Fair Credit Reporting Act

Fair Credit Reporting Act
• You must be told if information in your file has been used
against you
• You can find out what is in your file
• You can dispute inaccurate information with the Credit
Reporting Agency
• Inaccurate information must be corrected or deleted.
– However, the CRA is not required to remove accurate data from
your file unless it is outdated (as described below) or cannot be
• You can dispute inaccurate items with the source of the
• Outdated information may not be reported (7 years for
derogatory information, 10 years for bankruptcy)
• Access to your file is limited
– Only to people with a need recognized by the FCRA—
usually to consider an application with a creditor,
insurer, employer, landlord or other business
• Your consent is required for reports that are
provided to employers, or reports that contain
medical information
• You may choose to exclude your name from CRA
lists for unsolicited credit and insurance offers.
• You may seek damages from violators
Changes to the FCRA made in 2003
• One Call Fraud Alerts (credit bureau called has to alert the other
– Any consumer can request a fraud alert for 90 days or an extended
alert for 7 years
• Alert must be included with a credit report and with the delivery of the credit
• Users of reports and scores cannot issue new credit line or extension of credit
or higher credit limit unless call the consumer to verify.
• Trade Line Blocking—block trade lines when consumer provides an
identity theft report that has been filed with law enforcement
• Business records disclosure—if have police report, ID theft victim
can get copies of reports from businesses where a thief opened an
account to help clear their names
• Red Flag Guidelines for new accounts and change of address
• Credit card number truncation on consumer reports
Social security number truncation
Prohibits sale or collection of ID theft debts
Debt collector notice requirement – third party debt collectors
Prevention of repollution—creditors must have policies to prevent
refurnishing information arising from ID theft
Annual free credit reports within 15 days of request
Reinvestigations—CRA have 45 days to reinvestigate disputed items
resulting from free credit report request
Credit Bureaus must provide credit scores
Mortgage lenders must provide credit scores
Notification of address discrepancy
One-time written notification by financial institution to consumer
that negative information will be sent to credit bureau
• Disposal of consumer information and records
containing consumer information
• Medical information in a consumer report must be
coded to obscure specific health care provider and the
nature of medical services provided
• Statute of limitations extended—can sue up to two
years following discovery or five years following date of
violation, whichever is earlier
• Requires that users of credit reports have a
“permissible purpose” to obtain them and CRAs should
maintain security and integrity of consumer files and
allows consumers to limit certain uses of their reports
• Stronger opt-out for prescreening based on
credit report information –prescreened offers
must have phone number to opt out of such
offers in easy to understand format
• Established a financial literacy education
Red Flag Rules
• Delayed several times; most recent delay expired Jan 2011
• Anti-fraud regulation requiring creditors and financial
institutions to identify, detect and respond to warning signs
that could indicate ID theft
• Process to detect
Discrepancies in address history
Fraud alerts on credit reports
Suspicious use of SSNs
Inactive accounts that suddenly become active
Credit-freeze notifications
Credit reports with suspicious activity patterns
Notices from ID theft victims or law enforcement
Red Flag Program Clarification Act
• Effective December 2010
• Specified that the rules would apply to
institutions that are involved in credit
transactions as a part of their business; this
eliminated such entities as health care
providers, etc. who provide service and then
are paid later.