GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Self-service channel emerging

News

Industry Update

Industry afloat amid economic plunge

MasterCard rings in new year with fee hike

FACTA flags identity fraud

Comerica tapped for prepaid benefits

Features

SEPA: Will the promise be realized?

Tracy Kitten
ATMmarketplace.com

Sizing up merchant cash advance

Marc Abbey, Yuriy Kostenko and Myron Schwarcz
First Annapolis Consulting

Industry Leader

Holli Targan –
Lady of the law

Views

Interchange debate a wake-up call

Patti Murphy
The Takoma Group

Have passion, success will follow

Biff Matthews
CardWare International

Education

Street SmartsSM:
It's 'bons temps' with SEAA in New Orleans

Dee Karawadra
Impact PaySystem

Requirement 10: PCI's Everest

Michael Petitti
Trustwave

Landing pages: Convert interest to action

Nancy Drexler
SignaPay Ltd.

Acquiring compliance

David Mertz
Compliance Security Partners LLC

Merchant services hierarchy

Adam Atlas
Attorney at Law

Company Profile

Sonoma Technical Support Services

New Products

POS terminal cool to the touch

ST-A10 TouchPOS
Toshiba TEC America

Ensure health care claims at the POS

ImpactMD
Impact PaySystem

A quick-draw scanner at the POS

MS9590 VoyagerGS
Metrologic Instruments Inc.

Inspiration

Business travel made comfy

When the sandman is AWOL

Miscellaneous

POScript

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

January 28, 2008  •  Issue 08:01:02

previous next

FACTA flags identity fraud

Two amendments to the Fair and Accurate Credit Transactions Act (FACTA) went into effect Jan. 1, 2008. They require bankcard issuers to establish guidelines that red flag and deter potential instances of identity theft.

Section 114 of FACTA deals with procedures for card issuers when they receive a request for a change of address on an existing account and said request is soon followed by another request for an additional or replacement credit or debit card.

Section 315 outlines the policy for financial institutions and consumer reporting agencies when the address on a consumer's new account application is not the same as the one listed on a consumer report. Unlike the Federal Trade Commission, nearly 10 million U.S. citizens are victims of identity theft annually, making for a $50 billion drain on the economy. The FTC claims 15,000 to 20,000 consumers contact it every week with concerns about identity fraud.

In 2006 testimony to the FTC, card issuers criticized the proposed FACTA rules, arguing the new guidelines would be labor-intensive and costly. Visa Inc. testimony also stated that financial institutions had already set up broad and effective systems for discovering instances of identity fraud. Other organizations have contended the FACTA rules would straightjacket the card issuers' efforts to uncover identity theft.

Before FACTA was signed into law in 2003, financial institutions relied on two sets of federal guidelines to combat identity theft: the Customer Identification Program rule (CIP) in the USA Patriot Act of 2001 and the information security guidelines of the 1999 Gramm-Leach-Bliley Act (GLB). But CIP was meant as a counter-terrorism measure, and GLB has not reportedly stemmed the flow of data security breaches.

Weak provisions

According to a letter sent in September 2006 to the FTC by the nonprofit consumer advocacy organization Privacy Rights Clearinghouse, both sets of guidelines gave financial institutions too much leeway in deciding which red flag warnings to heed and which ones to ignore, even if the warnings were obvious indications that identity fraud may have taken place.

The letter stated that failure to make "certain red flags a required part of a company's program will simply lead to token programs that do nothing to deter theft or help victims."

The new FACTA rules, however, are designed to eliminate that tokenism. But will they? Gail Hillebrand, Senior Attorney at the West Coast regional office of Consumer's Union, the nonprofit publisher of Consumer Reports, doesn't think so. "I think it's going to be business as usual," she said.

While Hillebrand believes the new FACTA guidelines are a step in the right direction, she said the red flag warnings "don't go far enough." Hillebrand contends that, despite the new FACTA provisions, the basic problem still exists:

Card issuers get to decide which warnings they address or ignore because the guidelines are only that, guidelines, with no sanctions imposed if businesses do not comply.

But Theodore Svoronos, Vice President, Business Development & Strategic Partnerships for Irvine, Calif.-based Group ISO, said the FACTA guidelines must be there. Svoronos agreed there are no monetary fines levied against businesses that do not become FACTA-compliant.

But, if identity fraud should happen on a scale large enough to capture the FTC's attention, and if it were proven that the fraud occurred due to lax business practices, the FTC could cite the card issuer for failure to comply with the FACTA guidelines, publicly embarrassing the issuer and causing the careless business to lose its reputation and customer base.

"If you're a card issuer, you don't want to be in that spotlight," Svoronos said.

Nessa Feddis, Senior Federal Counsel to the Government Relations Division of the American Banker's Association, said many of the banks "are already complying with the [FACTA guidelines]." In order to maintain trust with consumers, banks have "sufficient incentive to do what they can."

Card issuers are required to be compliant with the new FACTA guidelines by Nov. 1, 2008.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems