Fair Credit Reporting Act • You must be told if information in your file has been used against you • You can find out what is in your file • You can dispute inaccurate information with the Credit Reporting Agency • Inaccurate information must be corrected or deleted. – However, the CRA is not required to remove accurate data from your file unless it is outdated (as described below) or cannot be verified. • You can dispute inaccurate items with the source of the information • Outdated information may not be reported (7 years for derogatory information, 10 years for bankruptcy) • Access to your file is limited – Only to people with a need recognized by the FCRA— usually to consider an application with a creditor, insurer, employer, landlord or other business • Your consent is required for reports that are provided to employers, or reports that contain medical information • You may choose to exclude your name from CRA lists for unsolicited credit and insurance offers. • You may seek damages from violators Changes to the FCRA made in 2003 • One Call Fraud Alerts (credit bureau called has to alert the other bureaus) – Any consumer can request a fraud alert for 90 days or an extended alert for 7 years • Alert must be included with a credit report and with the delivery of the credit score • Users of reports and scores cannot issue new credit line or extension of credit or higher credit limit unless call the consumer to verify. • Trade Line Blocking—block trade lines when consumer provides an identity theft report that has been filed with law enforcement • Business records disclosure—if have police report, ID theft victim can get copies of reports from businesses where a thief opened an account to help clear their names • Red Flag Guidelines for new accounts and change of address verification • Credit card number truncation on consumer reports • • • • • • • • • • Social security number truncation Prohibits sale or collection of ID theft debts Debt collector notice requirement – third party debt collectors Prevention of repollution—creditors must have policies to prevent refurnishing information arising from ID theft Annual free credit reports within 15 days of request Reinvestigations—CRA have 45 days to reinvestigate disputed items resulting from free credit report request Credit Bureaus must provide credit scores Mortgage lenders must provide credit scores Notification of address discrepancy One-time written notification by financial institution to consumer that negative information will be sent to credit bureau • Disposal of consumer information and records containing consumer information • Medical information in a consumer report must be coded to obscure specific health care provider and the nature of medical services provided • Statute of limitations extended—can sue up to two years following discovery or five years following date of violation, whichever is earlier • Requires that users of credit reports have a “permissible purpose” to obtain them and CRAs should maintain security and integrity of consumer files and allows consumers to limit certain uses of their reports • Stronger opt-out for prescreening based on credit report information –prescreened offers must have phone number to opt out of such offers in easy to understand format • Established a financial literacy education commission Red Flag Rules • Delayed several times; most recent delay expired Jan 2011 • Anti-fraud regulation requiring creditors and financial institutions to identify, detect and respond to warning signs that could indicate ID theft • Process to detect – – – – – – – Discrepancies in address history Fraud alerts on credit reports Suspicious use of SSNs Inactive accounts that suddenly become active Credit-freeze notifications Credit reports with suspicious activity patterns Notices from ID theft victims or law enforcement Red Flag Program Clarification Act • Effective December 2010 • Specified that the rules would apply to institutions that are involved in credit transactions as a part of their business; this eliminated such entities as health care providers, etc. who provide service and then are paid later.