2003, the U.S. Senate reauthorized the Fair Credit Reporting Act (FCRA) by a vote of 95 to two, with the House quickly following suit. Following the vote, Congress further clarified the parameters of the act by deciding in early December that the FCRA would pre-empt all state laws, regardless of whether they were more or less strict than the FCRA, and would actually prevent states from enacting stricter measures. This made some state lawmakers--especially those in California--furious, since California is one of several states which does not feel it will benefit from this new legislation. On the other hand, there are many states that will benefit from the revised law, which Congress has renamed "The Fair and Accurate Credit Transactions Act" (FACT Act). To understand this discrepancy, let's review the act's primary concepts.
The FACT Act attempts to prevent identity theft by allowing consumers to report the fraud to only one credit bureau. The credit bureaus will then be required to communicate with each other and notify the other two of the fraud. This is important, because many consumers only report fraud to one bureau, and therefore only get a fraud alert with that particular bureau, allowing the thieves to still have a chance of obtaining credit through companies that pull their credit reports through one of the other bureaus. The credit bureaus will also be required to place a fraud alert on the consumer's file for no fewer than 90 days, unless the consumer requests that it be removed earlier. The consumer can request that this fraud alert remain on their file for up to seven years; however, the consumer must be excluded from lists provided to credit grantors for the first five years, unless the victim requests to be included in those lists.
Fraud victims would also be entitled to two free credit reports during the year the identity theft occurred. Credit grantors would be required to contact a consumer by phone or some other reasonable measure before granting new credit when there is a fraud alert on their file. California state law offered even more protection in this particular area, requiring that the consumer be contacted by phone only, which gives the credit card companies less room to maneuver when granting credit.
Under the FACT Act, credit bureaus would be required to block information that was a result of fraud from appearing on a consumer's credit report. The act goes an extra step in that it also forbids credit bureaus from letting previously blocked information reappear on the consumer's report. This is important, because many creditors still update the consumer's report with delinquencies that were a result of fraud. The credit bureaus are now required to enact measures that prevent this from happening.
Under older consumer-protection laws, employers were required to obtain an employee's permission before they could pull the person's credit report. This was interpreted to mean that an employee could not be investigated for anything, even misconduct, unless their permission was obtained first. The FACT Act makes exceptions to the permission requirement in cases where a federal law may have been violated or if there was employee misconduct, but the employee is still entitled to a summary of the findings if adverse action is taken against them as a result of the report pulled. Essentially, though, employees have lost all of their rights in this area, because an employer can claim almost anything as misconduct and pull the employee's report without consent.
All consumers will be entitled to one free credit report every year with information about their credit score and how it was derived. This is good and bad for consumers, because the credit bureaus are planning to outsource their consumer dispute divisions to other countries as a result of the increased expense of complying with this measure. Some fear that this will cause more fraud, since countries with less strict laws than our own will be handling our personal information, making it more probable that the information will get into the wrong hands. In this day and age, such a fear can lead people to imagine the worst type of nightmare scenarios: What if terrorists assume your identity to gain access into this country? The credit bureaus assure us that the outsource companies will have the same strict security measures in place as the divisions in the United States, but if the laws are not as strict in that particular country, the deterrent factor will not be there.
Consumers will be able to opt-out of pre-screened marketing lists, but will not be able to prevent their current creditors from sharing their information with affiliates. California state law gave consumers the right to prevent even the affiliates from getting the information, but the FACT Act's preemption provision has taken that protection away. The problem is that many of these companies have hundreds of affiliates with whom they can share your information, and you have no say in the matter.
The FACT Act also bars retailers from printing more than the last five digits of the credit card number on a receipt. This will prevent dumpster-divers from being able to order goods with your credit card numbers that appear on a discarded receipt. Retailers have until 2007 to comply with this new provision.
Consumers will also be able to request that credit bureaus abbreviate their social security number on their credit report.
Some will argue that consumers lose protection if they reside in a state that already has its own tough measures, while states with no consumer protection legislation win. I believe that all consumers ultimately win once the pros and cons of the act are weighed against one another. Overall, the FACT Act is a good law. It offers many more protections than its predecessor, and successfully achieves a balance between big-money lobbyist demands and inflexible, far-left consumer watchdog groups.
Edward Jamison, Esq. is a consumer credit attorney based in Los Angeles. He may be reached by phone at (310) 943-7820 or e-mail [email protected].