What Is FACTA?

09 Jul What Is FACTA?

Identity theft is not a new problem in the United States but, unfortunately, it is a growing problem. FACTA is one tool designed to help safeguard consumers’ information from being vulnerable to identity theft.

So, what is FACTA? This blog post will answer that question, explain some of the provisions available to individual consumers, and provide information about how businesses can ensure they are complying with the law.

What Is the Fair and Accurate Credit Transactions Act?

The Fair and Accurate Credit Transactions Act, or “FACTA”, is a federal law designed to help combat identity theft, among other things. Enacted in 2003, FACTA added to the protections already in place for U.S. consumers under the Fair Credit Reporting Act (FCRA).

In addition to identity theft protections, FACTA also includes measures designed to improve the public’s financial literacy and education related to financial matters.

What Are Some of the Key Provisions of FACTA?

FACTA includes several requirements for businesses and provides consumers with certain tools to help them better manage their credit records. Some of the key provisions of FACTA include the following:

• Consumers have the right to obtain one free credit report each year from each of the three major credit reporting agencies (Equifax, Experian and Transunion).
• Individuals may place fraud alerts on their credit records. This can help limit or stop ongoing fraud.
• When an application for credit is denied (or approved under less favorable terms), lenders must provide the applicant with their credit score and a risk-based pricing notice.
• Businesses that accept credit or debit cards for payment must adhere to specific restrictions regarding the information printed on credit card receipts.
• Lenders, payment processors and regulators must adhere to the “Red Flags Rules” to proactively identify suspicious activity.

What Is the FACTA Disposal Rule?

In addition to the consumer protection provisions identified above, FACTA also includes a rule stating that any business that uses consumer reports for any purpose must dispose of the information in such a way that it cannot be reconstructed. The so-called “Disposal Rule” applies not only to credit reports and related information, but also to any type of personally identifiable information such as:

• Name
• Birthdate
• Social Security Number
• Credit or Debit Card Number
• Email Address
• Mailing Address
• Telephone Number
• Driver’s License or Passport Number

Businesses that violate any provision of FACTA, including the Disposal Rule, can face severe penalties.

Does FACTA Apply to My Business?

Certain provisions of FACTA — such as the Disposal Rule and the credit card receipt requirements — apply to businesses across industry lines. Other provisions apply only to businesses that meet the definitions of “Creditors” or “Financial Institutions.”

Generally, “Financial Institutions” are banks, credit unions, savings and loan associations, and mutual savings banks, whether charted under federal or state laws. “Creditors” are entities that regularly permit purchasers to defer payments or those that regularly arrange, extend or renew credit.

How Can Companies Remain in Compliance With FACTA?

Most companies regardless of industry have some compliance obligations under FACTA. If you are a business owner, this checklist can help ensure you have taken reasonable steps to comply with the law’s provisions.

• Do you have policies and procedures in place to address how personally identifiable information is captured, used, maintained and destroyed?
• Do you regularly provide training on FACTA requirements for new and existing employees and contractors?
• Does your document disposal plan also address digital/electronic media?
• If your business is a creditor, do you have procedures in place to comply with the risk-based pricing notice requirement?
• If you accept credit cards, do your transaction receipts comply with the truncation requirements in FACTA?

Frequently Asked Questions About FACTA

What is a FACTA receipt violation?

A FACTA receipt violation happens when a business prints too much credit or debit card information on an electronically generated receipt. Federal law allows only the last five digits of the card number to appear, and the expiration date must never be shown. Even if most of the card number is hidden with symbols, printing any digits beyond the final five is considered a violation. These rules apply to protect consumers from identity theft and misuse of financial data.

Does FACTA apply to online or digital receipts?

Yes. Although FACTA originally focused on paper receipts provided at the point of sale, courts have confirmed that the law also applies to electronically delivered receipts. This includes receipts sent by email after online purchases or digital transactions. Digital receipts must follow the same truncation requirements and cannot display expiration dates or excessive card digits.

What should I do if I find a non-compliant receipt?

If you receive a receipt that appears to violate FACTA, keep it in a safe place. The receipt serves as key evidence. You do not need to show that identity theft occurred in order to pursue a claim. FACTA allows for statutory damages, which means that receiving a non-compliant receipt alone may be enough to hold the business accountable. A consumer protection attorney at Stein Saks can review the receipt and help determine next steps.

How much can a consumer recover for a FACTA violation?

When a business is found to have acted with willful noncompliance, federal law allows consumers to seek statutory damages ranging from $100 to $1,000 per violation. In many cases, the business may also be required to pay attorney’s fees and, in some situations, additional damages. Each case depends on the facts involved, which is why legal review is important.

How does the FACTA Disposal Rule protect me?

The FACTA Disposal Rule applies to businesses that use consumer reports, such as credit checks or background screenings. It requires those businesses to dispose of personal information in a secure way once it is no longer needed. Physical documents must be shredded, burned, or destroyed so they cannot be read or reconstructed. Electronic records must be “wiped” or erased to prevent access by unauthorized parties. This rule reduces the risk of sensitive data being exposed or misused.