Identity Theft Legislation: The Fair and Accurate Credit Transactions Act of 2003 and the Road Not Taken
Linnhoff, Stefan, Langenderfer, Jeff, The Journal of Consumer Affairs
This article provides a review of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) as it relates to the growing problem of identity theft. The article also examines other identity theft-related proposed legislation from the 108th Congress and analyzes the effectiveness of the proposed measures. The authors conclude that FACTA represents an important step toward reducing the incidence of identity theft as well as ameliorating the damage that it causes. However, unless and until Congress addresses the extensive use and distribution of Social Security numbers and the safeguarding of data, identity theft is likely to continue to wreak financial and social havoc.
In recent years, the number of identity theft victims has skyrocketed as has the economic and social cost of this now-prevalent crime, and although it is difficult to quantify its precise impact, there is little doubt that identity theft is growing in frequency and severity, exacting an enormous social and financial toll (FTC 2003a, 2003b, 2003c; GAO 2002; Lormel 2002).
Given the gargantuan costs of identity theft, lawmakers have not just fiddled while Rome burned. The Identity Theft and Assumption Deterrence Act (P.L. 105--318) was passed in 1998, making identity theft a federal crime, and the U.S. Patriot Act (P.L. 107--56), passed in the wake of the September 11th terrorist attacks, makes it more difficult for impersonators to open bank accounts. From the January 2003 start of the 108th Congress until this writing as of June 4, 2004, 24 bills were introduced that deal specifically with identity theft. Eventually emerging from the deluge of legislative efforts, Congress passed the Fair and Accurate Credit Transactions Act of 2003 (FACTA) (P.L. 108--159), a statute that makes permanent many uniform national standards for credit reporting as well as addressing identity theft problems at the federal level. This article provides a measure-by-measure analysis of the portions of the Act that address identity theft, as well as the many other legislative solutions that have been proposed to combat this particularly insidious consumer problem. We evaluate the extent to which each part of FACTA is likely to be effective in combating identity theft, and make similar evaluations about the bills that have yet to pass congressional muster. Of course, the article does not discuss every detail of the Act or of every bill. Instead, the major provisions and their likely effects are analyzed. Such an assembly of information enables a quick comparison between the route that U.S. legislators have chosen and the road not taken, with the alternatives not selected perhaps having as much effect on consumers as the statute that was actually passed.
THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT OF 2003 (P.L. 108--159)
Signed by President Bush on December 4, 2003, FACTA attacks identity theft on many fronts, including compulsory credit card number truncation on receipts, mandates to card issuers to investigate change of address and new card requests, fraud alert requirements by credit reporting agencies, mandatory blocking of identity theft-related information on credit reports, and free annual credit reports. The statute also requires credit reporting agencies to divulge consumer credit scores, provides for the improvement of the resolution process once identity theft has occurred, and includes several measures limiting the sharing of medical information in the financial system. The statute substantially improves the balance of power between identity thieves and consumers and addresses many of the most pressing concerns. Below we detail each of FACTA's major identity theft provisions.
Credit Reporting Agencies Required to Add a Fraud Alert on Request
FACTA requires credit reporting agencies to include a fraud alert in their files upon request by a consumer. A fraud alert is simply a statement that some information in the report may be based on identity theft. …