Home Choosing A Lawyer Hot Topics Articles

Credit Reporting
Choosing A Lawyer Hot Topics Articles


Mortgage Crisis & FHA
Predatory Lending
Right of Rescission
Financial Privacy
Credit Reporting
YSPs and Broker Fees



The Fair Credit Reporting Act (FCRA) was amended in significant ways by Fair and Accurate Credit Transactions Act of 2003 (FACTA.) The thrust of the FACTA amendments was to protect consumers from being damaged by identity theft and the derogatory credit marks which result from identity theft.  FACTA Section 154, discussed as item 3 below, is of particular concern to lenders, since it allows Credit Reporting Agencies to decide the validity of an identity theft claim, and bar a creditor from selling, transferring or placing for collection, a debt found to be the result of identity theft.  Many of the provisions became effective on December 1, 2004. Others took effect on December 31, 2003 and March 31, 2004.  Still others required the promulgation of regulations and will become effective as soon as the regulations that implement the statute take effect.  When the necessary regulations are completed, the agencies will assign compliance dates.  

(Note that many FACTA provisions impose duties on credit reporting agencies and governmental agencies, change definitions and relate to the effects of separate state enactments.  Most of these provisions are not discussed here.  Likewise, the general operation of the FCRA is not discussed here.) 


FACTA changes which took effect on December 1, 2004 or before include: 

1)  The Fraud and Credit Report Alert Requirements.  This regulation requires Consumer Reporting Agencies (CRAs) to insert an Initial Alert, an Extended Alert, or an Active Duty Alert in a consumer’s credit report when the consumer meets certain regulations as to making a report and proving the consumer’s own identity.  The statute goes on to require that users of a consumer credit report which contains an Initial Alert, or an Active Duty Alert, such as lenders, shall not establish a new credit plan, or an extension of credit in the name of the consumer (other than on an existing open ended credit plan), or grant an additional card or an increase in credit limit on an existing account unless the creditor utilizes reasonable policies and procedures to form a reasonable belief that the creditor knows the identity of the person making the request.  (FACTA § 112, 15 U.S.C. § 1681c-1.)  If the consumer who requested the alert specified a telephone number to be used for identity verification purposes, the creditor shall contact the consumer using that telephone number or take reasonable steps to verify the consumer’s identity and confirm that the application for a new credit plan is not the result of identity theft.

Where the consumer has requested and been granted an Extended Alert, that alert shall give notice that the consumer does not authorize the establishment of any new credit plan or extension of credit as described above, other than on an existing open ended credit plan, unless the creditor contacts the consumer in person or contacts the consumer through a telephone number or other method specified by the consumer in the extended alert.


2)  Blocking of Information Resulting from Identity Theft.  Section 152, 15 U.S.C. § 1681c-2, applies to CRAs and requires blocking of information such as defaults on credit obtained as a result of identity theft.  No duties for lenders are contained in this section.  (But see Section 154.)


3)  Prevention of Repollution of Consumer Reports.  Section 154, 15 U.S.C. § 1681s-2(a) requires that furnishers of credit information (creditors reporting to CRA's) shall have in place reasonable procedures to respond to a notification from a CRA that it has blocked information which had been placed on the credit report as a result of identity theft.  These regulations shall prevent that furnisher from refurnishing the blocked information.  In addition, if the consumer submits an identity theft report to a furnisher of credit information, then the furnisher shall not furnish that information to a CRA unless the furnisher subsequently knows or is informed by the consumer that the information is correct.  This is significant because if a creditor received what it believed was a false report that an unpaid account was the result of identity theft, if the CRA blocked the information, the creditor could not report it in the future.  If the report came from the consumer, but the CRA did not block it, the creditor could only report it in the future if the creditor “knows” that the information is correct, or if the consumer informed the creditor that the information is correct. 

In what is probably the most significant element of the FACTA amendments for creditors, Section 154 goes on to amend 15 U.S.C. § 1681m to provide that where the CRA blocks reporting of a charge on the credit report as a result of an identity theft report, the creditor is prohibited from selling, transferring or placing for collection the debt reported to the lender by the CRA as being the result of identity theft.  (Section 1681m(f).)  This provision is significant because it gives the CRA the final decision on whether the debt is valid.  The creditor can submit more information and request that the CRA rescind its decision under Section 1681c-2(c).  However, if the CRA refuses, the creditor apparently has no recourse.  Disputes about the validity of an identity theft report are common in scenarios such as a divorced or estranged unmarried couple, where credit obtained in one person's name is claimed to have been procured by the other partner, without the person's knowledge or permission.  The CRA may have no way to discover that the couple are still residing or doing business together, making the validity of the identity theft claim doubtful.  The statute is silent regarding whether the creditor could foreclose on or repossess property given as security for such a debt, or whether a court could compel the CRA to remove the identity theft block.  Note however, that a loan subject to an identity theft credit report block can still be securitized or pledged as collateral as a part of a portfolio.


