FACTA, Regulations for Businesses in The Financial Sector
October 25, 2021 | 5 minutes read
The Fair and Accurate Credit Transactions Act of 2003 or the FACTA for short is a federal law that was passed in 2003. The Fair and Accurate Credit Transactions Act was enacted to amend The Fair Credit Reporting Act or FCRA which was passed in 1970, as well as the Consumer Credit Reporting Reform Act or CCRRA which was passed in 1996. One of the reasons why the FCRA needed to be amended was the level of technological advancement that took place in the decades since the law was passed in 1970, as the FCRA was passed largely in the context of paper documents and records. As such, the FACTA was passed to provide American consumers with enhanced protections in regard to their financial records, particularly as it relates to identity theft.
Why was the FACTA needed?
The Fair and Accurate Credit Transactions Act of 2003 was passed to reform the ways in which the information of American consumers was protected. More specifically, a rise in identity theft in the years leading up to 2003. As internet fraud and cyber theft were not a threat when the FCRA was passed in 1970, new legislation needed to be passed to address newfound issues that American consumers were experiencing at the time. To illustrate this point further, the FACTA greatly increased the level of oversight that financial regulators, payment processors, and lenders must provide to American consumers when looking to identify fraudulent or suspicious transactions. Alternatively, the FACTA also gave American consumers the ability to register for fraud alerts on their own credit cards, while also prohibiting financial institutions from printing the expiration date of a consumer’s credit card on receipts for transactions, allowing citizens to take a more proactive approach to combat identity theft and fraud.
On the other end of the spectrum, the FACTA also allowed American consumers to take advantage of the advancement in internet technology and communication for beneficial means. The greatest example of this is a provision in FACTA that allows consumers to receive free access to their credit reports once a year through the online website www.annualcreditreport.com. As such websites did not exist when the FCRA was passed in 1970, the FACTA provided American citizens with the ability to access their credit reports from the comfort of their own homes. Additionally, the FACTA also placed new requirements on mortgage lenders around the country, mandating that said mortgage companies disclose the factors that influenced their decision to approve or deny an American citizen a loan, such as their credit history or score.
Moreover, the FACTA implemented a variety of new rules and regulations for financial institutions and services providers. Perhaps the greatest example of these new regulations and rules was the creation of “Red Flag Rules”. Under the FACTA, Red Flag Rules mandated that major credit card companies and financial institutions both implement and maintain identity theft prevention programs for the purposes of helping American consumers detect and ultimately contend with identity theft. For instance, the FACTA required issuers of debit and credit cards to take additional steps to validate and confirm changes that were made to a customer’s address in an effort to cut down on fraudulent activity.
What are the penalties for violating the FACTA?
Lenders, issuers of credit and debit cards, and financial institutions who violate the provisions of the FACTA are subject to a litany of administrative, monetary, and criminal punishments as it relates to non-compliance with the law. The is enforced by the Federal Trade Commission or FTC, and the FTC has the authority to impose the following penalties in regard to individuals and agencies who are found to be in noncompliance with the law:
- Federal enforcement of up to $2,500 for each individual violation.
- State enforcement of up to $1,000 for each individual violation.
- Civil liability of up to $1,000 for each violation, as well as full recovery from all statutory damages for each consumer affected by said violations.
- Class actions lawsuits that can total up to $1,000 for each affected consumer, as well as court or lawyer-related costs that were incurred.
To provide an example of the severity of the fines that can be levied against individuals and organizations as a result of the FACTA, Laboratory Corporation of America Holdings, or LabCorp for short was forced to pay $11 million in a preliminary settlement in 2015 for including the expiration date of credit cards on receipts they provided to their customers. Conversely, popular airline service Spirit Airlines was also forced to pay $7.5 million in a preliminary settlement in 2015, for failing to remove the first seven digits of customers’ debit and credit card numbers on receipts they provided to said customers. Both of these cases illustrate the potential severity that can result from violations of the FACTA, as even companies who are not financial institutions or lenders must also maintain compliance at all times.
As identity theft was a relatively new threat to consumers in 2003, the FACTA was passed to amend the Fair Credit Reporting Act by providing American citizens with more protection over the forms of personal information they share with lenders and other financial institutions. As many of the provisions and stipulations have become commonplace in 2021, such as ensuring that customers confirm when they have changed their physical or mailing address, these regulations were nevertheless very groundbreaking at the time. As identity theft has only grown in prominence and scope since the FACTA was passed in 2003, the law undoubtedly came at a much-needed time in American history. Through the FACTA, American citizens have some avenue of recourse when it comes to protecting their financial information and in turn, privacy and security.