FTC Issues Final Rules on FACTA Identity Theft Definitions, Active Duty Alert Duration, and Appropriate Proof of Identity
The Federal Trade Commission has issued its final rules under the Fair and Accurate Credit Transactions Act (FACTA) regarding further definition of the terms “identity theft” and “identity theft report”; the duration of active duty alerts; and the appropriate proof of identity needed by consumers to block fraudulent trade lines in their consumer reports, place or remove fraud or active duty alerts, or truncate their Social Security number in their file disclosures.
FACTA, which was enacted on December 4, 2003 and amends the Fair Credit Reporting Act (FCRA), enables identity theft victims to place “fraud alerts” on their credit files and work with creditors and credit bureaus to “block” information in their credit reports resulting from identity theft. FACTA also allows military personnel to place an alert on their credit file if they are deployed, and allows consumers to request that a credit bureau truncate their Social Security number on credit reports sent to the consumers.
The FTC’s final rule defines “identity theft” as a fraud that is committed or attempted, using a person’s identifying information without authority. The rule also states that “identifying information” should have the same meaning as “means of identification” in the federal criminal statute defining identity theft. Consumers need “identity theft reports” to place an extended fraud alert on their credit file and to block information resulting from identity theft from appearing in their credit files. To prevent misuse of identity theft reports for credit repair scams, the FTC’s rule requires that consumers allege the identity theft with as much specificity as possible and enables credit bureaus or creditors to request, with certain limitations, reasonable additional information to help them determine if identity theft actually occurred.
FACTA directs the FTC to determine the duration of active duty alerts for military personnel, but sets a minimum of 12 months. The FTC’s final rule maintains the duration of the alerts at 12 months, stating that this would cover the time period for which most service members are deployed. Military personnel who receive extended deployments may place another active duty alert in their file after the first alert expires.
Finally, the final rule addresses the “appropriate proof of identity” needed to block fraudulent information on a consumer’s credit report, place or remove a fraud alert, or truncate consumers’ Social Security numbers in their file disclosures. The rule requires the credit reporting agencies to develop “reasonable requirements” to ensure, at a minimum, that consumers are matched with their files. The FTC’s rule recommends that the “requirements” for a file match include the consumer’s full name, current or recent full address, full Social Security number, and/or date of birth; and for additional proof of identity, copies of government-issued identification documents, utility bills, and other authentication methods such as answering questions only the consumer would know.
The Commission vote approving the final rules was 5-0.
Copies of the Federal Register notice are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent identity theft and fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid these problems. To file a fraud complaint, or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1 877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.