4)  Disclosure of Credit Scores.  Section 212(c), 15 U.S.C. § 1681g(g), requires where a consumer credit score is used by a mortgage lender in connection with an application by a consumer for a closed end loan or an open end loan for a consumer purpose that is secured by 1 to 4 units of residential real property, that the lender must supply to the consumer, as soon as is reasonably practicable, the current or most recent credit score calculated by the CRA for a purpose related to the extension of credit, the range of possible scores, all key factors that adversely affected the credit score (up to a maximum of 4 factors), the date on which the credit score was created and the name of the person or entity that provided the credit score or the file upon which the credit score was created.  In addition, the lender must give this notice to the consumer:


   "In connection with your application for a home loan, the lender must disclose to you the score that a consumer reporting agency distributed to users and the lender used in connection with your home loan, and the key factors affecting your credit scores.

   "The credit score is a computer generated summary calculated at the time of the request and based on information that a consumer reporting agency or lender has on file. The scores are based on data about your credit history and payment patterns. Credit scores are important because they are used to assist the lender in determining whether you will obtain a loan. They may also be used to determine what interest rate you may be offered on the mortgage. Credit scores can change over time, depending on your conduct, how your credit history and payment patterns change, and how credit scoring technologies change.

   "Because the score is based on information in your credit history, it is very important that you review the credit-related information that is being furnished to make sure it is accurate. Credit records may vary from one company to another.

   "If you have questions about your credit score or the credit information that is furnished to you, contact the consumer reporting agency at the address and telephone number provided with this notice, or contact the lender, if the lender developed or generated the credit score. The consumer reporting agency plays no part in the decision to take any action on the loan application and is unable to provide you with specific reasons for the decision on a loan application.

   "If you have questions concerning the terms of the loan, contact the lender."


5)  Requirement to Disclose Communications to a Consumer Reporting Agency. Section 217(a), 15 U.S.C. § 1681s-2, requires that either before, or within 30 days after, furnishing negative information to a CRA, the furnisher must give notice to the consumer.  This may be given in a regular monthly statement or in a notice of default.  Notice given in the initial TILA disclosure will not suffice.  The model clause for pre-communication notice reads:

“We may report information about your account to credit bureaus. Late payments, missed payments, or other defaults on your account may be reflected in your credit report.”

The model clause for post-communication notice reads:  “We have told a credit bureau about a late payment, missed payment or other default on your account. This information may be reflected in your credit report.” 


6)  Risk Based Pricing Notices.  Section 311, 15 U.S.C. § 1681m.  This provision becomes effective December 1, 2004, but these provisions are only enforceable by certain Federal agencies (i.e., no private right of consumer to sue.)  Since the FTC and the Federal Reserve Board will establish parameters for compliance, including the requirements for consumer notice, the date of compliance with these standards will be set out.  This joint pronouncement by letter from the various Federal agencies does not clarify what they mean by “effective December 1, 2004.”  Basically this is another species of the credit denial letter.  This notice must be given when, even though credit was not denied, when a lender, on the basis of a consumer credit report offers credit to the consumer “on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers” from or through the lender.  For example, if many HELOC customers are getting 1% below prime as their margin on the HELOC and a person with spotty credit on the CRA report is offered 1% above prime, this notice would have to be sent.  No notice shall be required from under this subsection if the consumer applied for specific material terms and was granted those terms, unless those terms were initially specified by the person after the transaction was initiated by the consumer and after the person obtained a consumer report; or if a notice of denial is being sent.  This latter exception would apply, for example, if the consumer applied for a prime minus one HELOC and was offered a prime plus 1 HELOC and declined.  Then the normal letter when a person was declined for credit reasons would be sent, but not this new notice.  It does not appear that this will be enforced until a regulation setting out the notice which must be sent is completed.


The FACTA requirements for safe Disposal of consumer information became effective on June 1, 2005, after the promulgation of 16 CFR 682.3 by the FTC.  This section spells out the disposal requirements as follows: 

  § 682.3 Proper disposal of consumer information.  (a) Standard. Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.  (b) Examples. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal include the following examples. These examples are illustrative only and are not exclusive or exhaustive methods for complying with the rule in this part.

 (1) Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.

 (2) Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed.

 (3) After due diligence, entering into and monitoring compliance with a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule. In this context, due diligence could include reviewing an independent audit of the disposal company's operations and/or its compliance with this rule, obtaining information about the disposal company from several references or other reliable sources, requiring that the disposal company be certified by a recognized trade association or similar third party, reviewing and evaluating the disposal company's information security policies or procedures, or taking other appropriate measures to determine the competency and integrity of the potential disposal company.

 (4) For persons or entities who maintain or otherwise possess consumer information through their provision of services directly to a person subject to this part, implementing and monitoring compliance with policies and procedures that protect against unauthorized or unintentional disposal of consumer information, and disposing of such information in accordance with examples (b)(1) and (2) of this section.

 (5) For persons subject to the Gramm-Leach-Bliley Act, 15 U.S.C. 6081 et seq., and the Federal Trade Commission's Standards for Safeguarding Customer Information, 16 CFR part 314 ("Safeguards Rule"), incorporating the proper disposal of consumer information as required by this rule into the information security program required by the Safeguards Rule.

Information Request Form

Select the items that apply, and then let us know how to contact you.

Please contact me at the email address set out below
Please respond to my question sent by email to mimfeld@MDI-Law.com
Please call me at the telephone number set out below



Home ] Up ]