The act also contains provisions to help reduce identity theft, such as the ability for individuals to place alerts on their credit histories if identity theft is suspected, or if deploying overseas in the military, thereby making fraudulent applications for credit more difficult. Further, it requires secure disposal of consumer information.
Financial institutions face a mandatory deadline of November 1, 2008, to comply 3 new FACT Act regulations referred to as the Red Flag Rules, section 114 and 315 of the Fair and Accurate Credit Transactions (FACT) Act.
According to a Business Alert issued by the Federal Trade Commission in June 2008, the Red Flag Rules apply to a very broad list of businesses including “financial institutions” and “creditors” with “covered accounts”. A “creditor” is defined to include “lenders such as banks, finance companies, automobile dealers, mortgage brokers, utility companies and telecommunications companies”. However, unfortunately this is not an all-inclusive list.
The regulations apply to all businesses that have “covered accounts”. A “covered account” includes any account for which there is a foreseeable risk of identity theft. For example, credit cards, monthly billed accounts like utility bills or cell phone bills, social security numbers, drivers license numbers, medical insurance accounts, and many others. This significantly expands the definition to include all companies, regardless of size that maintain, or otherwise possess, consumer information for a business purpose. Because of the broad definitions in these regulations, few businesses will be able to escape these requirements.
There are three new regulations:
Another key item was the requirement that mortgage lenders provide consumers with a Credit Disclosure Notice that included their credit scores, range of scores, credit bureaus, scoring models, and factors affecting their scores. This form is typically available from credit reporting agencies, and many will send this directly to the consumer on the lenders' behalf.