New Federal Rules Require "Creditors" to Implement Rules to Detect and Limit Possible Identity Theft
In January 2008, the Federal Trade Commission issued regulations implementing the Fair and Accurate Credit Transactions Act of 2003 (“FACTA”). FACTA requires businesses that have consumer accounts or other accounts where there is a possibility of identity theft, to develop and implement a program to detect, prevent, and mitigate possible identity theft relating to those accounts. The regulations are broadly written to include businesses such as doctors’ offices, landlords and other businesses that provide goods or services on credit. Businesses that extend credit, or rely on credit reports on consumers, are likely to be covered. The regulations went into effect in May 2009.
FACTA programs are intended to have businesses identify “red flags” that might indicate when someone is attempting to engage in identity theft. These red flags can include: someone presenting a driver’s license or other identity document that appears altered or forged; suspicious change of address forms; customer reports of being billed for services or goods that were never ordered; or mail sent to the customer’s address repeatedly returned as undeliverable. The FACTA program then outlines how the business must respond when a red flag appears.
Fortunately, the FACTA regulations allow for flexibility. Larger businesses will need more elaborate programs, while smaller businesses can comply with simpler programs. Penalties for noncompliance can be up to $10,000 per violation. There is also potential for civil liability to someone whose identity has been stolen and no FACTA program was in place. If you would like to receive more information on this topic, please contact Ned Dorsey at esd@santen-hughes.com.